| Push Wi-Fi network configurations, VPN profiles (including per-app VPN), and proxy settings to managed devices across platforms. | 5.0 Comprehensive Wi-Fi and VPN payload management including per-app VPN via Tunnel, certificate-based authentication, and proxy profiles. | 5.0 Full Wi-Fi and VPN profile deployment for macOS and iOS including per-app VPN, proxy PAC, and 802.1X configurations. | 4.0 Wi-Fi and VPN profiles for all managed platforms; supports per-app VPN and split tunnelling via Microsoft Tunnel. | 4.0 Wi-Fi and VPN configuration profiles across iOS, Android, Windows, and macOS with certificate-based auth support. | 5.0 Push Wi-Fi, VPN, and proxy configurations across all supported platforms with certificate-based authentication. | 5.0 Wi-Fi, VPN, and proxy profile deployment across all supported platforms including Linux and ChromeOS. | 4.0 Wi-Fi and VPN profile management for iOS, Android, Windows, and macOS with per-app VPN options. | 4.0 Wi-Fi and VPN profiles for Apple devices with certificate integration and 802.1X support. | 3.0 Basic Wi-Fi and VPN profile deployment for macOS and iOS via custom configuration profiles. | 3.0 Wi-Fi profile deployment for iOS and macOS; VPN configuration available through custom profiles. |
Email & Exchange Configuration Configure managed email accounts, Exchange ActiveSync, S/MIME certificates, and email restrictions on enrolled devices. | 5.0 Full Exchange ActiveSync and managed email account deployment with Boxer email client and S/MIME certificate support. | 5.0 Exchange and email account configuration for macOS Mail and iOS Mail with S/MIME support and per-message signing. | 5.0 Native Exchange Online and Exchange ActiveSync integration; Outlook app configuration with S/MIME and conditional access. | 4.0 Exchange ActiveSync configuration profiles with email containerisation for iOS and Android devices. | 4.0 Email and Exchange ActiveSync profiles with managed email account provisioning across platforms. | 5.0 Exchange ActiveSync, POP, and IMAP email account configuration with S/MIME support across platforms. | 4.0 Managed email configuration with MaaS360 Mail client containerisation and Exchange ActiveSync. | 4.0 Email configuration profiles for iOS and macOS Mail with Exchange and Google Workspace support. | 3.0 Basic email account configuration via custom profiles for macOS and iOS. | 2.0 Limited email configuration; primarily relies on custom profile deployment for mail settings. |
| Enforce device-level restrictions such as disabling camera, screenshots, USB, AirDrop, App Store access, and other OS-specific controls. | 5.0 Extensive restriction profiles across all platforms with 200+ configurable restrictions including USB, camera, screenshots, and app policies. | 5.0 Deep Apple-specific restrictions with 100+ toggles for macOS and iOS covering hardware, software, and media restrictions. | 4.0 Comprehensive device restriction profiles with platform-specific templates for Windows, iOS, Android, and macOS. | 4.0 Strong restriction policies with OEMConfig for granular Android device control and standard iOS/Windows restrictions. | 5.0 Extensive restriction library with 100+ device and app restrictions across iOS, Android, Windows, macOS, and ChromeOS. | 5.0 Broad restriction coverage across all supported platforms with granular control over hardware and software features. | 4.0 Standard restriction profiles for camera, screenshots, app installations, and OS-specific controls. | 4.0 Comprehensive Apple restriction profiles with macOS System Preferences controls and iOS restriction payloads. | 3.0 Apple restriction profiles available but fewer pre-built templates; relies more on custom profile deployment. | 3.0 Basic restriction policies for iOS and Android; Windows restrictions require RMM module. |
Custom Configuration Payloads Deploy custom MDM configuration profiles, OMA-URI settings (Windows), plist payloads (Apple), or OEMConfig (Android) for vendor-specific settings. | 5.0 Full custom profile support including OMA-URI for Windows, custom XML for Android OEMConfig, and Apple plist/mobileconfig payloads. | 5.0 Excellent custom profile support with mobileconfig upload, Configuration Profile Builder, and custom schema deployment. | 4.0 Custom OMA-URI policies for Windows, custom configuration profiles for iOS/macOS, and Settings Catalog with 2000+ settings. | 4.0 Custom payload deployment with OEMConfig for Android OEM settings and custom Apple configuration profiles. | 5.0 Custom configuration profiles with OEMConfig for Android, custom plist for Apple, and OMA-URI for Windows. | 4.0 Custom profile deployment across platforms with OEMConfig, custom XML, and mobileconfig support. | 3.0 Custom configuration profile upload for Apple devices; Android custom configurations via managed app config. | 4.0 Custom Apple configuration profile upload with property list editor for advanced macOS and iOS settings. | 3.0 Custom profile deployment via mobileconfig upload; custom Facts for device attribute collection. | 3.0 Custom profile deployment for Apple devices; limited Android custom configuration options. |
