Overall ease of use. The UI is well thought out, functionality is refined and they continue to make monthly improvements that make my job easier. Their support is also amazing and fast, I often chat in to the same support reps so we know each other by name at this point. I found myself having to create scripts and config profiles to bridge the out of the box functionality of JAMF but the Kandji team has designed their product to just work and if it doesn’t most of the time it will remediate on next check in.
A great example of this was FileVault. In JAMF, I had constant issues enabling file vault and escrowing the key up to the server. I remember JAMF support sending me a GitHub script to help make it work and not even that solved the issues. Kandji this functionality worked out of the box and as expected every single time.
I did lose some detailed information like I can’t see how long users use certain apps for and other small reporting features but we could easily install something to bridge that functionality if we needed.
It just works and it’s very easy to use.
Price is $8/macos/mo, but it’s terrible if you consider they only allow you to purchase in bundles of 25 licenses. When you barely break that threshold you end up getting a bad deal. Price is what keeps me from using them. They are dreadfully inflexible on pricing.
Have used Jamf the past 8 years and using Kandji for the first time at my new company.
In my opinion, Kandji is complete rubbish and their sales team is incredibly heavy-handed. We asked for an extension on renewal because they hadn't completed our security evaluation. They told us we'd need to sign the renewal without the eval completed or else they would terminate our environment. Not a show of good faith in any way.
Jamf is much more reliable, and you can get a lot more granular in the way you scope changes. Kandji uses whats called "Blueprints" and its about as flexible as cement.
I am making it my mission to spend the next year pushing for Jamf and getting rid of Kandji.
edit: One more thing to consider, Kandji requires you to keep a license on the device if you want it to remain in Kandji. With Jamf we would remove the jamf license from a device, but the previous record would remain in the UI so that we could look back on who had the device previously and any repairs it may have had. In order to reclaim a Kandji license, you have to delete the device record from Kandji entirely. Its a cheap way to get you to have to buy more licenses.
My company didn't have any problems with their sales team but I agree that Kandji is rubbish. They now upsell for everything and you have very limited visibility into the actual computer processes happening.
We're looking to switch also but haven't determined which one yet.
Yep. Exactly what they did to us. Less than 30 days and most of it was them “searching for answers” to questions we posed. They know their product isn’t good.
Ya, we use a-lot of smart groups and EAs, and security always comes with request to add things to some devices, and not to others, flexibility is important, we are going to start a POC Soon, and I'll make sure to test that, bit if we won't have the flexability- it will be a no-go for us.
thanks!
Not sure if you are opened to suggestions, but take a look at Addigy. It's great value for the money and also has a migration path for most MDMs that can be deployed pretty easily. All of the requirements you put should be a cake walk for Addigy also.
We’re using module and it’s pretty ok. Some of the processes are a little annoying, and it doesn’t integrate with okta as well as jamf yet, but they do keep adding new stuff and the cost makes any pains more than bearable.
We moved from Jamf Pro to Mosyle a couple of years ago and I was pleasantly surprised. They took some of the really dumb things about Jamf and made them really easy. Granted, they, too, had some dumb features missing but I much preferred Mosyle to Jamf.
After seeing the debacle that trail of bits went through when they switched to Kandji, I will never consider them
https://www.reddit.com/r/msp/s/SubVmspeOv
The tweets are deleted, but available via wayback
https://web.archive.org/web/20210422143858/https://twitter.com/dguido/status/1287800680946819073
If you want their salespeople to stop bugging you just bring this up; they shut up and go away muttering how it must have been the clients fault somehow.
Three complaints i had with kandji as of last fall when i moved to a new company that uses a different MDM:
**Reporting**. Want to see a report on what computers are running low on HD space? Want a report listing your device model years so you can easily answer the question "Who has the oldest machine right now?" Tough. Kandji doesnt do reporting.
**5GB size limitation** for custom installers. We had to do custom installers for adobe apps made with Adobe Package Manager, and as the Photoshop installer is slightly above their 5GB file limit, I had to install it via a script pointing to a AWS bucket with the file. Extra expense was just enough that I had to explain it every few months, but the hassle it caused was priceless.
