By George Lattimore Posted January 11, 2019
Is there Intune for Macs®? Unfortunately, there isn’t a short answer to this question. What we can say is that while Microsoft® Intune does support some functions for Mac, it really wasn’t designed as a cross-platform system management solution. In general, the focus of Intune is directed towards mobile device management and mobile app management.
What Does Intune Really Provide?
Think of Intune as more of an alternative to VMWare’s Airwatch® rather than Microsoft’s System Center Configuration Manager (SCCM). Need a visual? Check out this diagram to see how the add-on fits into the bigger picture of Microsoft solutions.
The result is that while Intune can perform some functions on Macs, the concept of a platform that can dispense GPO-like Polices and commands for Macs isn’t completely delivered from Intune. Instead, Intune’s benefit is that it creates a framework for when devices can access Azure®-related data and applications. Intune, or a third-party solution, will send information back to Azure to decide its level of compliance. Note that implementing any device compliance capabilities requires the use of Azure AD as well as Active Directory® and SCCM if those are being used on-prem.
More Add-Ons Challenge macOS Management
The challenge for IT admins is that you need to find yet another solution beyond Intune and Azure AD to actually create the settings and manage the macOS device. For example, setting password complexity requirements, enabling FileVault, updating the OS, setting screensaver locks and more often need to be either handled manually by the IT admin, or by another solution all together. The result is that IT admins are now searching for additional IT management solutions beyond Intune and Azure AD (not to mention Active Directory and SCCM on-prem).
Philosophically, Microsoft’s approach to identity and system management is quite different from what we believe IT admins are truly searching for. Microsoft’s view is to create segmented solutions that are mostly focused on Windows and Azure, and then require additional solutions for non-Windows platforms. You can hardly blame them for doing so, but is this really the best approach for organizations that leverage mixed-platform environments?
For example, for Microsoft’s identity management solutions, IT admins need Active Directory and the domain controller on-prem, and then AD Connect, Azure AD, Azure AD DS, and more, all in Azure. For system management, SCCM is utilized on-prem and then Intune is added on for mobile device management from the cloud.
Delivering Wide Access Control from the Identity Provider
Sometimes, people are led to think that access control to corporate data is a device management feature. We don’t think of it that way because it isn’t something that the mobile operating system provides. Rather, it’s something the identity provider delivers. In this case, the identity provider associated with Intune is Azure Active Directory (Azure AD), Microsoft’s cloud identity and access management (IAM) system, but it is Intune that is providing the conditional access to Azure resources.
The JumpCloud® Directory-as-a-Service® platform takes the complete opposite view and is tightly integrating not only identity and access management, but system management as well. Further, macOS and Linux® are treated as first class systems similar to Windows, rather than being forced to find additional third-party solutions in Microsoft’s ecosystem.
Moving Beyond Intune for Macs
If you’re interested in understanding more about how Directory-as-a-Service compares to Intune for Macs, and would like to see how JumpCloud extends beyond just device management, give us a call or send us an email. One of our product experts will be happy to answer your questions or set up a demo. Furthermore, signing up to try Directory-as-a-Service is easy and free of charge for your first 10 users.