Should You Use Intune and Jamf Together?

Written by David Worthington on September 28, 2022

Share This Article


Contents


Updated on December 20, 2024

Device management is an essential part of IT infrastructure and has never been more crucial given the amount of laptops, tablets, and smartphones that are in use today. Mobile device management (MDM) is integral to organizational compliance, productivity, and security. 

Fortunately, consolidated IT toolkits are now available to help busy admins, managed service providers (MSPs), and IT directors get it done. Intune and Jamf are solutions that IT managers commonly use to oversee Windows and Mac devices, respectively. These cloud-based device management solutions can enroll most device types that are used within a typical organization. However, these solutions have different sets of MDM features, because Jamf is a point solution for Apple products.

This article compares product specs before discussing instances where you could use Intune and Jamf together. We’ll also provide a brief overview of JumpCloud’s cross-OS MDM and identity solution that simplifies IT management to give users everything that they need to do their work.

What Is Intune?

Coworkers standing in a server room and looking at a tablet

Intune is a cloud-based endpoint management solution from Microsoft that helps organizations manage and protect devices that are used to access enterprise resources. 

It can help ensure employees access corporate data on their devices in compliance with the organization’s security requirements. It’s also expanded to include add-ons or a suite of tools for IT management and troubleshooting. However, the standard tier doesn’t include any of those.

Intune gives employees access to the resources they need to be productive while providing settings for governance, risk, and compliance (GRC) to keep some app data protected at all times. It’s designed to work best with Microsoft Office apps and other Microsoft cloud services.

With Intune-enrolled devices IT admins can:

  • Maintain an inventory of employee devices with access to organizational resources.
  • Configure devices to meet organizational security and health standards.
  • Push certificates to enrolled devices so employees can easily access Wi-Fi networks or connect to networks using VPNs.
  • Access user and device compliance reports.
  • Wipe organizational data from devices that have been lost, stolen, or are no longer in use.
  • Deploy app configurations, monitoring, and policies to manage app data.
  • Manage application deployments and inventory devices.

Intune subscriptions are licensed per user on a monthly basis. You can purchase Intune as a stand-alone product or as part of Microsoft’s 365 licensing bundles that feature Azure Active Directory Premium 1 (now called Entra ID) or greater licenses.

What Is Jamf?

Jamf MDM is a cloud-based solution for managing iOS and macOS devices. It has advanced Apple-specific features for iPhones, iPads, iMacs, MacBooks, and Apple TV. Jamf helps admins set up, preconfigure, reset, repurpose, and recover Apple mobile devices and computers. Its tools are specifically designed for the Apple ecosystem and have industry-specific workflows. 

Its capabilities include:

  • Account provisioning
  • Antivirus
  • Compliance monitoring
  • Deployment
  • Device management
  • Identity management 

With Jamf’s Pro edition, IT admins can manage the entire lifecycle of Apple devices from procurement to retirement. It automates tasks for deployment, maintenance, support, and wiping and resetting devices. A standard edition is simplified for use by small- to medium-sized enterprises (SMEs). Jamf, like all other solutions, is built using Apple’s MDM framework.

Note:

Admins exclusively managing Apple products may also consider using Apple Business Manager, which is a web-based portal for managing Apple devices, accounts, and apps. It’s designed to complement MDM solutions by providing a common set of tools.

Intune vs. Jamf: A Comparison

The rise in hybrid work culture has seen an increase in the usage of mobile devices for work purposes. There’s a need for organizations to strengthen the security of the devices in order to protect every endpoint. This is where mobile device management comes in. 

Employees often rely on their personal devices to complete tasks in a collaborative, fast, and effective way. MDM solutions provide configuration options for bring-your-own-device (BYOD) programs that respect privacy and protect corporate data. It’s important to enforce strong and efficient BYOD policies.

Here’s a guide on how to create a BYOD policy in your organization.

A good MDM solution is critical to efficiently managing devices and maintaining a healthy security posture to verify whether a device is trustworthy or not. The table below compares two of the most popular MDM solutions in the market: Jamf vs. Intune:

FunctionalityJamfIntune
Device enrollmentA unified endpoint management (UEM) solution for exclusively managing Apple devices. IT admins can use the Jamf Setup and Jamf Reset applications to create a smooth user login experience. Exclusive to Apple devices only.Helps manage Windows, Linux, Android, and Apple systems. Relies on Azure AD (Entra ID) single sign-on (SSO) to offer IT admins a smooth enrollment process. 