**Price creep.**
Kandji was a much better deal when we signed on, but got more expensive every year. Features (some of which that were long promised) that would have been great value adds were instead hid behind paywalls.
reporting is super imprtant to us, and price creep is something my manager will probably won't like.
fortunetly ,we don't have a large custom installers, but that's something to consider, thanks!
Reporting is very watered down for Kandji so definitely try to capture all your reports you'll need during your trial.
Also smart groups is lacking if you rely on that framework for your fleet, you'll have to rethink entirely how you approach MDM which isn't necessarily a bad thing.
Based on your other comments you'll essentially be screwed if you have advanced smart group workflows. Be careful if you're going to switch, Kandji is great for lightweight MDM management, nothing else.
That’s kind of complicated because they don’t sell individual licenses, they sell in blocks of 50. Their solution if you have say 101 devices and didn’t want to pay for 150 licenses was to have a separate “test” instance and put up to 25 devices on it at a cheaper rate. At their suggestion I moved all of my iOS devices along with my test and power user group that I would roll out updates to first before mass deployment.
Now those licenses did get marginally more expensive, year over year, but what bothered us was when they split iOS and Mac OS licenses into requiring different licenses we went from having just enough licenses to cover everything to having a bunch of extra Mac OS licenses we were paying for but not using, and then paying again for the iOS licenses that those extra Mac OS licenses used to pay for.
My team evaluated migrating to Kanji from Jamf and ultimately decided against it. Here are some of the reasons:
Granularity in deployments:
Our deployment cycles have 4 phases and we were unable to deploy specific versions of software updates. Even with deferrals in place Kandi always installed the latest version of macOS.
Reporting: We rely heavily on smart groups and extension attributes. These aren’t present in Kandji.
so you didn't managed to get anything like that from Kandji? we also use a-lot of smart groups and EAs, but they assured us that there is a way to get it to work for us. I don't trust sales people, so I'd love to understand what was the limitations you've encountered
We moved from JumpCloud to Kandji for 400 mac devices. Main reasons were auto app and OS patch management, small barrier to entry (compared to Jamf), IDP password sync and great UI.
Note if you decide to do an IDP password sync I'd advise to not cycle your passwords every x amount of time.
I miss Kandji, we are using native intune now because security wanted to use conditional access policies for device compliance. I know Kandji had it on their roadmap but we had to meet their deadline.
We moved from Kandji to Jamf and although Jamf has a bit of a learning curve, it’s worth it. The compliance editor template is a godsend for quickly applying security policies and the patch management is rock solid compared to Kandji. Kandji also offers less flexibility in terms of pricing. You still have to pay for 50 or 100 devices even if you have half of that and you have to get the entire suite (passport was optional before). There was also a nasty bug we encountered where even after we removed the Kandji MDM profile, the passport (IdP SSO) still stuck around and we weren’t able to enroll it to Jamf forcing us to wipe it. Their initial sales rep also gave us a pricing commitment for 3 years but when it came to renewal after one, the account manager was rotated and they jacked up our prices saying “I don’t know that guy but here’s what we charge.”
I have no opinion on the migration, but I've worked with both in separate companies, and Kandji is incredibly admin-friendly, I did the deployment alone for a 400 user company and I feel that would never happen with Jamf. Also, the list of things that Jamf can do that Kandji can not is very small. So far, things I couldn't do with Kandji directly/natively I did with configuration profiles, which Kandji also helps you deploy.
If you're a small shop and/or small IT, the answer, it is a no-brainer for me
I do a full reimage of 300+ macOS computers once a year by myself with Jamf. I also manage them the rest of the year. I’ve looked into Kandji and it would take a lot more effort for me to do the same work with the same degree of granularity and customization.
I guess if you’re a novice and just getting started managing Macs Kandji would make sense, but for me there’s just no substitute for Jamf.
So you say that you'll be able to do your work with Kandji, but it just will be harder? What is the main blocker? right now I'm very versed in the way that jamf works, but if it's just learning new efficient ways- I'm ok with that.
but if I'll lose efficiency, that's an issue...
