Looking for the closest thing to Jamf MDM for Windows `

YodaNT · May 1, 2022

I deployed Jamf a few months ago to streamline the onboarding and management of Apple computers and it's cut our setup time in more than half. Now I'm trying to find an MDM solution to speed up the deployment of Windows laptops.

I'm hoping to find some recommendations for a Cloud based MDM that will work with Windows 10/11 based laptops. Mobile devices aren't necessary but could be useful down the road.

Right now we setup the initial user account on a Windows machine and then run some commands against it via our SSO agent to setup certain things in the registry and install a few standard apps.

I'm hoping there's an MDM solution for Windows out there that just allows us to install a local agent on the Windows machine and then it takes over and runs these commands and installs our standard apps without too much interaction and potentially continues after a reboot. Ideally we could have someone in a remote location setup their user account and then install this agent and then IT monitors the installation/setup process.

Additional features:

Remotely location a machine, reboot and erase machines
Self Service portal for installation of applications
The ability to push configuration files to specific folders ie: Similar to Jamf does with Configuration Profiles
The ability to work with remote employees around the globe for a team of 200-300

We can eliminate Manage Engine as a possibility for this. And we don't want to go the imaging route.

So I'm ideally looking for something that works similar to Jamf but for Windows once that agent is installed on a new machine.

Anyone have any suggestions or real work experience with something that might work for this situation?

Entegy · May 1, 2022

Microsoft Intune for MDM, with Windows AutoPilot for deployment.
</thread>

sryan2k1 · May 3, 2022

Autopilot + Intune

YodaNT · May 20, 2022

Can Intone = Autopilot work without a Microsoft username/account? We manage login credentials that match our IDP (SSO) system.

sryan2k1 · May 20, 2022

Autopilot requires machines to be enrolled by your OEM at ship time. It can be done after the fact with a lot of work. What you do with it past that is up to you.

YodaNT · Nov 26, 2022

Has anyone run into issues with Intone just not installing apps when a device is enrolled without autopilot by just joining the Azure domain? Note we're testing with a cloud only Azure account which is different than the logged in user. If we use this account during the Windows setup screen all apps install without any issues.

continuum · Nov 27, 2022

Intune apps being installed can have installation issues if the enrolled device trying to do the install is on a slow connection and the connection craps out before the install finishes. I unfortunately am not closely tied enough to the process to know all the terminology off the top of my head.

YodaNT · Nov 27, 2022

continuum said:
Intune apps being installed can have installation issues if the enrolled device trying to do the install is on a slow connection and the connection craps out before the install finishes. I unfortunately am not closely tied enough to the process to know all the terminology off the top of my head.

Thanks. It's the same connection and the same machine we're seeing this behavior on. Actually two test machines in two different locations that work if you do enrollment right at the initial Windows setup instead of adding/joining the machine after login. The connection isn't an issue at either location.

Maybe it's me but it definitely seems like Microsoft hasn't ironed out a lot of bugs in Intone. We also see issues where the install of an app has completed but Intune hasn't updated in the admin portal to show the app was installed. Or maybe we're just having some bad luck with Intune?

continuum · Nov 27, 2022

We've had a lot of success with Intune the past 2+ years? But again I'm not super involved in the process so I'm the wrong person to talk to about failure modes. :/

sryan2k1 · Nov 28, 2022

How rapidly are you checking? I don't know enough about intune but with SCCM depending on your intervals it may take a day before software shows installed for reporting purposes.

MorsePacific · Dec 18, 2022

We use Jamf and Intune to manage our macOS and Windows fleet respectively.

Intune is a long way from being as comprehensive as Jamf, but if you want to do cloud-managed PCs joined to Azure AD it seems to be the only way to go right now.
When I joined my current org they were building all machines by hand and had no MDM on either platform, which was a priority to fix. They already had Azure with Office 365 so upgrading to a SKU that supported Intune and going with that was the path of least resistance. We also had issues with all the machines being bound to AD and a large number of users working remotely and never connecting to VPN, so machines losing their trust relationship was common and a major driver of Helpdesk tickets.

What I will say is that our basic Intune setup 'just works' for what we needed, but definitely has shortcomings compared to the macOS side of the house.