Admins can also access several provisioning options after enrollment, along with sign-up options for new users, on the Enrollment Status Page (ESP).
SecurityJamf offers endpoint detection and response (EDR) through automated policies and device settings. It has robust security features and stringent password policies. Jamf can analyze machine behavior using AI to provide real-time insights into security risks.

Jamf is also deeply integrated with iOS devices to allow for secure endpoint configurations.

In April 2024, Jamf released a new compliance editor and dashboard feature. This simplifies the task of meeting strict security standards and performance benchmarks.
Intune relies on multi-layered decision-making to strengthen its security through optional Azure Active Directory Conditional Access policies. For macOS, it uses Firewall and Gatekeeper features to restrict access to suspicious applications.

Microsoft Cloud PKI is an add-on for certificate lifecycle management that enables device trust and passwordless logins to IT resources.

Microsoft Defender for Endpoints, typically priced separately, adds another extra layer of security by detecting and promptly notifying IT admins about malicious activities missed by non-Microsoft antivirus software. It integrates with Intune. Intune can also be used to manage standard Defender Antivirus and Windows Security settings.
Application management and integrationJamf manages applications through a five-phase lifecycle, namely sourcing, hosting, deployment, experience, and reporting.

It can be integrated with multiple other platforms such as Google, JumpCloud, Microsoft, Splunk, and Freshservice.
Intune manages licenses and location tokens to enable users to synchronize apps they’ve purchased from Apple Business Manager. It utilizes MSIX packaging for some applications to ensure they are up to date. However, it also supports manually uploading other macOS app types.
User experienceAccording to PeerSpot customer reviews, Jamf has a 4.8 rating. It allows customized deployment and granular-level restrictions for users.

Its workflow automation and technical support also increases productivity and helps users to save time. The platform has a zero-touch setup for easy scalability. 

Additionally, customers like the geofencing features which allow for policy implementation according to locations.
Intune has a 4.0 rating on PeerSpot. Customers point to its ability to integrate with Windows, Android, and Apple devices. Its general functionality in securing and managing devices are highlighted.

Intune Advanced Analytics (an add-on) uses AI to provide near real-time insights into device performance and usability.
PricingJamf offers three subscription tiers for organizations of different sizes. Jamf Now has no user minimum, while Jamf Business and Enterprise do.

Jamf Now starts at $4 per month through a yearly subscription. The Business plan costs $14.33 per month, paid annually. Jamf supports education and volume discounts. Its Enterprise plan has custom pricing that’s unpublished.
Intune Plan 1 is included with several Microsoft 365 plans. Microsoft also has three a la carte pricing plans beyond that.

Microsoft Intune Plan 1 starts at $8 per user, monthly, when it’s not bundled with Azure. Advanced endpoint management adds $4 per user. The full suite for unified endpoint security and remote help costs $10. Features not included in Plan 1 are priced individually.

Jamf is a dedicated Apple MDM platform, whereas Intune supports Apple devices as part of its cross-OS device management. It’s highly unlikely you will only have to manage one type of operating system, but some organizations are Apple-only shops. Depending on the nature of your system environment, either Intune or Jamf could be viable choices.

Strengths and Weaknesses

Both Jamf and Intune offer valuable MDM features to organizations, but in different ways. Let’s examine how their features stack up.

Who Should Use Jamf?

Jamf might be a good choice if your organization:

  • Primarily uses macOS and iOS devices.
  • Needs to integrate Mac tvOS devices into its MDM platform.
  • Wants to provide end users with an intuitive self-service portal for app management.
  • Values integrated endpoint detection and response (EDR) and Zero Trust Network Access (ZTNA).

However, Jamf may not be the right choice if your organization:

  • Needs multi-OS support across different operating systems.
  • Demands a truly integrated identity, access, and device management solution.
  • Plans on integrating multi-factor authentication (MFA) and single sign-on (SSO) for managed devices.
  • Wants to secure and manage cloud server resources in Azure, AWS, or GCP.
  • Secures non-system access via RADIUS or LDAP.

Who Should Use Intune?