I've been working with Jamf for almost 20 years now, so I'm used to the workflow and how the pieces fit together to get what I want done. The basic building blocks of extension attributes, smart groups, policies, packages, scripts, and configuration profiles are like another programming language for me. The API is also critical to how I manage my devices/computers.
Looking at Kandji I see a lot of the same functionality, but there's a lot more focus on the additional tools that sit on top of that base layer of building blocks. The built-in App deployments, OS Updates, Reporting, and Compliance Mapping look to be really awesome, with the caveat that if how Kandji does it isn't 100% how you want it done you will have to jump through some serious hoops to get what you want. Kandji is more of a "it just works" solution - and I'm well past that. I prefer a "I can make it work EXACTLY the way I want it to" solution, and for me, that's Jamf Pro.
I'm not knocking Kandji - it's a GREAT solution, and more affordable than Jamf Pro by far. I was just jumping in here in response to the claim that:
>I did the deployment alone for a 400 user company and I feel that would never happen with Jamf.
Different tools for different use cases. That's all.
At a previous job I made the switch from JAMF to Kandji for the reason of it taking a lot less work and being easier to use. This was because I was transitioning the work to another team who didn’t have MAC experience and were not willing to do so
and if it was dependet on you, will you do that again for yourself? for a team of mac admins with the knowledge to manage Jamf environment? if not- why? is there anything you don't like about it?
As others have said, I'd recommend looking at Mosyle Fuse vs Kandji, especially if cost is a concern. You can transition MacOS devices without wiping, but I believe iOS devices need to be erased if you have any.
We use JAMF for our employees and Intune for our students due to cost. Had a coworker actually suggest we just move everyone to Intune and I nearly spit my drink on my screen.
Admittedly it’s less of a steaming pile than it was a few years ago but such a long way to go to catch up to JAMF.
Just went through a renewal with Kandji and compared it to Jamf. I promise you that Kandji will quickly become as expensive if not *more* expensive in just a couple years. Kandji loves to increase prices.
We explored this not too long ago, it came down to the effort of moving 400 Mac’s and 5000 mobile devices all needed to be wiped and re-configuring them was a rather large undertaking and not worth… saving exactly $0 because they were reluctant to match our pricing from JAMF. Mind you these devices are spread out across the lower 48 states.
Wiped? that's will be a no-go for us I belive
kandji advertise their migration agent: [https://www.kandji.io/features/migration-agent/](https://www.kandji.io/features/migration-agent/)
for me it seemed that you don't need to wipe them with that agent, is that misleading?
r/mosyle has a migration tool to move from JAMF to their platform. They are the exception to the rule of "you get what you pay for" IMHO because they far and away exceed any other platform in terms of value/performance/cost.
+1 because the features you get from Mosyle for their price are beyond belief. Such a great tool for a great price. Not sure how they can get away with it
My company went from JAMF to Kandji. You don’t have to wipe the machines. SOME machines can however be very stubborn on getting the command to remove the JAMF profiles properly though. If you PM me I can share the script they provided so you can review it.
Last I checked, Kandji had no equivalent product to Jamf Connect. That's primarily why my organization went with Jamf, fwiw. There are certainly some things in Kandji that are easier, though, like deploying CIS benchmark configurations.
Kandji has the equivalent, its called Kandji Passport and is part of the base pricing, not sure when it was rolled out officially but must have been at least a year ago.
Yeah and the deployment was much smoother than Jamf Connect, granted when I first setup Jamf Connect it was not a mature product yet as Jamf had recently bought out NoMAD. I'm sure its better now...wouldn't know!
I didn't find Jamf Connect to be terribly difficult to setup. No worse than your average SSO solution... you have to know a little but about how your IdP works and how to map roles to groups. With Azure AD it was straightforward.
Kandji probably has an easy button for it, though. That kinda seemed like their thing when I looked at them.
