Remote work would not be possible without mobile device management (MDM). But as companies have quickly realized, not all MDM tools are created equal.
Some don’t support specific operating systems. Others have limited security features or lack certain important integrations, forcing IT admins and managed service providers (MSPs) to manage a patchwork IT tech stack. Support and pricing vary significantly among the big players as well, pushing some companies to pour time and effort into customizing a free, open source MDM solution.
So, how do you pick the right MDM for your company’s specific needs?
To help you make a fully informed decision, we’ve compiled this comprehensive guide highlighting the pros and cons of three leading MDM solutions: Kandji, Jamf Pro, and JumpCloud.
Overview of Kandji
Kandji is newer to the MDM scene, setting itself apart as a “next-generation Apple device management platform.” Kandji’s SaaS platform appeals to small- to medium-sized businesses (SMBs), mid-market, and enterprise companies alike, with an easy-to-use UI and built-in automation features that help IT admins and MSPs improve user satisfaction and avoid security and compliance incidents.
More specifically, Kandji:
- Has a library of more than 200 prebuilt automations to reduce time-consuming tasks
- Maintains an agile, cloud-native architecture
- Offers easy migrations from old MDM tools
- Is relatively easy to set up and maintain
However, Kandji has its downsides. It doesn’t support Windows or Linux devices, acting as a point solution rather than a comprehensive device management platform. And only customers with 500 or more devices gain access to single sign-on (SSO) and Kandji’s API. In addition, customers note:
- Mixed reviews when it comes to support
- Slowness with app installs and updates
- Challenges using and keeping track of “Blueprints,” which contain apps and settings for each system group
- Difficulty in obtaining a quote — prospects must talk to sales
Overview of Jamf Pro
Traditionally, Jamf has served Apple-centric enterprises, boasting a deep set of Apple-specific features. Jamf became particularly popular with enterprises back in the heyday of Active Directory (AD) when admins needed a way to manage increasingly popular Mac devices outside of their Windows-focused environments. In today’s world, Jamf can be deployed on-prem or via the cloud and can be used to support FedRAMP and AWS GovCloud.
- Has integrations with other enterprise-focused vendors, such as Okta and Microsoft
- Can work with most existing corporate directory approaches such as Active Directory, Lightweight Directory Access Protocol (LDAP), and role-based access control (RBAC)
- Emphasizes user self-service
- Offers zero-day support for Apple OS releases
That said, Jamf Pro exclusively supports Apple products. And beyond that, customers have complained about:
- Pricing — without a large budget, you’ll need to look elsewhere
- Several-weeks-long deployments
- A tough learning curve
- Lack of support
Comparison: Kandji vs. Jamf Pro
Now that we’ve covered Kandji and Jamf Pro basics, let’s examine their differences in detail.
As a newcomer, Kandji has Jamf Pro beat in terms of architecture, intuitive UI, and fast deployment. But Jamf Pro has been around longer, allowing the company to build stronger partner relationships and beef up its security features, making it a popular choice for schools, healthcare, and government organizations.
While Kandji is more favorable to SMBs and mid-market companies in terms of pricing, both Kandji and Jamf Pro have expensive plans.
|Pricing||Must go through their pricing calculator and submit your email for accurate pricing||Starts at $4/mo/device|
|Ease of Use||Main differentiator — quick to set up and learn||Steep learning curve, meant for experienced IT adminsRequires advanced scripting|
|Security Features||Lagging in comparison to Jamf Pro||High focus on compliance with features that map to industry frameworks like NIST and ISO-27001|
|Other Features||Focus on automationCustomizable setup experience called “Liftoff”Automatic remediation and patch management||Trusted by a strong list of Fortune 500 companiesEmphasis on self-service|
Introduction to JumpCloud
JumpCloud excels in all the places Kandji and Jamf Pro features are lacking. JumpCloud is a comprehensive device and user management platform with multi-OS support, from macOS to Android to Linux.
