Compare 67 individual features across 13 MDM platforms. Select platforms, filter by category, and expand rows for detailed notes and OS support.
Select Platforms
Max 4 at a time
Select up to 4 platforms to compare. Click to toggle.
Filter by Category
Feature
Workspace ONE 4.6
Iru 4.1
Jamf Pro 4.0
Intune 3.9
SOTI 3.9
ManageEngine 3.8
Hexnode 3.7
JumpCloud 3.7
Miradore 3.3
MaaS360 3.1
Mosyle 2.2
NinjaOne 1.9
Addigy 1.9
Device Configuration
5.0
4.3
4.8
4.1
4.0
4.5
4.6
3.5
3.5
3.8
3.8
2.8
2.8
Certificate Management (SCEP/PKI)
Deploy and manage digital certificates via SCEP, PKCS #12, or manual upload. Enables certificate-based authentication for Wi-Fi, VPN, email, and web applications across the fleet.
5.0
SCEP and certificate lifecycle management with CA integration.
5.0
Strong SCEP support with AD CS Connector; integrates with Microsoft AD CS, GlobalSign, SecureW2.
——
5.0
SCEP and root certificate management
————
4.0
SCEP and PKCS certificate management with CA integration.
4.0
Certificate management including SCEP
5.0
Full SCEP support with built-in PKI server. Microsoft AD CS and DigiCert integration. ACME CA support. Zero-user intervention certificate deployment and silent installation.
4.0
Certificate management via SCEP, PKCS#12, and PKI integration across all platforms.
4.0
Full SCEP for macOS, iOS, Windows; requires external CA; Android Device Trust certs (not SCEP-based).
——
3.0
Certificate deployment in PEM, DER, PKCS12 formats; SCEP integration not explicitly detailed.
——
4.0
SCEP certificate management and deployment.
4.0
Certificate management including SCEP
————
2.0
Certificate management via SCEP and PKI integration for iOS, Android, and macOS.
———
2.0
Certificate management via SCEP for iOS and macOS.
————
Custom Configuration Profiles
Deploy platform-specific custom payloads: Apple mobileconfig, Android OEMConfig, Windows CSP/OMA-URI for settings not available in the standard management console UI.
5.0
Custom profiles for all OS platforms; most flexible of the three.
4.0
.mobileconfig upload for Apple System Channel; limited Android via third-party app configs.
——
5.0
Custom MDM profiles and declarative device management (DDM)
————
4.0
Deploy custom OMA-URI policies for Windows, Apple mobileconfig profiles for iOS/iPadOS and macOS, and Android OEMConfig payloads. Covers settings not exposed in the standard Intune console UI.
5.0
Custom configuration profiles and OEMConfig for Zebra/Honeywell
4.0
Custom XML/OMA-URI for Windows 10/11. Plist/mobileconfig for iOS/macOS. OEMConfig support for Android vendor-specific settings. Profile Creator tool available.
5.0
Custom configuration profiles and scripts for platform-specific advanced deployments.
4.0
Custom .mobileconfig for macOS/iOS; OMA-URI for Windows; M1 kernel extension limitations noted.
—
4.0
Windows CSP policy builder; all platforms support custom profiles; user-specific variables for dynamic config.
——
3.0
Supports importing .mobileconfig profiles for both iOS/iPadOS and macOS devices. Windows custom configuration is more limited. Enables deployment of vendor-specific or advanced Apple payloads.
4.0
Custom MDM profiles
————
3.0
Custom XML profile deployment for advanced configurations not covered by UI.
———
3.0
Custom XML profile deployment for advanced iOS and macOS configurations.
————
Device Restrictions
Enforce granular restrictions on hardware and software features including camera, screenshots, USB, Bluetooth, AirDrop, clipboard sharing, and app installation sources.
5.0
Comprehensive device restrictions across all OS platforms.
5.0
120+ one-click restrictions for Apple; full Declarative Device Management on iOS 16+; Android/Windows supported.
——
5.0
Comprehensive restrictions and supervised device capabilities
————
5.0
Device restrictions and capabilities enforcement across all supported platforms.
4.0
Device restrictions and security policies
5.0
Comprehensive platform-specific restrictions. Kiosk mode for single/multi-app lockdown. App disabling for non-compliance. Camera, USB, Bluetooth, AirDrop restrictions.
5.0
Extensive device restrictions with granular control over OS features, apps, and hardware.
Comprehensive restrictions: app blocking, feature disablement, data roaming, content filtering.
——
4.0
Device restrictions and capability enforcement.
4.0
Device restrictions and policies
————
3.0
Extensive device restrictions: disable camera, AirDrop, app store access, and more.
———
3.0
Device restrictions including app store disable, camera control, and more.
————
Email Profile (Exchange/IMAP)
Configure native mail clients and managed email apps with Exchange ActiveSync or IMAP/POP settings. Automates corporate email setup and enforces data protection policies on email access.
5.0
Email configuration profiles across platforms.
4.0
Custom profiles with global profile variables ($EMAIL) for personalized email configuration.
——
4.0
Native email profile configuration
————
4.0
Email configuration profiles for Outlook and native clients.
4.0
Email profile configuration
5.0
Email, Exchange ActiveSync, and mail server configuration with SSL authentication. Dynamic variable mapping for user-specific details. Conditional Exchange Access (CEA).
4.0
Email profile auto-provisioning with Exchange, IMAP, and OAuth support across platforms.
2.0
No native email profile templates. Email config possible via custom .mobileconfig on iOS/macOS only (requires Apple Configurator/iMazing). Source: jumpcloud.com/support/create-mac-or-ios-mdm-custom-configuration-profile-policy.
——
4.0
Exchange (OAuth), IMAP, POP support; strong iOS/Android; adequate Windows/macOS.
——
4.0
Email configuration for native and managed clients.
3.0
Email profile configuration
————
3.0
Email profile deployment with IMAP/POP3/Exchange support and automatic configuration.
———
3.0
Email profile configuration for iOS and macOS with Exchange/IMAP support.
————
Passcode / Password Policy
Enforce password complexity rules including minimum length, character requirements, expiration, history, biometric authentication, and auto-lock timeout across all managed devices.
5.0
Passcode policies with complex requirements across platforms.
5.0
DDM-based passcode on iOS 16+; configurable gap 0 min to 8 hrs; password change frequency daily to biennially.
——
5.0
Enforce and manage passcode policies
————
5.0
Passcode policies and enforcement with complexity requirements.
4.0
Passcode policy enforcement
5.0
Passcode complexity enforcement including length, age, history. Brute-force protection with auto-wipe capability. Biometric policy support.
5.0
Password policies with complexity, history, and expiration across all platforms.
4.0
Passcode/password policies all platforms including Linux; min length, complexity, expiration, rotation.
—
4.0
Full passcode enforcement with complexity requirements; Android numeric/alphabetic/complex types; remote reset.
——
5.0
Passcode policies with complexity enforcement.
4.0
Passcode policy enforcement
————
3.0
Passcode policy enforcement with complexity rules and expiration settings.
———
3.0
Passcode policy with complexity rules and expiration on iOS and macOS.
————
Per-App VPN
Route traffic from specific managed apps through a VPN tunnel while other traffic flows normally. Provides granular network security without degrading user experience for personal apps.
5.0
Workspace ONE Tunnel for per-app VPN on iOS, Android, Windows, macOS.
2.0
iOS per-app VPN via AppConfig supported. No per-app VPN on Android, Windows, or macOS.
——
4.0
Per-app VPN tunneling for iOS and macOS
————
3.0
Per-app VPN via Intune Tunnel requires separate gateway infrastructure.
3.0
Per-app VPN for iOS, Android, Windows, macOS
3.0
Full per-app VPN for iOS and macOS. Not supported on Android, Windows, or ChromeOS in MDM Plus standalone.
4.0
Per-app VPN tunneling for application-level security across mobile and desktop platforms.
2.0
Android VPN Restrictions Policy; app-level VPN control via conditional access; limited specificity.
——
2.0
Limited per-app VPN; iOS/iPadOS has some support but Android not documented.
—————
2.0
Per-app VPN supported for iOS via VPN policy configuration. May require MaaS360 Enterprise Gateway or app wrapping depending on deployment model. Android and Windows per-app VPN not supported.
3.0
Per-app VPN support
————
2.0
Per-app VPN available on iOS and Android; macOS does not support per-app VPN via MDM.
———
2.0
Per-app VPN available for iOS; macOS does not support per-app VPN.
————
VPN Profile Configuration
Deploy VPN configurations supporting IKEv2, IPSec, SSL VPN, and third-party clients. Ensures secure remote access to corporate resources with pre-configured connection settings.
5.0
Device-wide VPN with advanced per-app tunneling.
4.0
Native VPN profiles via MDM; integrates with OpenVPN, NordVPN, Twingate, AWS VPN Client.
——
5.0
Per-device VPN configuration
————
4.0
Device-wide VPN configuration supported across major platforms.
4.0
VPN configuration support
4.0
Wide range of VPN types supported including IKEv2, IPSec, SSL. Dynamic variables for user-specific configuration. Per-app VPN available for iOS.
5.0
Comprehensive VPN profile support including IKEv2, L2TP, and OpenVPN across platforms.
4.0
VPN profile policies all platforms; VPNv2 for Windows 10/11; RADIUS auth; Pritunl, WireGuard integrations.