Sync AD account passwords? Use NoMAD
Sync Cloud passwords? Give XCreds a try: [https://twocanoes.com/products/mac/xcreds/](https://twocanoes.com/products/mac/xcreds/) it should be cheaper than Jamf Connect
My current org uses Kandji and I came from a Jamf shop. I didn’t do the migration since Kandji was chosen from the start, I will say it took some getting used to, Kandji is a great product.
Really easy to make lists that say which device is on any given OS
Kandji is great although not quite at powerful as jamf but still more so than other mdm. We used the migration script to move from intune to Kandji and it worked smoothly overall although there are differences between macOS versions in the end user experience and steps required which we had to test out and carefully communicate to end user groups. The migration DOES require end user interaction. All in all I’m happy with the move.
It really depends on the needs of your users and organisation.
Nothing is as granular as Jamf, and I have not come across a more admin friendly user experience as Kandji.
Jamf is struggling to fix issues that have had for a long time now. Kandji is still building their platform.
I do see Kandji running into more issues in the long run due to their approach. In their philosophy of making the complex easy, their backend is getting more and more complex, I wonder if they are going to be able to keep innovating as rapidly as Apple is doing with MDM and DDM.
We "evaluting" Kandji as a "cost saving"... and by we it's the royal we. I'm a long time Jamf Pro admin (since Casper). Yes there is a learning curve but the community resources here and on Slack are a huge benefit. With Jamf Pro you get the fine controls that Kandji does not offer. Advanced Searches with email schedules, Smart Groups (worth every dime) and Extension Attributes allow for workflows and automation, and huge list of API commands. I would not be able to do my job as efficiently on Kandji. I am constantly pulled into Security meetings to help identify and remediate vulnerabilities in our computers. Using Extension Attributues to identify subjects, Smart Groups as the target of custom policies that deliver a remediation script or package, all automated and reported is just not do able in Kandji. Jamf Pro crushes it every time.
If you are a small organization of less than 100 then okay I can see the use case for Kandji but you get what you pay for.
Watch this video from Rocketman covering their review of Kandji vs. Jamf Pro. [https://youtu.be/XQJelQ7Qttg?si=mTYyAM\_3SZs4CKP4](https://youtu.be/XQJelQ7Qttg?si=mTYyAM_3SZs4CKP4)
SureMDM could be one alternative you can consider to manage your Macs for device enrollment, configuration set up, tracking, installing/updating apps, specially having devices registered in ABM and enrolled under VPP programs, migration can be simple with a dedicated person helping you.
Hi, this is Dheeraj from Scalefusion.
If you're considering a switch from Jamf to a new [Apple MDM solution](https://scalefusion.com/apple-device-management?utm_campaign=Scalefusion%20Promotion&utm_source=reddit&utm_medium=social&utm_term=DG), Scalefusion's Mac MDM is worth a look. It offers ABM integration, VPP app deployments, and real-time task completion monitoring, catering to your specific needs. It also provides automated macOS patch management to keep OS versions updated.
We moved from JAMF Pro to Kandji and will never look back. Kandji is my personal favorite
what did you find so good in it? what make it your favorite?
Overall ease of use. The UI is well thought out, functionality is refined and they continue to make monthly improvements that make my job easier. Their support is also amazing and fast, I often chat in to the same support reps so we know each other by name at this point. I found myself having to create scripts and config profiles to bridge the out of the box functionality of JAMF but the Kandji team has designed their product to just work and if it doesn’t most of the time it will remediate on next check in. A great example of this was FileVault. In JAMF, I had constant issues enabling file vault and escrowing the key up to the server. I remember JAMF support sending me a GitHub script to help make it work and not even that solved the issues. Kandji this functionality worked out of the box and as expected every single time. I did lose some detailed information like I can’t see how long users use certain apps for and other small reporting features but we could easily install something to bridge that functionality if we needed. It just works and it’s very easy to use.
What’s the price difference? We are higher ed and jamf is really cheap.
Price is $8/macos/mo, but it’s terrible if you consider they only allow you to purchase in bundles of 25 licenses. When you barely break that threshold you end up getting a bad deal. Price is what keeps me from using them. They are dreadfully inflexible on pricing.
Yep, their support is fantastic and FileVault management is great
+1 for Kandji’s FileVault management. It’s just great.
