What is the best MDM for Apple Devices?
Well, it depends on your needs, and you should really start with a good discovery of what
SSSSHHHHHH LOUD WHITE NOISE
Look I’m going to do something that no one really wants to and lay it out straight. After that, we can get all excited and fight about it, but lets get this out of the way first:
If you have a large, complex, enterprise environment: Jamf Pro
If you are medium to large organization with a more simple structure: Mosyle Fuse
If you are a small business and just want to tweak a few things: Apple Business Essentials
There, that’s it. But what about Kandji, Jamf Now? AirWatch? InTune? Insert name of 500+ other MDM developers here?
You know, they all have their benefits. And if you have some compelling reason to use those instead of the ones I’ve outlined, by all means, use those.
But! You say! What about that advice you always give? You know… workflow your needs, chart out your strategy? So you don’t have a total failure on your hands?
Well, yes, you should still do that. Those are great things to do, and what’s more, you should pay me to do it! But the question wasn’t ‘What’s the correct process to avoid wasting a huge amount of time and money in IT?’ The question was ‘What’s the best?’ And there you have it.
So, lets get into the reasons why.
Scenario 1: You have a large, complex organization, or an existing complex IT infrastructure. Jamf Pro is going to do it all. Whatever it is you need to integrate with, whatever structure you have, Jamf is going to have you covered. Your security/data reporting/organizing/full MDM spec support is second to none, along with a passably decent graphical interface. Sure, 50% of those features boil down to ‘here’s a script the community made’ and while that is very annoying, the fact is, it works, and it speaks to the overall strength of the platform.
Of course, that same strength is exactly its weakness, which leads us to:
Scenario 2: You have a few, or even very many, devices you want to manage with the least amount of effort possible. Enter Mosyle, right through the wall, taking care of your problems like the baby of the Kool Aid Man and Arnie.
Mosyle just… does everything you would want it to do. Install and update third party apps that aren’t in VPP? Sure, done! Log in using Google or Microsoft logins? Sure, done! DNS filtering? Sure! Compliance scanning and remediation? Sure! (this last one is… huge. Extraordinarily huge, and, in some ways, a complete category buster).
Is the interface wonky and slow sometimes? Yeah. But can you pretty much figure it out without having to access the rather anemic documentation? Also yeah! And their support is pretty much flat out great. (Jamf Support is great too – once you’ve worked through five or six levels of appointments with people who do not, at all, understand your problem, that is. Still, at the top level, Jamf folks are the best in the industry, and they know it, we know it, and everyone else knows it.)
So, what’s left here?
Ah, yes:
Scenario 3: You don’t know what an MDM is, you don’t know why you’d want it, but you are annoyed that you can’t put the same apps on all the devices. Also, business storage, what’s that? But I do put all my stuff into an iCloud folder! Can my employees do that?
Don’t you worry, gentle, kind soul. Apple Business Essentials – or ABE, as it’s affectionally called by the deranged acronym producing community of nerds – has you covered. It will take care of basic management for your devices with the added bonus of having an interface you can absolutely figure out for yourself.
And there you go, that’s the upshot. One enables you to do do it all, the other does most of it for you, and the last one does a few things very easily.
All right. That’s what I claim. But how do we know that the other myriad – some very good, some very terrible – MDM’s aren’t as good? Well, feature wise, they may be, but this boils down to how you define ‘best.’ In our case, ‘best’ is short hand ‘the solution that most people will end up using due to a few key reasons.’ Mosyle is cheaper, Jamf has better community support and greater customization, and Apple Business Essentials, you know… just works. And that’s why, one way or another, a good 75 to 80% of clients who go through a discovery process end up with one of those products.
As always – ready for disclaimers? Here they come – this is deeply dependent on the very specific needs your IT environment may have. Already deeply invested in InTune and just want to manage some iPads? Well, stick with InTune. Want to set up a fully passwordless environment? Go with WorkspaceOne. Want to manage everything poorly and hate your life? Try on MaaS 360 or AirWatch!
Are you sharpening your keyboard right now with your love for Kandji? Jumpcloud? In general your hatred for one of the above?
Awesome. Look, the thing with questions like this is that if you already know some specific reason you love a product, you’ve gone through a discovery, (hopefully) know how your organization works, know what it needs down to specific details, and have picked something that will work for it best. But if you’ve done that, you aren’t googling questions like this. And if you are, I’m going to just be straight up and say you are likely going to end up with one of those three, and that’s okay.
But you should still do a discovery.