JumpCloud MDM has all the strong security and compliance features of Jamf Pro, with the ease of use of Kandji, and provides identity, access, and device management (IAM) functionality that neither of those solutions has. More on that next.
Comparison: Kandji vs. Jamf Pro vs. JumpCloud
We’ve included a handy chart to delve deeper into the ways JumpCloud’s functionality tops Kandji and Jamf Pro:
|Supported OS||macOS, Windows, Linux, iOS, iPadOS, tvOS, and Android||macOS, iOS, iPadOS, tvOS||macOS, iOS, iPadOS, tvOS|
|Pricing||$2/user/mo for MDM only|
$15/user/mo for complete IAM and MDM
|Must go through their pricing calculator and submit your email for accurate pricing||Starts at $4/mo/device|
|Ease of Use||Centralized management to simplify device onboarding and configurationWorkflows for corporate-owned devices and BYODLittle to no coding required||Main differentiator — quick to set up and learn||Steep learning curve, meant for experienced IT adminsRequires advanced scripting|
|Security Features||Designated “work profiles” for BYODDesigned to accommodate sophisticated compliance use cases like ISO-27001Reporting across all users and devicesSecure & manage Azure, AWS, and GCP cloud server resourcesSSH key managementPowerShell Administration module for advanced security use cases||Basic Apple security features||High focus on compliance with features that map to industry frameworks like NIST|
|Integration Options||Large integration directory with applications, cloud directory, DevOps, HR, infrastructure, and security partners||Microsoft, Google, Cloudflare, Okta, Slack, Secureframe||AWS, Okta, Google, Microsoft, ServiceNow|
|IAM Capabilities||Directory insightsMFANetwork trustPassword managementSSO and SAML/SCIM-based user provisioningRADIUS authentication (Wi-Fi, VPN)||N/A||N/A|
Addressing Common Concerns and Issues
Kandji and Jamf Pro have their strengths, but neither solution offers strong user management features. Kandji and Jamf Pro customers must use additional vendors to cover all of their security and compliance bases, causing significant IT sprawl and contributing to a higher total cost of ownership.
But perhaps most crucially, both Kandji and Jamf Pro are Apple-only MDMs, severely limiting the number and types of companies they can provide comprehensive device management to. At the end of the day they are expensive point solutions, and not built with a modern, heterogeneous IT environment in mind.
JumpCloud’s IT and MSP customers opt for our approach because we combine macOS, Windows, and Linux management, consolidating all devices into a single, centralized view for easy issue resolution and reporting. A key player in the identity and access management space, JumpCloud also serves as a foundational directory service to manage user permission, authentication, and company-wide security and compliance policies through its cloud-based console.
Through zero-touch enrollment, IT and MSPs can guarantee Wi-Fi authorization through RADIUS, support directory integrations through LDAP, and enable SSO through SAML 2.0, keeping the data on corporate-owned and personal devices safe and secure. And with JumpCloud’s open directory platform approach, admins still have the flexibility they need to choose the IT tools they prefer in their environments without vendor or ecosystem lock-in.
Note: Overall, JumpCloud facilitates vendor consolidation and decreases IT costs — without sacrificing security or usability.
Meet All Your MDM Needs With JumpCloud
For IT professionals and MSPs that deal with a full suite of Mac, Windows, and Linux devices, Kandji and Jamf Pro aren’t sustainable. While they have distinct advantages, they aren’t an all-in-one user, access, and device management solution like JumpCloud.
JumpCloud centralizes management and security for macOS, Windows, iOS, iPadOS, tvOS, and Android mobile devices — regardless of who owns and uses them. Complete with zero-touch enrollment, customizable workflows and policies, and robust reporting, JumpCloud makes employee and device onboarding and offboarding a breeze, freeing up IT and MSPs to work through the toughest support cases and enabling them to offer more strategic guidance to the CTO and CIO.