——
3.0
VPN config for iOS, macOS, Android; always-on VPN for Android; Premium required.
——
4.0
Device-wide VPN configuration supported.
4.0
VPN configuration
————
3.0
VPN profile installation via MDM with support for common protocols on supported platforms.
———
3.0
VPN profile deployment with common protocols on iOS and macOS.
————
Wi-Fi Profile Configuration
Push corporate wireless network configurations to devices including SSID, security type, proxy settings, and 802.1X certificate-based authentication. Eliminates manual Wi-Fi setup for end users.
5.0
Wi-Fi profiles across all platforms including Linux.
5.0
Enterprise Wi-Fi profiles with EAP-TLS support and trusted certificate integration.
——
5.0
Native WiFi profiles for iOS and macOS
————
4.0
Wi-Fi profiles supported across platforms. Linux limited to custom compliance scripts.
4.0
WiFi profile configuration across platforms
5.0
Corporate Wi-Fi and proxy configuration. WPA2/WPA3 enterprise authentication with 802.1X and certificate-based auth support.
5.0
WiFi profile deployment with WPA2/WPA3, EAP-TLS, and certificate authentication across all platforms.
4.0
Remote Wi-Fi deployment with SSID, WPA2-Enterprise/Personal, auto-connect; RADIUS auth supported.
——
4.0
Full Wi-Fi config with SSID, security mode, proxy, EAP settings; WPA2/WPA3 enterprise; Premium required.
——
4.0
Wi-Fi profile deployment across platforms including ChromeOS.
4.0
WiFi profile configuration
————
3.0
WiFi profile deployment with WPA2/WPA3 and certificate-based authentication supported.
———
3.0
WiFi profile deployment with WPA2/WPA3 for iOS and macOS.
————
Enrollment & Provisioning
4.9
3.8
2.6
4.0
4.1
4.3
4.0
3.6
4.3
3.6
1.9
2.3
1.9
Android Zero-Touch Enrollment
Google's enterprise enrollment program that configures Android devices on first boot. IT admins pre-assign enrollment profiles so devices connect to the MDM automatically, enabling mass deployment without manual intervention.
5.0
Android Zero Touch Enrollment with full partnership.
4.0
Added post-Oct 2025 rebrand; supports Google zero-touch provisioning for bulk Android enrollment.
—————
0.0
——————
4.0
Android Zero Touch Enrollment supported through partner enrollment services.
5.0
Android Enterprise Zero-touch enrollment
5.0
Android Zero-Touch Enrollment supported. Also supports EMM Token (QR), NFC, and ADB enrollment methods for automated Android device provisioning.
4.0
Android Zero-Touch enrollment via ZTE for enterprise deployments.
4.0
Full zero-touch enrollment for Android with automatic config during OOBE; reseller-uploaded devices.
—————
5.0
Google Partner for Zero-Touch; supports Android 9+ with Fully Managed and Work Profile modes.
—————
4.0
Android Zero Touch Enrollment supported.
0.0
——————
3.0
Android Zero-Touch enrollment supported for Enterprise devices with ZTE provider integration.
———
0.0
Android not supported; Addigy is Apple-only platform.
————
Apple ADE (Automated Device Enrollment)
Zero-touch enrollment for Apple devices via Apple Business Manager. Devices automatically enroll and become supervised during initial setup, giving IT full management control before the device reaches end users.
5.0
Apple Device Enrollment (ADE) fully supported for both iOS and macOS. Devices are automatically enrolled and supervised through Apple Business Manager integration.
5.0
Core ADE capability with improved interface; supports Setup Assistant for Mac, iPhone, iPad, Apple TV, Vision Pro.
————
5.0
ADE for iOS and macOS; best-in-class PreStage Enrollments
————
5.0
Apple Device Enrollment (ADE) for iOS/iPadOS and macOS via Apple Business Manager. Best-in-class enrollment experience with Entra ID integration and conditional access during onboarding.
4.0
Apple Device Enrollment (ADE/DEP) for iOS and macOS. Devices enrolled via Apple Business Manager are automatically supervised and assigned to SOTI for zero-touch provisioning.
5.0
Full Apple Business Manager (ABM) integration for automated device enrollment on iOS/iPadOS and macOS. Supervised mode with user assignment automation. Zero-touch provisioning for corporate-owned Apple devices.
4.0
Apple Business Manager enrollment for iOS/macOS with seamless device assignment.
4.0
ADE via Apple Business Manager; service discovery for Account-driven Enrollment with redirect URL retrieval.
————
5.0
Full ADE support via Apple Business/School Manager; enables supervised mode and prevents MDM profile removal.
————
4.0
Apple Device Enrollment Program support for iOS and macOS via Apple Business Manager. Automated enrollment with profile assignment during device setup.
4.0
Apple Device Enrollment (ADE) for iOS and macOS
————
3.0
Apple Device Enrollment for iOS via ABM. Android Enterprise enrollment supported. RMM-based approach for macOS.
———
4.0
Apple Device Enrollment for iOS via Apple Business Manager with automated device assignment.
————
Bulk / Staging Enrollment
Mass device preparation through staging tools, CSV imports, NFC tap, or USB provisioning. Essential for large-scale rollouts, seasonal deployments, and device refresh cycles.
4.0
Apple Configurator enrollment and Sideload staging for iOS. Device staging with check-in/check-out for shared devices. CSV bulk import and API-driven mass enrollment across platforms.
4.0
Leverages ADE, zero-touch, and Knox for bulk provisioning; supports staged rollout with test groups.
——
5.0
Bulk enrollment through ADE for iOS and macOS
————
3.0
Apple Configurator 2 enrollment for iOS staging, CSV bulk import for device pre-registration, and Windows Autopilot bulk provisioning. Covers large-scale rollout and seasonal deployment needs.
4.0
Bulk enrollment via ADE, ZTE, Autopilot
4.0
CSV-based bulk enrollment supporting multiple devices and users. Staging support for devices not yet activated. Invite-based mass enrollment methods available.
4.0
CSV-based bulk enrollment for rapid multi-platform fleet onboarding.
4.0
Bulk enrollment via config files; reduces deployment from hours to minutes across all platforms.
——
4.0
Apple Configurator support; CSV bulk import for users; ADE/Zero-Touch/Autopilot for staging workflows.
——
3.0
Apple Configurator enrollment supported for iOS bulk staging. CSV device import for pre-registration. Android bulk enrollment via NFC bump and QR codes for dedicated devices.
4.0
Bulk enrollment via ADE
————
3.0
Bulk device enrollment via CSV upload and batch importing for scalable fleet onboarding.
———
3.0
Bulk enrollment via CSV import for iOS and macOS devices.
————
Conditional / Identity-Based Enrollment
Enrollment policies that customize the onboarding flow based on user identity, group membership, or device attributes. Ensures the right policies, apps, and restrictions reach the right devices automatically.
5.0
Conditional enrollment with attribute-based access control.
4.0
Assignment Maps and rules with Azure AD, Google Workspace, Okta integration for identity-driven enrollment.
——
4.0
Conditional enrollment rules based on device attributes
————
4.0
Conditional enrollment with Entra ID integration for access control.
3.0
Conditional enrollment rules
3.0
Group and OU-based enrollment policies. Device ownership type (corporate vs BYOD) determines applied profiles. Azure AD conditional access integration for enrollment gating.
4.0
Conditional enrollment rules based on device attributes and compliance state.
Azure AD/Google Workspace integration for identity-based enrollment; device assignment from directory info.
——
3.0
Conditional enrollment based on device/user attributes.
2.0
Conditional enrollment rules
————
2.0
Limited conditional enrollment based on device state; not as sophisticated as Intune or Jamf.
———
2.0
Limited conditional enrollment based on device compliance state.
————
Manual / QR Code Enrollment
Flexible enrollment via QR codes, URLs, or manual server entry. Covers devices not eligible for automated enrollment programs, providing a fallback path for diverse fleet scenarios.
5.0
QR code enrollment across all supported platforms.
4.0
Universal Enrollment Portal with unique URLs and codes; QR code scanning for Android and iOS.
——
4.0
Manual enrollment via QR code for iOS and macOS
————
4.0
QR code enrollment available across most platforms for manual device registration.
4.0
QR code-based manual enrollment across all supported platforms
4.0
QR code, SMS, and email invitation-based enrollment. Self-enrollment portal for all major platforms. Intuitive step-by-step process.
4.0
QR code enrollment across iOS, Android, Windows, macOS, and ChromeOS.
4.0
QR code via User Portal for iOS/Android BYOD; Windows provisioning packages; manual direct link option.
——
5.0
QR code enrollment for Android 7+ and iOS; single-use codes valid 72 hours; manual instructions for all platforms.
——
4.0
QR code enrollment available across supported platforms.
3.0
Manual QR code enrollment
————
3.0
QR code-based enrollment available for iOS and Android, simplifying manual device enrollment.
———
3.0
QR code enrollment for iOS and macOS devices via GoLive workflow.
————
Samsung Knox Mobile Enrollment
Samsung's proprietary bulk enrollment for Galaxy devices. Extends Android Enterprise with Knox-specific security features including hardware-backed attestation and Samsung-exclusive configuration options.
5.0
Samsung Knox deeply integrated with advanced security features.
1.0
No Knox ME documentation found. Samsung devices use standard Android zero-touch enrollment.