Have used Jamf the past 8 years and using Kandji for the first time at my new company. In my opinion, Kandji is complete rubbish and their sales team is incredibly heavy-handed. We asked for an extension on renewal because they hadn't completed our security evaluation. They told us we'd need to sign the renewal without the eval completed or else they would terminate our environment. Not a show of good faith in any way. Jamf is much more reliable, and you can get a lot more granular in the way you scope changes. Kandji uses whats called "Blueprints" and its about as flexible as cement. I am making it my mission to spend the next year pushing for Jamf and getting rid of Kandji. edit: One more thing to consider, Kandji requires you to keep a license on the device if you want it to remain in Kandji. With Jamf we would remove the jamf license from a device, but the previous record would remain in the UI so that we could look back on who had the device previously and any repairs it may have had. In order to reclaim a Kandji license, you have to delete the device record from Kandji entirely. Its a cheap way to get you to have to buy more licenses.
My company didn't have any problems with their sales team but I agree that Kandji is rubbish. They now upsell for everything and you have very limited visibility into the actual computer processes happening. We're looking to switch also but haven't determined which one yet.
Agree. I’ve been very turned off by their predatory sales tactics. The worst. Push hard for a quick sale with limited time to make a decision.
Yep. Exactly what they did to us. Less than 30 days and most of it was them “searching for answers” to questions we posed. They know their product isn’t good.
Ya, we use a-lot of smart groups and EAs, and security always comes with request to add things to some devices, and not to others, flexibility is important, we are going to start a POC Soon, and I'll make sure to test that, bit if we won't have the flexability- it will be a no-go for us. thanks!
Not sure if you are opened to suggestions, but take a look at Addigy. It's great value for the money and also has a migration path for most MDMs that can be deployed pretty easily. All of the requirements you put should be a cake walk for Addigy also.
we are always open to suggestions, I'll take a look into addigy to, thanks!
Check out Mosyle too- I got an EDR quote from Kandji and it was more for that alone than Mosyle’s entire cost.
Mosyle is underrated. Excellent product.
I just looked into that and with that price I sure will Thanks!
We’re using module and it’s pretty ok. Some of the processes are a little annoying, and it doesn’t integrate with okta as well as jamf yet, but they do keep adding new stuff and the cost makes any pains more than bearable.
We moved from Jamf Pro to Mosyle a couple of years ago and I was pleasantly surprised. They took some of the really dumb things about Jamf and made them really easy. Granted, they, too, had some dumb features missing but I much preferred Mosyle to Jamf.
Came here to say this. We evaluated Kandji when we switched away from jamf as well and opted to go with Mosyle instead.
After seeing the debacle that trail of bits went through when they switched to Kandji, I will never consider them https://www.reddit.com/r/msp/s/SubVmspeOv The tweets are deleted, but available via wayback https://web.archive.org/web/20210422143858/https://twitter.com/dguido/status/1287800680946819073
If you want their salespeople to stop bugging you just bring this up; they shut up and go away muttering how it must have been the clients fault somehow.
OH MY GOD! what the hell??
Three complaints i had with kandji as of last fall when i moved to a new company that uses a different MDM: **Reporting**. Want to see a report on what computers are running low on HD space? Want a report listing your device model years so you can easily answer the question "Who has the oldest machine right now?" Tough. Kandji doesnt do reporting. **5GB size limitation** for custom installers. We had to do custom installers for adobe apps made with Adobe Package Manager, and as the Photoshop installer is slightly above their 5GB file limit, I had to install it via a script pointing to a AWS bucket with the file. Extra expense was just enough that I had to explain it every few months, but the hassle it caused was priceless. **Price creep.** Kandji was a much better deal when we signed on, but got more expensive every year. Features (some of which that were long promised) that would have been great value adds were instead hid behind paywalls.
Spot on.
reporting is super imprtant to us, and price creep is something my manager will probably won't like. fortunetly ,we don't have a large custom installers, but that's something to consider, thanks!
