The only correct answer to the question “What’s the best MDM solution?” is “It depends.” Dull, but true. The real world is a nuanced complexity that can’t be distilled into a pithy Insta soundbite, and nowhere is this more clear than when you shop for mobile device management (MDM). Plenty of MDM platforms may steal alluring glances at you, but how do you tell which is the right choice for your business?
To save you time and tantrums, here’s our unasked-for yet super-expert assessment of the more common MDM solutions out there, so you can make that choice with confidence, and perhaps even a little panache.
“The real world is a nuanced complexity that can’t be distilled into a pithy Insta soundbite.”
But First, Four Vital MDM Features
Not the catchiest of movie titles, but that’s not what we’re aiming for. Whichever MDM solution you’re veering toward, make sure it has these four features.
- Multi-platform. Perhaps you’re super-happy with your homogenous Apple fleet or have an unholy penchant for Windows-only IT. That may have worked fine in the past, but what about the future? To be flexible, and also to operate in the real world, most businesses now* use the device that’s right for the job. Give a designer anything but a Mac (the design industry standard) and they’ll hand your kidneys back to you on a skillet. Likewise, your bouncing-new baby MDM solution should have the capability to manage heterogeneous device fleets all in one go. *We’re pretty sure this should be true but we don’t got the stats – so you’ll just have to trust us.
- Encryption recovery. Encryption is everything. It converts sensitive data into unreadable weirdness and then de-converts it back into data for authorized peepers only. But if a device is lost or your dozy colleague forgets their password and there’s no encryption recovery key, that data stays lost forever. Encryption recovery keys stored on the MDM platform (not written in chalk on the laptop case) are the answer.
- More is better. The more tools embedded in the MDM platform, the better. Platforms that are limited to app store apps or policies won’t be flexible enough to allow you to make changes or additions to your fleet. For optimum flexibility and usability, you’ll need to push scripts, apps, and all kinds of loveliness. Make sure your platform of choice gives you this flexibility.
- User-friendliness. A good MDM console should be intuitive and easily navigable, otherwise, you’re inviting in a whole smorgasbord of horror. Unfriendly dashboards invite mistakes, and mistakes can take a whole fleet down.
Best MDM Solutions, IOHP.
We’ve tangled with a fair few MDM/sort-of-MDM platforms in our 25-year history of managed IT, so we’ve already got our own set of favorites – as well as those that make us run screaming. Here are our unprompted thoughts about some of the best MDM solutions around right now.
Note that we haven’t ranked these solutions outright because – you guessed it – it depends: it depends on your set-up, IT expertise, budget, and business aims. Each solution has different strengths and weaknesses, and we’ll look at those in more detail in a hot minute. We’ve not included Remote Monitoring and Management (RMM) tools in our assessment because, although some of them pretend to be MDM, they’re just not.
We’ve used a 5-point scale that looks like this:
5: Impressive
4: Pretty Darn Good
3: Fair-To-Middling
2: Just Nope
1: Run Screaming
MDM Solutions Ranking-ish.
| MDM Solution | Breadth of tools | User- friendliness | Multi-platform compatibility | Scalability | Cost | Average Score |
| VMware Workspace ONE | 5 | 2 | 5 | 5 | 3 | 4 |
| Jamf | 4 | 2 | 1 | 4 | 1 | 2.4 |
| Meraki Systems Manager | 4 | 4 | 5 | 3 | 2 | 3.6 |
| Kandji | 3 | 5 | 1 | 2 | 4 | 3 |
| Microsoft Intune | 2 | 1 | 5 | 3 | 4 | 3 |
| Addigy | 3 | 2 | 3 | 3 | 5 | 3.2 |
Best MDM Solutions Summarized, Kind Of.
VMWare Workspace ONE (old-school: Airwatch)
VMware has been knuckles-deep in the MDM pie since the dawn of MDM. The brand’s 2014 acquisition of Airwatch chronicled an 11-year development pedigree, during which it evolved from a mobile email management solution through EMM – to becoming a standout multi-platform MDM solution. Post-acquisition, VMware has integrated Airwatch with its own offerings to develop a more holistic approach to mobility management, and rebranded as Workspace ONE (yes, caps.)
Not gonna lie, we’re biased because this is our favorite and we use it. But we’re biased for a reason – it’s the best tool for us as a Managed Service Provider (MSP). But it might not be the best for you as a cool startup/evil multinational/asparagus retailer. Let’s take a look:
Good stuff:
- The breadth and depth of usable deployment tools is stunning. You’re looking at an all-you-can-eat buffet of installers, scripts, CPS, configuration profiles, custom attributes, and even integrated open-source Munki for uber-flexibility and customization – and then some.