—————
0.0
——————
3.0
Samsung Knox integration for enhanced security and enrollment on Samsung devices.
5.0
Samsung Knox enrollment support
5.0
Knox-validated MDM. Streamlined bulk enrollment of Samsung devices with out-of-the-box configuration and automatic app/profile distribution upon enrollment.
4.0
Samsung Knox integration with Knox Vault and Knox Manage for enhanced Android security.
1.0
No Knox ME support. JumpCloud absent from Samsung Knox ME partner list. Standard Android zero-touch enrollment only.
—————
4.0
Samsung Knox ME integration for persistent enrollment even after factory reset.
—————
3.0
Samsung Knox integration for enhanced device management.
0.0
——————
2.0
Samsung Knox integration enabled for Android devices with Knox platform support.
———
0.0
Samsung Knox not supported; Android platform not available.
————
User-Initiated Enrollment (BYOD)
Self-service enrollment for personally-owned devices. Users install a company portal app and enroll with a privacy-preserving work profile or container that separates personal and corporate data.
5.0
Comprehensive BYOD support with per-device enrollment flexibility.
4.0
Self-service enrollment portal with BYOD blueprints; supports User Enrollment on Apple with privacy separation.
——
3.0
BYOD supported via Jamf Connect for macOS, iOS via Self Service
————
4.0
BYOD support with Company Portal and conditional enrollment policies.
4.0
BYOD support for iOS, Android, Windows, macOS
4.0
Self-enrollment portal for BYOD scenarios. Users access portal, authenticate with company credentials, and install MDM profile. Android work profile separates personal and corporate data.
4.0
Full BYOD support with work profile separation on Android and iOS.
4.0
User Portal enrollment for iOS personal devices; Android EMM via QR code and Device Policy app.
——
4.0
Full BYOD with Android work profile; selective wipe capability; light security controls for user privacy.
——
4.0
BYOD support with MaaS360 Container for secure app management.
2.0
BYOD support for iOS and macOS
————
2.0
BYOD enrollment supported on supported platforms with work profile separation on Android.
———
3.0
BYOD support for iOS and macOS with work profile containment.
————
Windows Autopilot
Microsoft's zero-touch provisioning for Windows devices. Transforms the out-of-box experience into a managed deployment, automatically joining Azure AD and applying policies without IT hands-on setup.
5.0
Windows Autopilot integration for seamless deployment.
4.0
Windows Autopilot zero-touch provisioning supported with automatic policy and app deployment. Source: iru.com/resources/device-management/windows.
—————
0.0
——————
5.0
Windows Autopilot provides best-in-class zero-touch enrollment for Windows devices.
4.0
Windows Autopilot enrollment
4.0
Windows Autopilot support for Windows 10/11. Automatic enrollment upon initial startup with minimal manual intervention. Requires Endpoint Central UEM edition.
4.0
Windows Autopilot support for zero-touch Windows device enrollment.
4.0
Autopilot enrollment for Windows 10/11; single-click admin activation for automatic enrollment.
—————
4.0
Windows Autopilot integration for Windows 10/11 with Entra ID. Source: miradore.com/knowledge/windows.
—————
4.0
Windows Autopilot supported for zero-touch Windows enrollment.
0.0
——————
0.0
Windows Autopilot not supported as NinjaOne MDM does not cover Windows enrollment.
———
0.0
Windows Autopilot not supported; Addigy focuses on Apple ecosystem.
————
App Management
4.6
4.4
3.3
4.4
3.8
4.3
4.1
3.9
4.1
3.6
2.1
2.1
2.0
App Blocklisting / Allowlisting
Control which apps can be installed or launched on managed devices. Create allowlists of approved apps or blocklists of prohibited apps with compliance actions for violations.
5.0
App restriction and blocklist enforcement.
4.0
Restrictions profile with blocklist/allowlist; Auto Apps prevents unapproved use; app lock for maximum restriction.
——
4.0
Block apps via restrictions
————
4.0
App restriction and blocklist policies across platforms.
4.0
App blocking and whitelisting
5.0
App allowlisting and blocklisting with gradual enforcement (notify then uninstall). Periodic device scans for app classification. Manages pre-installed, user-installed, and enterprise apps.
4.0
Application blocklist and allowlist policies across all supported platforms.
4.0
Allowlist (default deny) and blocklist modes; Windows Application Restriction; macOS Santa binary control.
——
4.0
Blocklist/allowlist for iOS and Android; iOS blocks system apps (except Settings/Phone); Samsung both modes.
————
4.0
App restriction and blocklist policies.
3.0
App blocking and whitelisting
————
2.0
Block installation of specific apps or restrict access to managed devices.
———
2.0
App blocklist and allowlist policies for iOS and macOS.
————
App Catalog / Enterprise App Store
Self-service portal where users browse and install approved applications. Curates the enterprise app experience and streamlines software distribution with optional approval workflows.
5.0
Comprehensive managed app catalog with self-service portal.
5.0
Self Service app library; 200+ Auto Apps pre-packaged for Mac/Windows; VPP, Google Play distribution.
——
5.0
In-house and public app catalog management
————
4.0
Managed app catalogs with self-service installation across platforms.
4.0
App catalog and distribution
5.0
On-demand self-service app catalog. Integration with Apple ABM, Managed Google Play, Chrome Web Store, and Windows Business Store. Enterprise app publishing supported.
4.0
Built-in app catalog with App Store, Play Store, and Windows Store integration.
4.0
JumpCloud App Catalog for macOS/Windows with curated apps; Managed Google Play for Android; auto-update.
——
4.0
Integration with Apple AppStore, ABM, Managed Google Play, Microsoft Store; app lifecycle management.
——
4.0
Managed app catalog with self-service portal.
3.0
App catalog and distribution
————
2.0
Built-in app catalog for rapid app deployment; integrates with App Store, Play Store.
———
3.0
Prebuilt App catalog with community-maintained app definitions for macOS.
————
App Configuration (Managed App Config)
Push application settings to managed apps using the AppConfig standard (iOS) or managed configurations (Android). Automates app setup without end-user configuration.
4.0
App configuration policies for iOS and Android.
4.0
AppConfig XML dictionaries for app settings; strong iOS support, limited Android/macOS.
——
4.0
Mobile App Configuration Protocol (MCM) support
————
4.0
App configuration policies for iOS and Android managed apps.
3.0
Mobile App Configuration Protocol (MCM) support
4.0
AppConfig framework support for iOS. Managed Google Play app configuration for Android. Limited managed app config for Windows/macOS desktop apps.
4.0
App Configuration Framework for deploying app-specific settings across platforms.
4.0
AppConfig XML for iOS/Android; variable substitution ($username$, $emailAddress$); managed config for Android.
——
3.0
Managed app config for iOS and Google Play Android; key-value pairs, user-specific variables.
———
3.0
App configuration policies for iOS and Android.
2.0
Mobile App Configuration Protocol (MCM) support
————
2.0
App configuration framework for deploying app-specific settings and parameters.
———
2.0
App configuration framework for iOS and macOS applications.
————
Apple VPP / ABM App Distribution
Distribute apps through Apple Business Manager with device-based or user-based licensing. Enables organization-licensed deployment without requiring personal Apple IDs.
4.0
VPP support for iOS and macOS with volume licensing.
5.0
Full ABM Apps and Books integration; auto-converts unmanaged to managed apps; device-based licensing.
————
5.0
Apple Volume Purchase Program (VPP) integration
————
4.0
Volume Purchasing Program support for iOS and macOS enterprise licensing.
3.0
Apple Volume Purchase Program
4.0
Apple Business Manager (ABM) integration for device-based and user-based app licensing. Content tokens upload. Managed Apple ID support. Legacy VPP migration path.
4.0
Apple Volume Purchase Program integration for iOS and macOS app distribution.
4.0
Full VPP integration for macOS/iOS; bulk license purchasing and assignment; license reclamation.
————
5.0
Full VPP/ABM integration; license management, silent deployment; Premium required.
————
2.0
VPP support for iOS only.
4.0
Apple Volume Purchase Program integration
————
3.0
Apple Volume Purchase Program integration for iOS and macOS; no Android equivalent.
———
4.0
Apple Volume Purchase Program integration for iOS and macOS apps.
————
Managed Google Play Integration
Deploy and manage Android apps through Managed Google Play including private enterprise apps, web apps, and curated collections for Android Enterprise devices.
4.0
Google Play for Work app deployment.
4.0
Added post-Oct 2025; Google Play deployment for Android with zero-touch app distribution.
—————
0.0
——————
4.0
Google Play for Work integration with managed and unmanaged app deployment.
4.0
Google Play for Business integration
4.0
Managed Google Play integration for deploying public, private, and web apps. App approval workflow before distribution. Enterprise app repository support.
4.0
Google Play Store and managed Play integration for Android and ChromeOS apps.
4.0
Curated Managed Google Play Store; public, private, web apps; user-selectable or force-install modes.
—————
5.0
Full Managed Google Play Enterprise; silent deployment, app config, runtime permissions, store layout.
—————
4.0
Google Play for Work app management.
0.0
——————
3.0
Google Play Store and managed Google Play integration for Android app distribution.
———
0.0
Google Play not supported; Android platform not available.
————
Mobile Application Management (MAM)
Protect corporate data within apps on unmanaged/BYOD devices with app protection policies: copy/paste restrictions, encryption, selective wipe without full device enrollment.