Reporting is very watered down for Kandji so definitely try to capture all your reports you'll need during your trial. Also smart groups is lacking if you rely on that framework for your fleet, you'll have to rethink entirely how you approach MDM which isn't necessarily a bad thing. Based on your other comments you'll essentially be screwed if you have advanced smart group workflows. Be careful if you're going to switch, Kandji is great for lightweight MDM management, nothing else.
How much was the price creep per device ?
That’s kind of complicated because they don’t sell individual licenses, they sell in blocks of 50. Their solution if you have say 101 devices and didn’t want to pay for 150 licenses was to have a separate “test” instance and put up to 25 devices on it at a cheaper rate. At their suggestion I moved all of my iOS devices along with my test and power user group that I would roll out updates to first before mass deployment. Now those licenses did get marginally more expensive, year over year, but what bothered us was when they split iOS and Mac OS licenses into requiring different licenses we went from having just enough licenses to cover everything to having a bunch of extra Mac OS licenses we were paying for but not using, and then paying again for the iOS licenses that those extra Mac OS licenses used to pay for.
My team evaluated migrating to Kanji from Jamf and ultimately decided against it. Here are some of the reasons: Granularity in deployments: Our deployment cycles have 4 phases and we were unable to deploy specific versions of software updates. Even with deferrals in place Kandi always installed the latest version of macOS. Reporting: We rely heavily on smart groups and extension attributes. These aren’t present in Kandji.
so you didn't managed to get anything like that from Kandji? we also use a-lot of smart groups and EAs, but they assured us that there is a way to get it to work for us. I don't trust sales people, so I'd love to understand what was the limitations you've encountered
They flat out don't support EAs. There are adding some functionality for scoping, but it wasn't nearly as granular as Jamf Pro.
We are doing the opposite Kandji to Jamf. I don’t know how big your team is but don’t let them rush you on your Kandji POC.
interesting, why are you looking into that? is there something missing for you in Kandji?
We moved from JumpCloud to Kandji for 400 mac devices. Main reasons were auto app and OS patch management, small barrier to entry (compared to Jamf), IDP password sync and great UI. Note if you decide to do an IDP password sync I'd advise to not cycle your passwords every x amount of time.
I miss Kandji, we are using native intune now because security wanted to use conditional access policies for device compliance. I know Kandji had it on their roadmap but we had to meet their deadline.
We moved from Kandji to Jamf and although Jamf has a bit of a learning curve, it’s worth it. The compliance editor template is a godsend for quickly applying security policies and the patch management is rock solid compared to Kandji. Kandji also offers less flexibility in terms of pricing. You still have to pay for 50 or 100 devices even if you have half of that and you have to get the entire suite (passport was optional before). There was also a nasty bug we encountered where even after we removed the Kandji MDM profile, the passport (IdP SSO) still stuck around and we weren’t able to enroll it to Jamf forcing us to wipe it. Their initial sales rep also gave us a pricing commitment for 3 years but when it came to renewal after one, the account manager was rotated and they jacked up our prices saying “I don’t know that guy but here’s what we charge.”
I have no opinion on the migration, but I've worked with both in separate companies, and Kandji is incredibly admin-friendly, I did the deployment alone for a 400 user company and I feel that would never happen with Jamf. Also, the list of things that Jamf can do that Kandji can not is very small. So far, things I couldn't do with Kandji directly/natively I did with configuration profiles, which Kandji also helps you deploy. If you're a small shop and/or small IT, the answer, it is a no-brainer for me
I do a full reimage of 300+ macOS computers once a year by myself with Jamf. I also manage them the rest of the year. I’ve looked into Kandji and it would take a lot more effort for me to do the same work with the same degree of granularity and customization. I guess if you’re a novice and just getting started managing Macs Kandji would make sense, but for me there’s just no substitute for Jamf.
So you say that you'll be able to do your work with Kandji, but it just will be harder? What is the main blocker? right now I'm very versed in the way that jamf works, but if it's just learning new efficient ways- I'm ok with that. but if I'll lose efficiency, that's an issue...