I don't think Intune is a proper package manager; it's reporting leaves a lot to be desired, and scoping groups based on installed software doesn't seem possible.
Even simple things like scoping a policy to all Autopilot-enabled machines - which to my mind should be a checkbox exercise - requires Googling for non-obvious identifiers to create dynamic groups from.

We looked at moving to VMware's Workspace One which promised a lot, but after a full 12 month contract they couldn't find a way for us to silently deploy the agent to enroll the device under the user's own name, so we junked it. Not to mention the actual implementation of the thing took about 5 months after they had to contort the product in multiple interesting ways to work with all of our cloud vendors.

I'm considering an Intune + Chocolatey/Scappman/something else for 2023. The Autopilot piece of Intune is great and works about as reliably as ADE does on the Mac, but we need a better way to manage packages and Intune isn't it.

YodaNT · Dec 18, 2022

@MorsePacific Thanks for the info. I don't think we can currently go with Intune as our SSO platform also needs to bind to the device for local user crews. Any experience on Hexnode? It seems to come up a lot of the time in "best of" MDM lists.

Or anything outside of VMWare One or Intune that I might be forgetting?

Incarnate · Dec 18, 2022

YodaNT said:
@MorsePacific Thanks for the info. I don't think we can currently go with Intune as our SSO platform also needs to bind to the device for local user crews. Any experience on Hexnode? It seems to come up a lot of the time in "best of" MDM lists.

Or anything outside of VMWare One or Intune that I might be forgetting?

What are you doing for SSO?

Intune is probably your best option, but I don't think we have enough information on your SSO or "local user crews".

YodaNT · Dec 18, 2022

Jumpcloud. Which also provides some device management. Per their Support it doesn't play well with Intune

Trying to see if anyone else has any other favorite MDMs besides Intune at this point.

MorsePacific · Dec 19, 2022

YodaNT said:
@MorsePacific Thanks for the info. I don't think we can currently go with Intune as our SSO platform also needs to bind to the device for local user crews. Any experience on Hexnode? It seems to come up a lot of the time in "best of" MDM lists.

Or anything outside of VMWare One or Intune that I might be forgetting?

We're using Okta as our IdP; it's integrated with Azure via Office 365, so the login prompt on an Autopilot-built machine will redirect to Okta - it works great.

I haven't heard of Hexnode ... goes Googling

YodaNT · Feb 16, 2024

Bump from a hundred years ago. Anyone find anything outside of Intune since I originally made this thread?

sryan2k1 · Feb 17, 2024

There's tons. You likely want the term RMM.

NinjaOne is popular

RMM Software | Rated #1 Remote Monitoring & Management for MSPs & IT

NinjaOne has been rated the #1 RMM software 17 times in a row due to its ease of use, IT management capabilities, automation features, and best-in-class support

www.ninjaone.com

YodaNT · Feb 17, 2024

Bonus if it plays well with Okta.

MorsePacific · Feb 20, 2024

We're still using Intune, and finally have gotten around to looking at Chocolatey, but still not implemented it.

I need more staff

Entegy · Feb 20, 2024

Intune is an MDM, Chocolatey is a package manager. While Intune can deploy apps, I wouldn't try to replace an MDM with a simple package manager.

MorsePacific · Mar 13, 2024

Entegy said:
Intune is an MDM, Chocolatey is a package manager. While Intune can deploy apps, I wouldn't try to replace an MDM with a simple package manager.

We're not. Intune is pretty awful at package management, so we'll deploy devices with Intune, but use Chocolatey for the apps.

Looking for the closest thing to Jamf MDM for Windows `

Ars Praefectus

Ars Legatus Legionis

Ars Legatus Legionis

Ars Praefectus

Ars Legatus Legionis

Ars Praefectus

Ars Legatus Legionis

Ars Praefectus

Ars Legatus Legionis

Ars Legatus Legionis

Ars Tribunus Angusticlavius

Ars Praefectus

Ars Tribunus Angusticlavius

Ars Praefectus

Ars Tribunus Angusticlavius

Ars Praefectus

Ars Legatus Legionis

Ars Praefectus

Ars Tribunus Angusticlavius

Ars Legatus Legionis

Ars Tribunus Angusticlavius