5.0
Comprehensive MAM without enrollment across mobile and desktop.
4.0
App policy management; full iOS/iPad support, growing Android/Windows; container-based approach.
——
3.0
Mobile Application Management via containerization
————
5.0
Mobile Application Management without enrollment via Intune App Protection.
4.0
Mobile Application Management with sandboxing
3.0
Containerization for iOS and Android. Android work profile for BYOD. Copy/paste and sharing restrictions between managed and personal contexts. Limited app wrapping/SDK documentation.
4.0
Mobile Application Management with work profile containment on iOS and Android.
3.0
Modern MDM MAM; container-based management; selective corporate data wipe; mobile-focused.
——
4.0
Full MAM: deployment, config, security, updates; app-level isolation (iOS), work profile (Android).
——
4.0
Mobile Application Management via MaaS360 Container.
2.0
Mobile Application Management
————
2.0
Mobile Application Management available for iOS and Android; separates work apps on devices.
———
2.0
Mobile App Management for iOS with work container; macOS not applicable.
————
Silent App Installation
Install applications on supervised/managed devices without user interaction. Critical for ensuring required business apps are available immediately upon enrollment.
5.0
Silent/automatic app deployment and updates across platforms.
5.0
Auto Apps silently cache and install without user interruption; iOS apps deploy silently via MDM.
——
5.0
Silent/remote app installation
————
5.0
Silent/automatic app installation and updates via Intune.
4.0
Silent app installation
5.0
Silent app installation and removal without user interaction. License management and scheduled deployment options. Requires supervised mode for iOS.
5.0
Silent app installation across iOS, Android, Windows, macOS, and ChromeOS.
4.0
Android silent install via EMM; iOS via VPP/MDM; Windows needs vendor silent support.
——
4.0
Silent deployment via ABM (iOS), Managed Google Play (Android), direct install (Windows/macOS).
——
4.0
Silent app deployment and automatic updates.
3.0
Silent app installation
————
3.0
Silent app installation to user devices without requiring manual approval.
———
3.0
Silent app installation via MDM for iOS and macOS.
————
Win32 / LOB App Deployment
Package and deploy traditional Win32 desktop applications (.msi, .exe, .msix) and line-of-business apps with detection rules, dependency management, and supersedence.
5.0
Win32 application deployment via packaging.
4.0
Windows Win32/LOB deployment; macOS supports .pkg custom app packages.
————
0.0
——————
5.0
Win32/LOB application deployment via .intunewin packaging.
4.0
Win32 LOB app distribution for Windows
4.0
Windows MSI/EXE/MSIX and macOS DMG/PKG app deployment via MDM Plus. Linux software deployment requires Endpoint Central. Over 850 pre-built app templates available in Endpoint Central.
4.0
Windows Win32 LOB application deployment via MSI and EXE installers.
4.0
MSI via Private Repository, Chocolatey, Microsoft Store, WinGet, remote PowerShell; silent install required.
—————
4.0
MSI and Advanced (EXE) deployment; silent install parameters; 64-bit Windows 7+ support.
—————
4.0
Win32 application deployment on Windows.
0.0
——————
0.0
Win32 LOB app deployment not available; Windows MDM not supported.
———
0.0
Win32 LOB not supported; Windows platform not available.
————
Compliance & Security
4.3
3.9
4.1
3.6
3.8
4.4
3.4
3.4
2.9
3.1
2.4
1.8
1.8
Compliance Policy Engine
Define multi-condition compliance rules with automated remediation workflows. Non-compliant devices trigger configurable actions: notifications, resource blocking, selective wipe, or retirement.
5.0
Real-time compliance enforcement with 5-minute check cycles.
5.0
AI-powered compliance automation with adaptive evidence mapping; real-time compliance dashboards.
——
5.0
Comprehensive compliance reporting and remediation
————
4.0
Polling-based compliance (8hr default) with push notifications. Linux limited.
4.0
Compliance checking and remediation
5.0
Real-time compliance monitoring with automated remediation. Detects jailbroken/rooted devices, blocked apps, and policy violations. Configurable actions for non-compliant devices.
4.0
Robust compliance engine with automated remediation and detailed reporting.
4.0
Compliance Enforcement policies with remediation actions; SOC 2, ISO 27001, PCI DSS, HIPAA audit support.
—
4.0
Business policy engine with rule-based enforcement; tag-based scoping; GDPR-compliant; Premium required.
——
4.0
Compliance engine with real-time policy enforcement.
4.0
Compliance checking with CIS and NIST templates
————
2.0
Basic compliance engine with policy evaluation; simpler than Jamf or Intune.
———
2.0
Basic compliance engine with custom fact checks and automated remediation.
————
Data Loss Prevention (DLP)
Prevent sensitive data leakage through clipboard restrictions, managed open-in policies, screenshot blocking, and content inspection between managed and unmanaged contexts.
2.0
Data Loss Prevention via Windows Defender and macOS policies.
3.0
Third-party DLP integration (SURF Security); Iru EDR provides data protection; strongest on Mac/Windows.
——
3.0
Data Loss Prevention policies via restrictions
————
1.0
DLP available via Defender for Endpoint on Windows; not native to Intune.
3.0
Data Loss Prevention policies
3.0
Work profile prevents corporate data transfer to personal apps. Restrictions on Bluetooth, NFC, Wi-Fi Direct, USB sharing. Managed open-in for iOS. Limited desktop DLP controls.
0.0
Data Loss Prevention not available in core Hexnode UEM.
1.0
No native DLP; relies on least-privilege access control rather than data exfiltration prevention.
—
1.0
No specific DLP features (USB control, storage blocking, exfiltration prevention) documented. Work profiles provide data separation only.
——
0.0
DLP not natively available.
0.0
No built-in DLP
————
0.0
Data Loss Prevention not available in NinjaOne MDM.
———
0.0
Data Loss Prevention not available in Addigy.
————
Encryption Enforcement
Require and verify device-level encryption: BitLocker (Windows), FileVault (macOS), native encryption (iOS/Android). Securely escrow recovery keys in the management console.
5.0
Device encryption enforcement across all platforms.
4.0
FileVault on macOS fully documented. BitLocker referenced in general context but no dedicated support article found. iOS encryption native.
——
5.0
Enforce disk encryption and data protection
————
5.0
Device encryption enforcement and verification.
4.0
Encryption enforcement
5.0
Device-level encryption enforcement. BitLocker for Windows, FileVault for macOS, native encryption for iOS/Android. Storage and SD card encryption for Android.
5.0
Device encryption enforcement across all platforms with policy controls.
Full-disk encryption: BitLocker, FileVault; recovery key storage in Miradore; auto enforcement.
——
5.0
Device encryption enforcement.
4.0
Encryption enforcement
————
3.0
Device encryption enforcement with FileVault 2 on macOS and native encryption on mobile.
———
3.0
Device encryption enforcement via FileVault for macOS.
————
Geofencing Compliance
Define geographic boundaries that trigger compliance actions when devices enter or leave designated areas. Enables location-based security and regulatory compliance.
3.0
Geofencing support on iOS and Android with compliance triggers.
3.0
iOS Lost Mode with 15-min updates; conditional access geofencing; limited Android/Mac support.
———
3.0
Location-based device policies
————
0.0
Native geofencing not available; requires third-party integration.
5.0
Geofencing and location-based policies
3.0
Geofencing for iOS and Android with compliance actions when devices enter/leave designated areas. Geo-tracking and location history available in Lost Mode.
3.0
Geofencing with location-based policy triggering on iOS and Android devices.
Location tracking for iOS/Android (Premium). No geofencing with boundary-based alerts or automated actions.
————
0.0
Geofencing not natively available.
1.0
Limited geofencing support
————
0.0
Geofencing not natively supported in NinjaOne MDM.
———
0.0
Geofencing not natively supported in Addigy MDM.
————
Jailbreak / Root Detection
Detect jailbroken iOS or rooted Android devices that compromise the platform security model. Automatically trigger compliance actions including access revocation and data wipe.
5.0
Jailbreak and root detection with enforcement actions.
Jailbreak/root detection and enforcement across mobile platforms.
4.0
Jailbreak/root detection
5.0
Detects jailbroken iOS and rooted Android devices during and after enrollment. Automatic removal from management upon detection. Continuous scanning capability.
—
4.0
Jailbreak/root detection and remediation on iOS and Android.
4.0
JumpCloud Protect evaluates device integrity and jailbreak detection via Mobile Device Trust framework.
—
3.0
Detection capabilities documented; monitoring and alerting supported; limited implementation details.
————
4.0
Jailbreak and root detection enforcement.
4.0
Jailbreak detection
————
3.0
Jailbreak/root detection and remediation with optional automatic unenrollment.
———
3.0
Jailbreak detection for iOS and root detection for macOS.
————
Remote Wipe (Full Device)
Erase all data and restore factory defaults remotely. Critical incident response for lost, stolen, or decommissioned devices to prevent organizational data exposure.
5.0
Full device wipe capability across all platforms.
5.0
EACS command for Apple; full device wipe for Android/Windows; Return to Service option on Apple.
——
5.0
Full device wipe capability
————
5.0
Full device wipe capability across enrolled devices.