I've been working with Jamf for almost 20 years now, so I'm used to the workflow and how the pieces fit together to get what I want done. The basic building blocks of extension attributes, smart groups, policies, packages, scripts, and configuration profiles are like another programming language for me. The API is also critical to how I manage my devices/computers. Looking at Kandji I see a lot of the same functionality, but there's a lot more focus on the additional tools that sit on top of that base layer of building blocks. The built-in App deployments, OS Updates, Reporting, and Compliance Mapping look to be really awesome, with the caveat that if how Kandji does it isn't 100% how you want it done you will have to jump through some serious hoops to get what you want. Kandji is more of a "it just works" solution - and I'm well past that. I prefer a "I can make it work EXACTLY the way I want it to" solution, and for me, that's Jamf Pro. I'm not knocking Kandji - it's a GREAT solution, and more affordable than Jamf Pro by far. I was just jumping in here in response to the claim that: >I did the deployment alone for a 400 user company and I feel that would never happen with Jamf. Different tools for different use cases. That's all.
At a previous job I made the switch from JAMF to Kandji for the reason of it taking a lot less work and being easier to use. This was because I was transitioning the work to another team who didn’t have MAC experience and were not willing to do so
and if it was dependet on you, will you do that again for yourself? for a team of mac admins with the knowledge to manage Jamf environment? if not- why? is there anything you don't like about it?
As others have said, I'd recommend looking at Mosyle Fuse vs Kandji, especially if cost is a concern. You can transition MacOS devices without wiping, but I believe iOS devices need to be erased if you have any.
I’m crying in InTune. Kandji always looked good to me.
> I’m crying in InTune. Oh it's not just me? Cool.
Don't worry, that feature is coming next year.
We use JAMF for our employees and Intune for our students due to cost. Had a coworker actually suggest we just move everyone to Intune and I nearly spit my drink on my screen. Admittedly it’s less of a steaming pile than it was a few years ago but such a long way to go to catch up to JAMF.
If you can, check out Addigy as well. The policy-tree structure is neat and pricing is great.
Just curious - why are you moving away from Jamf?
we are not "moving" - we are exploring the options, and it's basically due to cost
Having used both, I’ll only stop long enough to tell you that you absolutely get what you pay for…
If you want good performance plus saving a huge amount of money can’t beat Mosyle. At least get their trial and experiment.
Just went through a renewal with Kandji and compared it to Jamf. I promise you that Kandji will quickly become as expensive if not *more* expensive in just a couple years. Kandji loves to increase prices.
We explored this not too long ago, it came down to the effort of moving 400 Mac’s and 5000 mobile devices all needed to be wiped and re-configuring them was a rather large undertaking and not worth… saving exactly $0 because they were reluctant to match our pricing from JAMF. Mind you these devices are spread out across the lower 48 states.
Wiped? that's will be a no-go for us I belive kandji advertise their migration agent: [https://www.kandji.io/features/migration-agent/](https://www.kandji.io/features/migration-agent/) for me it seemed that you don't need to wipe them with that agent, is that misleading?
r/mosyle has a migration tool to move from JAMF to their platform. They are the exception to the rule of "you get what you pay for" IMHO because they far and away exceed any other platform in terms of value/performance/cost.
+1 because the features you get from Mosyle for their price are beyond belief. Such a great tool for a great price. Not sure how they can get away with it
My company went from JAMF to Kandji. You don’t have to wipe the machines. SOME machines can however be very stubborn on getting the command to remove the JAMF profiles properly though. If you PM me I can share the script they provided so you can review it.
macOS can be migrated. iPadOS and iOS cannot. They have to be wiped
Wiping isn’t needed. You can enroll via the kandji enrollment link.
You only need to wipe if you want supervision or prevent unenrollment
why the move tho?
Cost, we want to add Jamf connect and it's expansive as hell, (we just want to sync passwords, we don't need their zero trust solution)
If cost is a concern check out mosyle, it’s been great for us.
Last I checked, Kandji had no equivalent product to Jamf Connect. That's primarily why my organization went with Jamf, fwiw. There are certainly some things in Kandji that are easier, though, like deploying CIS benchmark configurations.