- Controlling all your managed devices under a single pane of glass makes life that much more bearable.
- Its multi-platformality (it’s a word) makes integration with existing IT infrastructure simpler. Its super-scalability means growing businesses like startups don’t need to confine themselves to a single platform.
- Because it’s SOC 2-aligned, Workspace ONE can get you compliant more easily than other platforms.
Not-so-good:
- Because it’s so feature-rich, it takes time to learn.
- Some of the tools have disappointing limitations. (Sad face.)
Best for:
- Breadth of features
- Best all-rounder
- Best for compliance
- Best for startups
Jamf
Jamf is currently the Mac industry leader with its flagship product Jamf Pro, formerly the Casper Suite. It’s been around for over two decades, and now caters to anything with MacOS, iOS, iPadOS, and tvOS tattooed on it.
Good stuff:
- Robust and mature, specially built to cater to Macs and iOS platforms, and can talk to Windows-led fleets through Microsoft Intune.
- Comprehensive set of deployment, inventory management, and security features, as well as identity and authentication management.
- Tried, tested, and trusted through big partners like IBM.
Not-so-good:
- Not intuitive to use.
- Pricey.
- Not much support thrown in, unless you pay for a support contract.
Best for:
- Mac compliance
Meraki Systems Manager
Originally founded by MIT students working on a community wireless mesh network project in the early 2000s, Cisco bought Meraki in 2012 and further developed its Systems Manager platform.
Good stuff:
- Excellent suite of tools built into the platform that provide a comprehensive array of services, as well as Cisco integrations.
- Easy to deploy and fairly intuitive to use, with a clean interface.
- It’s multi-platform (with caveats).
Not-so-good:
- Uh-oh! – It can’t incorporate Windows recovery keys.
Kandji
Kandji is the relatively new kid on the block for Mac-flavored MDM. It’s been around since 2018 and has built up a loyal customer base.
Good stuff:
- Intuitive interface makes it easier for non-tech-savvy people to use successfully.
- Tools are geared for low maintenance and low administrative overhead.
- Includes an app library with popular apps already built out and ready for assignment.
- Excellent for simple needs, i.e., inventory and device setup.
Not-so-good:
- It’s Mac-only, so not-so-good for multi-platform fleets.
- The recent price increase and fixed feature bundling have caused many hackles to rise.
Best for:
- Ease of use.
- Mac-flavored startups.
- Small businesses.
Microsoft Intune
Although a popular choice among companies and MDM admins, your individual Intune experience may vary. This tasty feature is like the prize in your cereal box: it’s included! But it may require some admin elbow grease to make it work for you.
Good stuff:
- Multiplatform works with Windows, Mac, iOS, and Android – and is on good terms with Jamf, if you’ve got a Windows-led fleet.
- Integration with the Microsoft/Office 365 portal and directory, including integration with identity management tools.
- Many Microsoft/Office 365 subscriptions include Intune, so you may not need to drop more cheddar to have a full MDM tool at your disposal.
Not-so-good:
- Not intuitive to use.
- Limited (some might say cumbersome) admin console logs.
- Hard to get people to enroll personal devices in a baked-in MDM.
Best for:
- Windows-led fleets with experienced admins.
Addigy
Ten years on the market, Addigy is an Apple-flavored MDM platform that offers cross-platform operations.
Good stuff:
- It’s comparably low-cost.
- Comes with a built-in app library that has pre-configured updates.
- It’s multi-platform.
Not-so-good:
- Not intuitive.
- Not for beginners: you’ll need custom scripting skills, at the very least.
- Limited identity and authorization management capability.
Best MDM Solutions: A Recommendation
OK, so we gave gold stars and big, fat raspberries to a bundle of MDM platforms, but don’t get us wrong – we love MDM because it sets your business free. But it can get complex, and that’s why, unless you have a super-technical internal IT staff, you should think about hiring a Managed Service Provider to do your MDM for you (ahem, us).
Office managers are super-effective at office management, but shouldn’t be doing MDM because 1.) it isn’t their job, and 2.) it requires more technical knowledge than you’d think. A mistake on MDM can ruin your day/week/year with a ton of downtime, a defective business workflow, and a scary risk of data breach. Yes, we would say this, wouldn’t we, but we have your best interests at heart. As well as ours. So give us a call and let’s talk MDM.
Ignition is Silicon Valley’s best (and friendliest) IT security, compliance, and support team. Contact us now – chatting about IT support and cybersecurity is our favorite thing to do!