4.0
Full device wipe
5.0
Complete factory reset for lost/stolen/decommissioned devices. Restores device to out-of-box state. Includes malware remediation scenarios.
5.0
Full device wipe with optional PIN/passcode requirement across all platforms.
4.0
Erase device MDM command; protected wipe for Windows; immediate obliteration for macOS volumes.
—
4.0
Full device wipe on managed Android/Windows; factory restore; instant execution.
——
5.0
Full device wipe capability.
4.0
Full device wipe
————
3.0
Full device wipe capability with optional PIN/passcode requirement for security.
———
3.0
Full device wipe capability with security controls.
————
Selective / Corporate Wipe
Remove only corporate data, managed apps, and MDM profiles while preserving personal content. Essential for BYOD offboarding and maintaining employee trust.
5.0
Selective data wipe of corporate content across platforms.
Retire action removes corporate data, managed apps, and MDM enrollment across iOS, Android, Windows, and macOS while preserving personal content. Core capability for BYOD offboarding and compliance remediation.
3.0
Selective data wipe
5.0
Remove only corporate data, profiles, and managed apps. Preserves personal contacts, photos, and apps. Essential for BYOD offboarding and employee transitions.
4.0
Selective wipe of managed data and applications without personal data loss.
3.0
Corporate data selective wipe for iOS/Android; Windows/macOS support full device wipe only.
——
4.0
Selective wipe removes only corporate data; via unenrollment; ideal for BYOD scenarios.
——
4.0
Selective Wipe available across iOS, Android, Windows, and macOS per IBM device actions documentation. Removes corporate data and managed apps while preserving personal content on BYOD devices.
2.0
Selective wipe capability
————
3.0
Selective wipe of managed data and work profiles without affecting personal data.
———
3.0
Selective wipe of managed data without affecting personal data.
————
Threat Defense Integration (MTD/EDR)
Integrate with Mobile Threat Defense or EDR solutions to share risk signals. Enables threat-informed conditional access and proactive security response.
4.0
Integration with threat detection and endpoint response solutions.
4.0
Iru EDR for Mac/Windows with behavioral analysis; iOS/Android via third-party MTD APIs.
——
3.0
Integration with Jamf Protect endpoint security
————
5.0
Defender for Endpoint MTD integration on mobile and Windows platforms.
3.0
MTD/EDR integration capability
4.0
Check Point Harmony Mobile integration for mobile threat detection. Endpoint Central includes EDR for Windows with DeepAV, behaviour detection, and ransomware prevention engines. Log360 SIEM for XDR.
2.0
Mobile Threat Defense integration available via Check Point Harmony Mobile for iOS and Android. Threat signals can trigger compliance actions. Windows/macOS EDR integration not documented.
4.0
CrowdStrike Falcon EDR/XDR integration; Falcon for Mobile MTD for Android/iOS; cross-OS visibility.
—
1.0
No explicit MTD/EDR integration; compliance monitoring and policy enforcement only.
——————
3.0
Watson AI Advisor with threat detection analytics.
0.0
No native MTD/EDR integration
————
0.0
Mobile threat defense and EDR not natively integrated; RMM has some EDR for Windows/macOS.
———
0.0
Mobile threat defense and EDR not natively integrated.
————
OS Update & Lifecycle
4.3
3.7
3.2
3.7
4.0
1.7
3.2
3.7
3.5
2.2
2.5
1.5
1.5
Android OS Update Control
Manage Android OS updates through system update policies, maintenance windows, and freeze periods. Effectiveness varies by OEM, carrier, and Android Enterprise mode.
3.0
Android update management through device admin and enterprise policies.
2.0
Visibility into outdated OS versions only; no direct update control. Android updates follow manufacturer schedules. Source: iru.com/resources/device-management/android.
—————
0.0
——————
2.0
Android updates limited to policy recommendations; OEM-dependent implementation.
4.0
Android OS update and security patch management
3.0
Android system update policies including automatic, windowed, and postpone modes. Freeze periods supported for managed devices.
3.0
Android OS update management with OEM-dependent deferral support.
4.0
Android System Updates Policy: OTA updates for fully managed/dedicated devices. Default, automatic, windowed, postpone (30 days), and freeze period modes. Android 6.0+. Source: jumpcloud.com/support/create-an-android-system-updates-policy.
—————
3.0
System update management for Android 8+ Device Owner mode; automated non-intrusive updates; Premium required.
Android update management varies by OEM; basic system update control available.
———
0.0
Android not supported; Addigy does not cover Android platforms.
————
Firmware / Driver Updates
Manage firmware and driver updates for device hardware including BIOS/UEFI updates and peripheral firmware. Primarily relevant for Windows devices and specialized hardware.
3.0
Windows firmware updates via Device Firmware Configuration Interface.
2.0
macOS firmware managed via Apple OS updates. No Windows/Android firmware or driver management.
———
4.0
iOS firmware and Apple TV updates
————
3.0
Windows firmware updates managed through Device Firmware Configuration Interface.
5.0
Firmware updates for rugged devices (Zebra, Honeywell, etc.)
0.0
Not available in MDM Plus standalone. BIOS/UEFI, driver, and firmware updates require ManageEngine Endpoint Central.
0.0
Firmware updates not directly managed via MDM across platforms.
2.0
Chrome browser patching included. OS-level driver updates via Windows patch policies. Android and Linux firmware management not confirmed.
—
2.0
Windows driver/firmware in patch management; Android limited to OEM system updates.
————
0.0
Firmware updates not supported.
3.0
Apple firmware updates
————
0.0
Firmware updates not directly managed via MDM; device-specific.
———
0.0
Firmware updates not directly managed; device-specific.
————
iOS/iPadOS Update Management
Control iOS and iPadOS software update deployment with version pinning, deferrals, scheduling, and forced installation via DDM or MDM commands.
5.0
iOS updates via Declarative Device Management with deferral.
5.0
Managed OS with automatic enforcement or minimum version; supports deferral restrictions and countdown timer.
—————
5.0
iOS/iPadOS update management with deferral options
—————
4.0
iOS/iPadOS updates via Declarative Device Management with deferral options.
4.0
iOS update management
4.0
iOS/iPadOS OS update scheduling and control. Defer updates, push specific versions to supervised devices. Scheduled update deployment windows.
4.0
iOS/iPadOS update scheduling with deferral windows and enforced update policies.
4.0
OS patch management with update visibility/install controls; deferral options; auto upgrade enforcement.
iOS update management with ability to force OS updates or defer by specific days.
———
3.0
iOS update management with deferral and forced update capabilities.
————
macOS Update Management
Manage macOS software updates including major versions, security patches, and Rapid Security Responses. Supports DDM-based management, deferrals, and nudge-style notifications.
5.0
macOS updates with Declarative Device Management and deferral.
5.0
Flagship Managed OS for macOS; automatic enforcement, beta release control, 30-min countdown before forced install.
—————
5.0
macOS update management with deferral and staged rollout
—————
4.0
macOS updates via Declarative Device Management with version deferral.
3.0
macOS update management
0.0
Not available in MDM Plus standalone. macOS software update management requires ManageEngine Endpoint Central (full UEM product).
4.0
macOS Software Update management with deferral and scheduling policies.
4.0
Automated macOS patch management with deployment rings; version tracking; auto upgrade enforcement.
—————
4.0
Patch management for 100+ products; system update delay control (10.13+); major/minor delays (11.3+).
—————
3.0
macOS update management.
4.0
macOS update management with deferral
—————
2.0
macOS update management via RMM integration; MDM component has limited native update control.
———
3.0
macOS OS update management with deferral and scheduling controls.
————
Update Deferral & Scheduling
Granular deferral controls and maintenance windows for all OS update types. Prevents disruption during business hours while maintaining security patch compliance.
5.0
Update deferral available across all platforms.
4.0
iOS Software Update Deferral restriction; macOS Managed OS with flexible deferral; Windows configurable periods.
——
5.0
Deferral of OS updates with security grace periods
————
4.0
Update deferral available for iOS, Windows, macOS; Android limited by OEM.
4.0
Update deferral and scheduling
3.0
Update scheduling and deferral for iOS, Android, and ChromeOS. Windows/macOS update deferral requires Endpoint Central.
4.0
OS update deferral with configurable windows across iOS, Android, Windows, and macOS.
4.0
OS patch policies with deferral and scheduling; deployment rings control timing; sane defaults provided.
—
4.0
macOS up to 90-day deferral; Android system update policies; Windows scheduling and piloting.
——
3.0
Update deferral available on iOS, Windows, macOS.
4.0
OS update deferral
————
2.0
iOS and macOS support deferral windows; Android deferral limited by OEM fragmentation.
———
3.0
iOS and macOS update deferral with configurable windows.
————
Windows Update Management
Control Windows updates via Windows Update for Business (WUfB), update rings, and feature/quality update deferrals. Integrates with or replaces traditional WSUS.
5.0
Windows Update for Business with deployment ring management.
4.0
Schedules quiet updates, prompts users, and enforces when needed; supports deferral and staged rollout.
—————
0.0
——————
5.0
Windows Update for Business integration with deferral and ring deployment.
4.0
Windows update management including legacy IoT
0.0
Not available in MDM Plus standalone. Windows patch management requires ManageEngine Endpoint Central (full UEM product).
4.0
Windows Update for Business integration with deferral and scheduling controls.
Windows update management not available; NinjaOne handles this via RMM, not MDM.