Intune is worth considering if your organization:

  • Primarily uses Windows and Android devices.
  • Already uses Microsoft infrastructure extensively.
  • Wants to leverage built-in endpoint security and privilege access management.
  • Has enough internal talent to manage Intune’s complex user interface.
  • Has significant GRC requirements.

Intune may not be the correct MDM solution if your organization:

  • Doesn’t already use Microsoft infrastructure.
  • Values intuitive user interface design and simplified management.
  • Plans on using full-featured remote access and background tools.
  • Is primarily an Apple IT shop.

Key Takeaways

The main difference between Intune and Jamf is that Jamf is a bespoke platform for Apple products. Intune is designed around Microsoft Windows but also supports other platforms and works well with a suite of compliance and security products from Microsoft.

Here are some things to keep in mind when choosing between Intune and Jamf:

  • Jamf will only support Apple devices. If your endpoint fleet includes non-Apple hardware, you will need to integrate an additional platform.
  • Intune is a cross-OS platform, but it works best for Windows and with other Microsoft products. This can increase the total cost of ownership and lead to vendor lock-in.
  • Jamf supports advanced security features, but not baseline compliance requirements like MFA and SSO, without using an identity provider (IdP).

Intune vs. Jamf: Should You Use Them Together?

Most organizations use a blend of Android, Windows, iOS, and macOS devices, but sometimes a best-of-breed solution offers greater benefits. When used in tandem, Jamf and Intune form a comprehensive solution to manage devices that run an Apple OS and Windows. 

Microsoft and Jamf maintain a partnership and integration, because Jamf doesn’t support Windows, and Intune doesn’t specialize in Apple devices. The joint solution can be used to enforce endpoint compliance through conditional access, based on criteria like device health. The integration only supports Azure AD user groups. Meaning, Microsoft has positioned itself to serve as the IdP.

As such, you’ll need to be proficient in Azure AD to meet Zero Trust security and compliance standards. 

Note:

Learn about data that’s exchanged between Jamf and Intune. You can also learn more about using Azure AD (Entra ID) and Intune together.

However, the integration comes with some indirect costs:

  • Managing two vendors takes more time and resources and complicates support (i.e., Microsoft support doesn’t have a lot of experience with macOS and vice versa).
  • Your IT team will have to build a Jamf app for Intune within Microsoft Azure on its own. However, Jamf Pro Cloud Connector can be used to automate some of the work.
  • Training staff to use both platforms takes time and raises management overhead.

These factors can offset the perceived benefits of using Jamf with Intune. The integrated platform can control nearly all of your organization’s devices, but with added costs and complexity. Point solutions increase tool sprawl, which leads to overspending and incongruent information.

Intune and Jamf MDM Alternatives

So, what options do you have as an alternative to using Intune and Jamf together?

There are many options for MDM solutions that you can leverage to manage your endpoints. Other comparisons include Intune vs. MobileIron, Intune vs. SCCM, and Intune vs. AirWatch. However, JumpCloud may be the closest comparison to the joint Microsoft/Jamf solution.

JumpCloud’s open directory platform combines device and identity and access management (IAM) into a single cross-OS solution. The architecture is essentially pre-integrated. JumpCloud makes it possible to provide phishing-resistant authentication, reporting, and device trust for conditional access from a centralized console. Conditional access policies leverage device management conditions, without the extra effort and resources of creating apps and integrating solutions from multiple vendors.

JumpCloud provides more optionality than Jamf and Intune do together. For example, you can access non-system resources like RADIUS and LDAP servers. Its open directory also permits you to select your own IdP, like Okta, and to use JumpCloud to manage devices. You’re not obligated to purchase big bundles of software like Microsoft 365 to get all of its components. Intune cannot function without Premium editions of Azure AD, and is rarely purchased alone.

JumpCloud’s platform has options that simplify IT management like remote assistance, privilege and app management, and cross-OS patch management. JumpCloud provides IT admins with one console that centralizes user and system management across their entire environment.

JumpCloud

Securely connect to any resource using Google Workspace and JumpCloud.

Get Started on System and Identity Management with JumpCloud

Securely manage your entire IT environment, including users and their systems, applications, servers, networks, and much more. JumpCloud will work for you regardless of end user choice of platform, protocol, provider, or location.

Learn more about JumpCloud MDM, schedule a demo, or get started with a free JumpCloud account.

David Worthington

I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.

Continue Learning with our Newsletter