We used JAMF at my last place of business, and it would occasionally kill apps with a 15 minute warning. Normally this was fine, but it really sucked to get JAMFed (as it came to be called) in the middle of a presentation.

At my current company, we use something that destroys CPU and battery (unused 2019 high end MBP hangs sporadically for tens of seconds on any file system syscall, computer gets uncomfortably hot, battery lasts ~1hour on a full charge—happens to everyone I’ve talked to). Not sure what it’s called, but this falcond process always seems to be the culprit. I know nothing about MDM, but I would love it if Apple Business Essentials would be a viable alternative (hard to imagine Apple shipping such miserable software, anyway).

Some piece of company malware on my MBP causes it to panic every two or three days. Before that it got mad fan disease and had to be wiped to get it back to 'normal'.

I have eight icons in the menu bar for installed malware/spyware/whatever on my company owned laptop. That's just the stuff that has an icon, I bet there's more (including JAMF, for sure). It's ridiculous.

> use something that destroys CPU and battery

Before you even mentioned falcond, I immediately knew that it was clownstrike

falcond is CrowdStrike’s endpoint antivirus thingy, not device management.

As usual, antivirus is an exercise in trading performance for increased attack surface (and compliance).

As history shows, antivirus is an exercise in trading performance and increased attack surface for checking a box.

The issues you experienced are squarely on the shoulders of your Jamf admins.

It doesn't have to suck, but it usually does because the people put in charge of it are incompetent, or at best, semi-competent. Most self-respecting engineers run fast from this sort of thing.

Having worked with JAMF's API... I don't like it, but yeah, this is not normal and something as to how your company is using JAMF.

The people in charge of this are usually more of the IT than 'self respecting engineers'

I moved from a company that gave us fresh off the store MacBooks to one that managed them using jamf and a host of other antiviruses and compliance software, and I tell this to all of my colleagues: the experience you're having with your MacBooks - the poor performance, stuttering and random beachballs aren't representative of what MacBooks are actually like.

For me this "offer" sounds like that the Sever app with the includes Profile Manager now basically becomes obsolete and will not anymore supported.

That will become an expansive solution for small business like the one I manage with 15 employees.

This gives some services an opportunity to offer an even lower cost offering.

The thing I worry about though is that this first-party solution will have "special" features that are not possible via MDM using private APIs or some special entitlements.

For 500+ devices i would NEVER use a solution like JAMF and go with something like InTune or better MobileIron (MI). MI just works and is an absolute no brainer.

Apple gives every option possible for managing their devices via a third party software. They don't need to offer such a software themselves. And you really dont wanna deal with the Android clusterfuck in a BYOD enviroment. Android is such a pain in the ass when it comes to MDM. Even if the admin console is better, the amount of complaints and support tickets with Android is so high that we are just not support this anymore.

JAMF is the leader here, but I found it to be too expensive and unfriendly. I eventually settled on mosyle. When I originally learned about MDM I was quite surprised they had this third-party architecture.