———
0.0
Windows not supported; Addigy is Apple-only platform.
————
Reporting & Visibility
5.0
4.3
4.8
4.3
3.8
4.3
4.2
3.7
3.3
3.7
2.5
2.5
2.5
App Usage Analytics
Track app deployment status, installation success rates, and license utilization. Identify underused licenses, failed deployments, and shadow IT across the fleet.
5.0
Detailed app deployment and usage analytics.
3.0
Prism reporting provides app inventory; installed apps per device; analytics more limited than dedicated UEM.
——
4.0
App usage and analytics reporting
————
4.0
App deployment and usage analytics via Microsoft 365 reports.
3.0
App usage analytics
3.0
App deployment status tracking and installation success rates. App inventory per device. License utilization tracking for VPP apps. Limited deep usage analytics.
3.0
Application deployment analytics and usage tracking across platforms.
Application deployment analytics for iOS and macOS.
————
Audit Logging
Immutable logs of all admin actions, policy changes, enrollment events, and compliance state transitions. Supports security investigations and regulatory audit trails.
5.0
Comprehensive audit logging for compliance and forensics.
4.0
Automated auditing for compliance; logs admin actions and device changes; Sumo Logic/SIEM integration.
——
5.0
Comprehensive audit logging of admin actions
————
5.0
Audit logs for admin actions and policy changes via Intune audit logs.
4.0
Audit logging of all actions
4.0
Action Log Viewer for auditing all admin actions. Remote session reason logging. Enrollment and compliance state change tracking.
4.0
Comprehensive audit logging of all admin actions and device activities.
Audit logging for admin actions and policy changes.
3.0
Audit logging of admin actions
————
3.0
Comprehensive audit logging of admin actions and device activities.
———
3.0
Comprehensive audit logging of admin and device activities.
————
Compliance Reporting
Detailed reports on compliance status, policy violations, remediation actions, and trends over time. Supports audit readiness, dashboards, and regulatory reporting.
5.0
Real-time compliance reporting with remediation tracking.
Custom report builder for tailored compliance and inventory reports.
———
2.0
Custom report builder for compliance and inventory.
————
Device Inventory Dashboard
Comprehensive fleet overview showing hardware details, OS versions, storage, battery health, enrollment status, and last check-in across all managed devices.
5.0
Comprehensive fleet inventory dashboards with Intelligence Platform.
5.0
Consolidated device view with quick filtering, exports, and searchable attributes.
——
5.0
Real-time inventory and device dashboard
————
5.0
Device inventory and fleet overview dashboards in Intune admin center.
4.0
Device inventory and dashboard
5.0
Comprehensive mobile asset management from central console. Granular device details, warranty tracking, IMEI, owner details. Custom field upload. Real-time device status with periodic scans.
5.0
Comprehensive multi-platform inventory dashboard with real-time device visibility.
4.0
System Insights with hourly hardware/software collection; vendor, model, serial, custom fields.
—
4.0
Comprehensive dashboard with hardware/software inventory, OS versions, compliance status.
——
4.0
Fleet inventory and status dashboards.
3.0
Device inventory and dashboard
————
3.0
Unified inventory dashboard combining RMM and MDM device data.
———
3.0
Inventory dashboard with iOS and macOS device visibility.
————
Real-Time Device Status
Monitor device online/offline state, battery level, storage capacity, and policy sync status in real time. Enables proactive management and rapid incident response.
5.0
Real-time device status with Intelligence Platform integration.
Real-time device status via polling (default 8hr interval).
4.0
Real-time device status
5.0
Centralised dashboard with real-time device monitoring. Battery level, storage capacity, online/offline state, and last check-in tracking.
5.0
Real-time device status and policy compliance dashboards.
4.0
System Insights real-time inventory and status; hourly updates; device posture and compliance.
—
3.0
Dashboard real-time overview; push-based status updates; limited sub-second granularity.
——
4.0
Real-time device status visibility.
3.0
Real-time device status
————
3.0
Real-time device status and policy compliance visibility.
———
3.0
Real-time device status and policy compliance visibility.
————
Remote Actions & Support
4.7
4.3
4.2
3.7
4.0
2.8
4.0
4.0
3.2
2.7
1.3
2.0
3.2
Custom Script Execution
Deploy and run custom scripts (Bash, PowerShell, Python, shell) on managed devices. Extends management beyond built-in actions for advanced automation and remediation.
5.0
Custom script execution on Windows, macOS, and Linux platforms.
4.0
Custom Scripts Library executes as root on macOS; Windows agent supports scripts; iOS/Android limited.
———
5.0
Custom Bash/Python script execution on macOS
————
3.0
PowerShell scripts for Windows, shell scripts for macOS; Linux compliance scripts only.
4.0
Custom script execution on Android, Windows, macOS, Linux
0.0
Not available in MDM Plus standalone. Custom script deployment (PowerShell, Bash, Shell) requires ManageEngine Endpoint Central.
4.0
Custom script execution for Windows (PowerShell), macOS (Bash), and Linux (Python/Bash).
macOS scripting and Windows PowerShell/batch script execution documented. Source: miradore.com/knowledge/windows/how-to-deploy-apps-and-scripts-to-windows-devices.
————
1.0
Limited custom scripting; Windows batch support only.
2.0
Custom scripts for macOS only
————
2.0
Custom script execution available for macOS via RMM agent.
———
3.0
Custom script execution for macOS via Bash.
————
Remote Device Restart
Remotely restart or shut down managed devices to apply updates, clear hung processes, or recover unresponsive endpoints like kiosks and signage devices.
5.0
Remote restart across Windows, macOS, and Linux.
5.0
Restart with configurable countdown (default 30 min); force restart option; all platforms supported.
——
4.0
Remote restart capability
————
4.0
Remote restart capability for Windows and macOS devices.
3.0
Remote restart capability
3.0
Remote restart for iOS and Android managed devices. Windows/macOS remote restart and wake-on-LAN require Endpoint Central.
4.0
Remote restart capability for Android, Windows, macOS, and Linux.
4.0
Remote restart with immediate enforcement; scheduled via deployment rings.
—
3.0
Reboot for Android Fully Managed (2.5.0+) and Windows 10/11 documented. macOS supported. iOS remote restart not confirmed.
——
3.0
Remote restart available for Windows devices.
0.0
No remote restart
————
2.0
Remote restart capability for Android and macOS devices.
———
2.0
Remote restart capability for macOS.
————
Remote Lock
Immediately lock a device with a passcode from the management console. First-response action for lost or stolen device reports to prevent unauthorized access.
5.0
Remote lock across all platforms.
5.0
Lock Device generates 6-digit PIN; supported on all platforms; immediate execution.
——
5.0
Remote device lock with custom message
————
5.0
Remote device lock capability across all supported platforms.
4.0
Remote lock with custom message
5.0
Immediate remote device locking with passcode requirement. Custom message and contact number display on iOS. Remote alarm capability for locating devices.
5.0
Remote lock with custom message across iOS, Android, Windows, macOS, and Linux.
Immediate device lock across all platforms; prevents misuse of lost/stolen devices.
——
5.0
Remote device lock across platforms.
3.0
Remote lock with message
————
3.0
Remote lock with optional custom message display on device screen.
———
3.0
Remote lock with optional message display.
————
Remote Screen View / Share
View a remote device screen in real time for troubleshooting and guided support. May require user consent depending on supervision level and privacy regulations.
4.0
Workspace ONE Assist provides integrated remote view and control for Android, Windows, and macOS. iOS supports remote view only (Apple platform restriction prevents remote control). No additional third-party licensing needed.
4.0
Native VNC on macOS; iOS Lost Mode location view; third-party integrations (TeamViewer, Splashtop).
——
3.0
Remote screen sharing via Jamf Remote (macOS)
————
3.0
Remote Help provides screen sharing and remote control for Windows and macOS. Android support available but constrained to dedicated device modes and select OEMs (Samsung, Zebra). Requires Intune Plan 2 or standalone add-on license.
5.0
Remote screen view via XSight (built-in, not add-on)
3.0
iOS view-only screen sharing. Full remote view and control for Android (fully managed devices). Windows/macOS remote desktop requires Endpoint Central or Zoho Assist add-on.
2.0
Screen view/remote desktop available for Android devices via Hexnode Remote.
Remote support via TeamViewer integration for Android remote view/control, Windows, and macOS. iOS remote view available through TeamViewer but limited by Apple platform restrictions. Requires TeamViewer licensing.
0.0
No remote screen view
————
0.0
Screen view/remote desktop not available in MDM; available via RMM for macOS.
———
4.0
LiveDesktop: Real-time screen sharing for macOS management.
————
Remote Terminal / Shell
Open a command-line session on remote devices for advanced troubleshooting. Execute commands and resolve issues without physical device access.
4.0
Remote terminal/shell execution on Windows, macOS, and Linux.
3.0
Kandji Agent CLI on macOS; Custom Script Library for root-level execution; Windows limited.
————
3.0
Remote terminal access for macOS
————
2.0
Remote terminal via custom PowerShell/shell scripts on Windows/macOS.
No remote terminal/shell access; admin commands via console UI only.
——————
0.0
Remote terminal not available.
0.0
No remote terminal
————
2.0
Remote terminal available for macOS via integrated RMM agent only.
———
4.0
LiveTerminal: Real-time shell access for macOS command execution.