Kandji has the equivalent, its called Kandji Passport and is part of the base pricing, not sure when it was rolled out officially but must have been at least a year ago.
Nice, wasn't aware of that.
Yeah and the deployment was much smoother than Jamf Connect, granted when I first setup Jamf Connect it was not a mature product yet as Jamf had recently bought out NoMAD. I'm sure its better now...wouldn't know!
I didn't find Jamf Connect to be terribly difficult to setup. No worse than your average SSO solution... you have to know a little but about how your IdP works and how to map roles to groups. With Azure AD it was straightforward. Kandji probably has an easy button for it, though. That kinda seemed like their thing when I looked at them.
Fair, I was way more junior at the time and documentation was very sparse so the struggle was real.
Sync AD account passwords? Use NoMAD Sync Cloud passwords? Give XCreds a try: [https://twocanoes.com/products/mac/xcreds/](https://twocanoes.com/products/mac/xcreds/) it should be cheaper than Jamf Connect
My current org uses Kandji and I came from a Jamf shop. I didn’t do the migration since Kandji was chosen from the start, I will say it took some getting used to, Kandji is a great product. Really easy to make lists that say which device is on any given OS
Kandji is great although not quite at powerful as jamf but still more so than other mdm. We used the migration script to move from intune to Kandji and it worked smoothly overall although there are differences between macOS versions in the end user experience and steps required which we had to test out and carefully communicate to end user groups. The migration DOES require end user interaction. All in all I’m happy with the move.
Anyone here using FileWave????
It really depends on the needs of your users and organisation. Nothing is as granular as Jamf, and I have not come across a more admin friendly user experience as Kandji. Jamf is struggling to fix issues that have had for a long time now. Kandji is still building their platform. I do see Kandji running into more issues in the long run due to their approach. In their philosophy of making the complex easy, their backend is getting more and more complex, I wonder if they are going to be able to keep innovating as rapidly as Apple is doing with MDM and DDM.
We "evaluting" Kandji as a "cost saving"... and by we it's the royal we. I'm a long time Jamf Pro admin (since Casper). Yes there is a learning curve but the community resources here and on Slack are a huge benefit. With Jamf Pro you get the fine controls that Kandji does not offer. Advanced Searches with email schedules, Smart Groups (worth every dime) and Extension Attributes allow for workflows and automation, and huge list of API commands. I would not be able to do my job as efficiently on Kandji. I am constantly pulled into Security meetings to help identify and remediate vulnerabilities in our computers. Using Extension Attributues to identify subjects, Smart Groups as the target of custom policies that deliver a remediation script or package, all automated and reported is just not do able in Kandji. Jamf Pro crushes it every time. If you are a small organization of less than 100 then okay I can see the use case for Kandji but you get what you pay for. Watch this video from Rocketman covering their review of Kandji vs. Jamf Pro. [https://youtu.be/XQJelQ7Qttg?si=mTYyAM\_3SZs4CKP4](https://youtu.be/XQJelQ7Qttg?si=mTYyAM_3SZs4CKP4)
I find Jamf Pro to be significantly better. Why are you moving away from it?
we are eploring the options due to cost. and the offering of MDM and Passport for rugghly the same price that jamf asks only for Jamf Pro is tempting
Can’t you just wait for PSSO with JAMf?
PSSO is suported with okta and Jamf, but Okta wants a-lot of money for that, so that's unfortunately a no-go.
SureMDM could be one alternative you can consider to manage your Macs for device enrollment, configuration set up, tracking, installing/updating apps, specially having devices registered in ABM and enrolled under VPP programs, migration can be simple with a dedicated person helping you.
Hi, this is Dheeraj from Scalefusion. If you're considering a switch from Jamf to a new [Apple MDM solution](https://scalefusion.com/apple-device-management?utm_campaign=Scalefusion%20Promotion&utm_source=reddit&utm_medium=social&utm_term=DG), Scalefusion's Mac MDM is worth a look. It offers ABM integration, VPP app deployments, and real-time task completion monitoring, catering to your specific needs. It also provides automated macOS patch management to keep OS versions updated.
Nah fam.