Jamf Pro vs. Microsoft Defender for Endpoint

Well suited for any organization that wants to manage apple products. It's extremely easy to integrate and has many connectors for existing enterprise infrastructure applications. Certificate management is a breeze. Not so suited for smaller businesses that only have 10-20 devices. Jamf has another product called JAMF Now that would suffice for those areas.

It is well integrated with the Microsoft Admin center providing a quick way to find everything you're looking for. However, if there is a problem that needs addressed, you may have to click through a few more pages to find the solution. It will definitely let you know what's going on in your environment.

Incentivized

• Jamf Pro's Self Service is a great mechanism for making software available to end uses as they need it.
• Jamf Pro is also great for creating plans called PreStage Enrollments that allow for computers to skip many of the setup screens, as well as automating account creation.
• Jamf Pro in combination with Apple Automated Device Enrollment (formerly DEP) allows for devices to supervised and managed, this combination allows for locking, remote wipe of devices, and finding locations of devices when put into lost mode.

• One, it's crazy lightweight, so compared to some of the competitors that we also have used with our security services, it's really lightweight and so I don't have a lot of overhead on the system that it's running on.
• It does really fantastic PowerShell integration.

Incentivized

• Training options are terrific, but costly.
• Finding what you need in Jamf Pro can be tough at times. The interface is not what I would call friendly.
• You'll need static credentials for Jamf Pro. They don't integrate with the Jamf Account, and it doesn't offer 2FA. SSO is an option, but it's not simple to set up.

• So the fact that Defender for Endpoint still works with signatures is actually, I don't know, a little difficult for us because, I mean, since Microsoft trusts those signatures, you can easily inject code. And we've done it many times. To show that you can inject code through vulnerabilities like CV 2013, 99, and 33 but still keep the signature. So because of the trust of those signatures, the malware just kind of slides into the environment without Defender knowing. That's the first part. The second part is that the behavioral analysis is not precisely its Prime. It's not Defender's best capability for endpoints. So, Defender does not identify all behaviors considered by other EDRs in the market.

Incentivized

We stepped away and are looking at different products that integrate with our entire fleet MDM solution rather than focusing specifically on Apple products. An all in one solution fits our needs better and is more cost-effective in the long run. Jamf Pro needs to improve some features and support but overall its a good product.

Incentivized

Cost add-ons for Security features is nickel and diming the process to keep pace with cybercrime. Limited Education budgets require us to be more pro-active in finding cost-effective measures to protect our devices, staff and students. Defender is a strong, well-featured product that is pricing itself out of the education market

Incentivized

Jamf Pro has done pretty much anything we've needed with little setup headache. If we hit a wall, the Jamf user community and tech support departments both are more than willing to help solve problems. Tech support is excellent, but the surprising thing is the user base is by far the biggest resource. Jamf users love to help each other, by directly chatting about issues, posting best practices, or just posting info on the forums.

It offers multiple security features and integrates well with Microsoft ecosystems. A workflow for threat detection, investigation, automated remediation, and a centralized dashboard is an added advantage. This application is mainly designed for experienced users; new users may feel challenged.

Incentivized

Microsoft Defender for Endpoint chugs along just fine no matter what we throw at it and what systems it's running on. It doesn't take up a lot of resources either, so that's welcomed.

Incentivized

Microsoft Defender for Endpoint is easy on memory and resources on clients.

Incentivized

Jamf Support is very responsive and usually assists in any challenge we are tackling. They are also very transparent when they are allowed to be. I personally love our Jamf Pro support rep and don't fear messaging their support team.

The first time I tried to onboard my macOS endpoints to MDE I struggled for quite a bit. I had to reach out to Microsoft's MDE support team. The tech was very helpful in walking me through the steps during a screen share session

Incentivized

They made me more comfortable using the product.

The training session was beneficial because it expanded my knowledge about Jamf products and really learn what I am capable of doing with Jamf Pro in terms of managing Apple computers and devices. Immediately after the training course, I was able to implement what I learn to our cloud instance.

Migration from an existing MDM requires device wipe and reenroll for full supervision of the device. It's somewhat painful. User enrollment makes things easier, but you miss out on full management.

Deployment was handled by our team here and everything went pretty smoothly. We did have a few hiccups in our test group, but that only took a bit to get ironed out.

Incentivized

Even thought we are using this solutions for different purposes (macOS device management VS mobile device management), I think at the end Jamf Pro is more focused or aimed for macOS management, and mobile device management is just a good addition to that. Same I can tell about Ivanty, is more about iOS/Android management rather than macOS

Defender is far easier to deploy and manage than Sophos and tends to work without as many issues. The threat assessment portal provides an in-depth view of the organization's security posture, whereas Sophos only shows the patching status of the PCs. We did need Intune to get many of the control features (disabling USB drives) that Sophos offered out of the box.

Incentivized

Microsoft Defender for Endpoint is easily scaled from small orgs to giant enterprises.

Incentivized

• Jamf Pro has allowed us to minimize the time it takes to deploy devices. We can use zero-touch deployment methodologies which allow devices to go directly to end users and allow end users to get up and running without needing IT's help.
• We have implemented both a third-party & macOS patching service, which allows us to ensure all apps and versions of macOS are updated and secure.

• Reduced incidents of security breaches lead to lower remediation costs and avoid potential financial losses and reputational damage.
• Reduces the need for additional third-party security solutions and training, thereby lowering overall security management costs.
• Increased efficiency and productivity of IT staff lead to better allocation of resources and cost savings.
• Reduces the risk of fines and sanctions associated with non-compliance, ensuring business continuity and protecting revenue.

Incentivized