————
Remote Wipe (Action)
Initiate a full device wipe from the admin console to permanently erase all data. Used for decommissioning, confirmed theft, or irrecoverable compliance violations.
5.0
Remote full and selective wipe actions.
5.0
Erase Device action; EACS for Apple, Return to Service option; full wipe for Android/Windows.
——
5.0
Remote wipe action command
————
5.0
Remote full and selective wipe actions.
4.0
Remote wipe action
5.0
Full device wipe action from admin console. Factory reset for lost/stolen/decommissioned devices. Confirmation workflow before execution.
5.0
Immediate remote wipe action with audit trail across all platforms.
Full/selective wipe; factory restore (irreversible); selective removes corporate data only.
——
5.0
Remote wipe and selective data removal.
3.0
Remote wipe action
————
3.0
Immediate remote wipe action with audit trail.
———
3.0
Immediate remote wipe action with audit trail.
————
Targeting & Policy Logic
4.0
4.2
4.8
3.6
3.8
3.4
3.6
4.0
3.4
3.0
2.4
1.8
1.6
Device-Type Assignment
Apply configurations based on device model, manufacturer, form factor, or OS edition. Enables hardware-specific policies for kiosks, ruggedized devices, or shared endpoints.
5.0
Device type filtering for granular policy targeting.
5.0
Assignment Rules target by device type (iPhone, iPad, Mac, Windows, Android).
——
5.0
Device type targeting (iPad, iPhone, Mac, Apple TV)
————
5.0
Targeting by device type, platform, and ownership model.
4.0
Device type targeting
4.0
Policies based on device model, manufacturer, OS version, and ownership type (corporate vs BYOD). Supports kiosk/rugged device-specific configurations.
4.0
Device type filtering for phone, tablet, desktop, and shared device policies.
4.0
Device groups per OS type; policies assigned per platform; device-specific configuration.
—
4.0
Policy by OS type, device ownership (COPE/BYOD), management mode; conditional logic per category.
——
4.0
Device type filtering for policy assignment.
3.0
Device type targeting
————
2.0
Device type filtering for phone, tablet, shared device policies.
———
2.0
Device type filtering for phone, tablet, and Mac.
————
Dynamic / Smart Groups
Automatically group devices based on real-time attributes: OS version, compliance state, installed apps, hardware model. Groups update dynamically as conditions change.
5.0
Dynamic smart groups based on device and user attributes.
4.0
Tags with Assignment Rules and Maps enable conditional policy targeting; visual conditional logic.
——
5.0
Smart groups with 150+ criteria; best-in-class Apple targeting
————
4.0
Dynamic device groups based on device properties and compliance.
4.0
Dynamic smart groups for device targeting
4.0
Dynamic device groups based on OS, ownership type, compliance state, and device attributes. Auto-updating groups for policy targeting. Less granular than Jamf's 150+ criteria.
4.0
Dynamic smart groups with attribute-based rules and custom filters across platforms.
4.0
Attribute-driven dynamic groups; Contains/StartsWith/EndsWith operators; AND logic; auto-membership updates.
—
4.0
Dynamic asset groups auto-update from filters/reports; 24-hour interval; Azure AD/Google Workspace sync.
——
3.0
Dynamic groups based on device attributes.
3.0
Smart groups with basic criteria
————
2.0
Smart groups with limited rule-based targeting; less sophisticated than Jamf or Intune.
———
2.0
Basic smart groups with device type and user-based filtering.
————
Geo / Network-Based Targeting
Target policies based on location, IP range, Wi-Fi SSID, or network type. Delivers context-aware management that adapts to a device's environment.
0.0
Geographic/network targeting not natively available.
3.0
Geofencing via conditional access; location-based assignment; network-based targeting through policy conditions.
——
4.0
Network and geolocation-based targeting
————
0.0
Geolocation/network-based targeting not natively available.
4.0
Network and location-based targeting
2.0
Geofencing for compliance actions on iOS/Android. Basic network-based policies available. Less sophisticated than dedicated geo/network targeting in enterprise competitors.
2.0
Geographic location-based device targeting on iOS and Android.
Location tracking for iOS/Android (Premium) for reporting only. No location-based or network-based policy delivery.
————
0.0
Geographic/network targeting not available.
0.0
No network or geo targeting
————
0.0
Geographic or network-based targeting not available.
———
0.0
Geographic or network targeting not available.
————
Tag-Based Targeting
Assign custom tags or labels for flexible, admin-defined device categorization. Target policies, apps, and configurations to tagged groups beyond built-in attributes.
5.0
Flexible tag-based targeting for policies and apps.
5.0
Multi-value tag system used with Assignment Rules/Maps; organization-wide targeting mechanism.
——
5.0
Custom tag-based device and user targeting
————
4.0
Device tagging for fine-grained policy targeting.
4.0
Tag-based targeting
3.0
Custom grouping and categorization for devices. Admin-defined tags for flexible device targeting beyond built-in attributes. Department and location-based grouping.
4.0
Tag-based device and user targeting with custom tag hierarchies.
4.0
Attribute-based targeting for policies; dynamic group rules based on device attributes; flexible operators.
—
4.0
Tags for users/devices; automatic device tag inheritance; Business Policy scoping; auto-tagging at enrollment.
——
4.0
Tag-based device targeting and policy assignment.
3.0
Tag-based targeting
————
3.0
Tag-based device and user targeting for policy and app deployment.
———
2.0
Tag-based targeting for policy and app assignment.
————
User-Based Assignment
Target policies and apps to user groups rather than device groups. Ensures a consistent experience across all devices a user enrolls, regardless of platform.
5.0
User and group-based assignment with flexible scoping.
4.0
Directory integration enables centralized user-based assignment with automatic device assignment.
——
5.0
User-to-device assignment for policy targeting
————
5.0
Policy assignment to users, device groups, and combinations.
3.0
User-to-device assignment
4.0
User and group-based policy assignment via AD/Entra ID groups. Consistent experience across all devices enrolled by the same user.
4.0
User-based device assignment and policy targeting across platforms.
4.0
Policies assigned to user groups; device-to-user binding; group-based policy deployment.
—
4.0
Device-to-user assignment via directory sync; user-specific app/config deployment.
——
4.0
User and device group-based policy targeting.
3.0
User-to-device assignment
————
2.0
User-based device assignment and policy targeting.
———
2.0
User-based device assignment and targeting.
————
Identity & Directory
4.5
4.5
4.7
3.7
3.7
4.0
2.0
4.0
2.7
2.3
2.2
0.0
0.2
Azure AD / Entra ID Integration
Native integration with Microsoft Entra ID for identity-driven management, conditional access, and SSO. Foundation for zero-trust architectures in Microsoft environments.
4.0
Workspace ONE Access with Entra ID synchronization.
5.0
SCIM sync for user/group objects; native OIDC and SAML SSO; Passport for Mac login.
——
5.0
Microsoft Entra ID integration via Jamf Connect and conditional access
————
5.0
Native Entra ID integration with best-in-class conditional access.
4.0
Microsoft Entra ID integration
4.0
Azure AD / Entra ID integration for user sync, group-based targeting, and conditional access. Certificate-based authentication (CBA) with Azure AD supported.
3.0
Entra ID integration for Windows device enrollment and conditional access.
4.0
SSO with M365/Entra ID federation; SAML-based auth; Azure AD/Entra SSO for JumpCloud Vault; two-way sync.
—
4.0
Entra ID integration with user/group sync and Conditional Access policy enforcement. MFA and compliance checks supported. Source: miradore.com/knowledge/integrations/entra-id-integration.
—————
3.0
Entra ID integration via standard protocols.
2.0
Limited Entra ID support; primarily SAML/OIDC
————
0.0
Entra ID integration not available; NinjaOne is primarily directory-agnostic.
———
0.0
Entra ID integration not available; Addigy is Apple-focused.
————
Conditional Access Policies
Real-time access decisions based on device compliance, user identity, location, and risk signals. Gates access to corporate apps and data based on dynamic trust evaluation.
5.0
Workspace ONE Access with sophisticated conditional policies.
4.0
Assignment Maps provide conditional logic; Azure AD conditional access integration; location/network targeting.
——
5.0
Conditional Access partnership with Entra ID; smart group targeting
————
5.0
Native Entra ID Conditional Access with device compliance integration.
3.0
Conditional access policies
4.0
Azure AD Conditional Access integration. Conditional Exchange Access (CEA) for email. Device compliance-based access controls. Trust scoring concept for Zero Trust approach.
2.0
Windows Conditional Access through Entra ID integration.
Google Workspace OAuth 2.0 integration; syncs users and OUs; near real-time; no advanced directory features.
——————
3.0
Google Workspace for ChromeOS enrollment.
4.0
Google Workspace SSO and admin integration
————
0.0
Google Workspace directory integration not available.
———
0.0
Google Workspace integration not available.
————
Okta / Third-Party IdP
Connect to Okta, Ping Identity, OneLogin, or other SAML/OIDC identity providers for unified identity management across heterogeneous environments.
5.0
Third-party IdP support via SAML and OIDC.
5.0
SAML integration with Okta; Passport OIDC; 23 Okta Workflows connector cards for automation.
——
4.0
Okta and third-party IdP support via Jamf Connect
————
3.0
Third-party IdP via SAML/OIDC for Company Portal authentication.
4.0
Okta and third-party IdP support
3.0
SAML 2.0 integration with Okta, ADFS, Auth0 for admin console SSO. Limited device-level third-party IdP integration compared to cloud-native competitors.
0.0
Third-party identity provider integration like Okta not directly supported.
3.0
Third-party IdP integration via SAML/OIDC; documented with OpenVPN and various applications.
—
1.0
No Okta integration documented on miradore.com.
——————
3.0
Third-party IdP support via SAML.
3.0
Okta and third-party IdP via SAML/OIDC
————
0.0
Third-party identity provider integration like Okta not available.
———
0.0
Third-party identity provider integration like Okta not available.
————
On-Premises Active Directory
Connect to on-premises AD for user authentication, OU-based targeting, and hybrid identity scenarios. Supports LDAP sync or directory connectors for legacy infrastructure.
5.0
On-premises Active Directory with Hub Services for SSO.
3.0
AD CS Connector for certificates; no direct LDAP; primarily through cloud directory sync.
———
5.0
On-premises Active Directory integration via Jamf Connect
————
4.0
On-premises AD support via Entra ID hybrid join for Windows/macOS.
4.0
On-premises Active Directory integration
5.0
Deep on-premises Active Directory integration - a core ManageEngine strength. OU-based targeting, automatic user and group sync, LDAP with SSL support. Daily complete sync.
3.0
On-premises Active Directory integration via Azure AD Connect for device sync.
4.0
ADI import and sync agents; LDAPS support; extends AD to cloud or migrates away; two-way user/group/password sync.
—
3.0
Miradore Connector for AD; customizable LDAP queries, Secure LDAPS, multiple DCs; no password/group sync.
—————
0.0
On-premises AD not directly supported.
0.0
No native on-premises AD
————
0.0
On-premises Active Directory integration not directly supported in MDM.
———
0.0
On-premises Active Directory integration not available.
————
SAML / OIDC SSO
Single sign-on for the MDM admin console and end-user portals via SAML 2.0 or OpenID Connect. Reduces credential fatigue and enforces centralized authentication.
5.0
Full SAML 2.0 and OpenID Connect federation.
5.0
Both SAML and OIDC supported for console and Passport; native Azure AD, Okta, Google integrations.
——
5.0
SAML and OIDC for admin console and SSO
————
3.0
SAML and OpenID Connect support for identity federation.
4.0
SAML and OIDC authentication
4.0
SAML 2.0 authentication for Endpoint Central console and cloud portal. Azure AD, ADFS, Auth0 integration. Users login with single SSO credentials.
1.0
SAML/OIDC authentication for admin console available but not device enrollment.
4.0
Full SAML 2.0 SSO; custom SAML app connectors; OIDC support; federated SSO with SAMLP protocol.
—
2.0
SAML 2.0 SSO supported with Google Workspace and Azure AD. OIDC not documented. Source: miradore.com/knowledge/integrations.
——————
3.0
SAML and OpenID Connect identity federation.
4.0
SAML and OIDC for admin console and SSO
————
0.0
SAML/OIDC authentication not supported for device enrollment or user authentication.
———
1.0
SAML SSO available for admin console; not for device enrollment.
————
Integration & Extensibility
5.0
4.3
4.2
3.8
3.5
3.3
3.0
3.5
2.2
2.2
0.7
1.3
1.2
Automation Workflows
Built-in orchestration engine for multi-step if-this-then-that workflows. Chain remediation actions, approvals, notifications, and policy changes into automated sequences.
5.0
Best-in-class Freestyle Orchestrator with conditional logic and branching.
4.0
150+ pre-built automations; Okta Workflows with 23 connector cards; Assignment Rules/Maps for policy automation.
——
4.0
Automation workflows via events and webhooks
————
4.0
Power Automate integration for workflow automation and orchestration.
4.0
Automation workflows via webhooks and events
3.0
Scheduled deployments, compliance remediation automation, and app update policies. Limited general-purpose workflow engine compared to WS ONE Freestyle Orchestrator. AppCreator available as separate product.
4.0
Automation workflows for policy assignment, remediation, and device management.
4.0
Cloud server orchestration; scheduled/ad-hoc tasks; bulk remote commands; webhook-triggered workflows.
—
4.0
Business policies automate app/config deployment based on conditions; tag-based conditional automation.
Automation workflows for policy assignment and remediation via RMM/MDM integration.
———
3.0
Amplify: Overlay tool for advanced deployment workflows and automation.
————
Custom Connector / Plugin Framework
Extensibility model for custom integrations: marketplace, SDK, partner connectors, or integration hub. Determines how easily the platform fits unique enterprise toolchains.
5.0
Freestyle Orchestrator for multi-step automation workflows.
4.0
REST API enables custom connectors; Unified.to and Workato pre-built integration patterns.
——
4.0
Jamf Pro extensions framework
————
1.0
No native plugin framework; extensibility via Graph API.
3.0
Plugin/extension framework
2.0
REST API-based extensibility. No formal marketplace or plugin ecosystem. ManageEngine ecosystem offers 90+ IT management products with native integrations. Partner integrations available.
0.0
Plugin framework not available; limited third-party extensibility.
4.0
Extensible API framework; Workato, Tray.io connectors; custom workflow building.
—
2.0
REST API enables custom integrations; no documented plugin architecture or connector framework.
——————
0.0
No plugin framework available.
0.0
No plugin framework
————
0.0
Plugin framework not available; limited extensibility.
———
0.0
Plugin framework not available; limited extensibility.
————
REST API
Comprehensive programmatic interface for device queries, policy management, and bulk operations. Enables custom dashboards, CI/CD integration, and third-party connectivity.
5.0
Mature REST API with comprehensive endpoint coverage.
5.0
Comprehensive REST API (10,000 req/hr rate limit); full CRUD on devices and policies.
——
5.0
Comprehensive REST API (Jamf Pro API)
————
5.0
Comprehensive Microsoft Graph API for Intune management.
4.0
Comprehensive REST API
4.0
Comprehensive REST API following HTTP standards. Device queries, profile management, bulk operations. Extensive API documentation. No GraphQL support.
4.0
Comprehensive REST API for all MDM operations and integrations.
4.0
REST API v1.0/v2.0; event logs, user auth, device management; API key auth; RBAC.
—
4.0
REST API v2 with HTTPS; GET/PUT/POST/DELETE; X-API-Key auth; Swagger docs; CRUD operations.
——————
3.0
REST API available for device and policy management.
2.0
REST API (limited compared to Jamf)
————
2.0
REST API for programmatic device and policy management; improving but still limited.
———
2.0
REST API for device and policy management.
————
ServiceNow / ITSM Integration
Native or certified integration with ServiceNow and ITSM platforms. Automate incident creation, CMDB asset sync, and service catalog workflows from MDM events.
5.0
Certified ServiceNow integration for CMDB and ticketing.
5.0
Native ServiceNow integration via Import Set API; real-time device inventory sync; CMDB mapping.
——
3.0
ServiceNow integration available
————
4.0
ServiceNow CMDB connector available for device lifecycle management.
3.0
ServiceNow integration available
4.0
ServiceNow integration via certified plug-in app. Asset data sync with CMDB. Incident, change request, and problem management from ServiceNow. Also integrates with ManageEngine ServiceDesk Plus.
3.0
ServiceNow integration for ticketing, asset management, and CMDB sync.
1.0
SSO integration with ServiceNow via SAML documented. Native ITSM data sync (device inventory, incident creation) not confirmed.
—
1.0
ServiceNow mentioned generically as complementary ITSM, but no native integration or data sync documented.
——————
3.0
ServiceNow integration available.
0.0
No ServiceNow integration
————
2.0
ServiceNow integration via API for ticketing and asset management.
———
0.0
ServiceNow integration not available.
————
SIEM Integration
Forward security events and device logs to Splunk, Sentinel, QRadar, or other SIEM platforms for centralized threat monitoring and cross-source correlation.
5.0
SIEM integration via syslog and API for security analytics.
SIEM integration via Azure Log Analytics and Microsoft Sentinel.
3.0
SIEM integration capability
4.0
Native integration with ManageEngine Log360 SIEM. Third-party SIEM integration via REST APIs and syslog forwarding. Security event data for threat detection and incident investigation.
3.0
SIEM integration via syslog forwarding for centralized security monitoring.
4.0
Directory Insights SIEM-compatible logs; serverless app auto-polls API to S3; comprehensive logging.
—
1.0
No native SIEM integration or SIEM-specific log export documented.
——————
4.0
QRadar SIEM native integration (IBM advantage).
0.0
No SIEM integration
————
0.0
SIEM integration not available in NinjaOne MDM.
———
0.0
SIEM integration not available.
————
Webhooks / Event Notifications
Push real-time event notifications to external systems on enrollment, compliance changes, or security incidents. Triggers automation workflows without polling.
5.0
Webhooks for event-driven automation and real-time notifications.
4.0
Webhooks for instant updates; event-driven automation with third-party platform integration.
——
5.0
Webhooks for event notifications
————
4.0
Change notifications and webhooks via Microsoft Graph.
4.0
Webhooks for event notifications
3.0
Notification framework for enrollment, compliance changes, and security events. Integration with third-party systems via REST API callbacks. Less mature than dedicated webhook engines.
4.0
Webhook support for device lifecycle and policy compliance events.