| Configure single-app or multi-app kiosk mode for dedicated devices, digital signage, point-of-sale, and shared-use scenarios. | 5.0 Full single-app and multi-app kiosk for iOS, Android, and Windows with Launcher for Android and Guided Access for iOS. | 4.0 iOS Single App Mode and Classroom app for iPad; macOS kiosk via custom scripts. No multi-app kiosk UI for iPad. | 4.0 Windows kiosk mode (single and multi-app), Android dedicated device mode, and iOS Guided Access configuration. | 4.0 SOTI Surf kiosk browser and Stage launcher for Android dedicated devices; iOS Single App Mode support. | 4.0 Kiosk mode for iOS, Android, and Windows with single-app, multi-app, and kiosk browser options. | 5.0 Standout kiosk capabilities across all platforms with Hexnode Kiosk Browser, single-app, and multi-app modes. | 4.0 Kiosk mode for iOS and Android with single-app lockdown and MaaS360 kiosk browser. | 3.0 iOS Single App Mode and limited kiosk configuration; primarily designed for general device management. | 2.0 Basic iOS Single App Mode support; limited kiosk/lockdown configuration options. | 3.0 Android kiosk mode with single-app and multi-app configurations; iOS Guided Access support. |
Apple ADE (Automated Device Enrollment) Zero-touch enrollment for Apple devices via Apple Business Manager, enabling automatic MDM enrollment during device setup without user intervention. | 5.0 Full ADE support for iOS/iPadOS and macOS with prestage enrollment customisation and skip-screen controls via Apple Business Manager. | 5.0 Industry-leading ADE integration with PreStage Enrollments offering granular skip-screen, authentication, and MDM module selection per device. | 4.0 Solid ADE support for iOS and macOS via Apple Business Manager; enrollment profiles support skip-screen and await configuration. | 4.0 Full ADE support with Apple Business Manager integration for iOS and macOS zero-touch enrollment. | 4.0 Apple Business Manager integration supports ADE for iOS and macOS with automated enrollment profiles. | 4.0 Complete ADE integration with Apple Business Manager for automated iOS and macOS enrollment. | 4.0 Apple DEP/ADE support through Apple Business Manager with supervised enrollment for iOS and macOS. | 4.0 Strong ADE support for Apple devices; Apple Business Manager integration is a core capability of the platform. | 3.0 Basic ADE support via Apple Business Manager; enrollment profiles are less customisable than competitors. | 3.0 ADE support for iOS and macOS via Apple Business Manager with standard enrollment profile options. |
Android Zero-Touch / Samsung KME Zero-touch enrollment for Android Enterprise devices and Samsung Knox Mobile Enrollment for automated corporate device setup. | 5.0 Full Android Zero-Touch Enrollment and Samsung KME support with Work Managed and Work Profile deployment options. | 0.0 Apple-only platform; no Android device management capabilities. | 4.0 Android Zero-Touch and Samsung KME supported; integrates with Android Enterprise for fully managed and dedicated devices. | 5.0 Best-in-class Android Zero-Touch and Samsung KME with deep OEMConfig support for Zebra, Honeywell, and Datalogic devices. | 4.0 Android Zero-Touch Enrollment and Samsung KME supported with Android Enterprise fully managed device profiles. | 4.0 Full Android Zero-Touch and Samsung KME integration for automated corporate device enrollment. | 4.0 Supports Android Zero-Touch Enrollment and Samsung KME for automated device provisioning. | 0.0 Apple-only platform; no Android device management capabilities. | 0.0 Apple-only platform; no Android device management capabilities. | 2.0 Basic Android enrollment support; limited Zero-Touch and KME integration compared to dedicated MDM solutions. |
| Cloud-based zero-touch provisioning for Windows devices, enabling IT to pre-configure devices that auto-enroll and configure on first boot. | 4.0 Windows Autopilot support with drop-ship provisioning; also offers Workspace ONE Drop Ship Provisioning as an alternative. | 0.0 Apple-only platform; no Windows device management capabilities. | 5.0 Native Windows Autopilot with pre-provisioning, self-deploying mode, and white glove deployment — the definitive Autopilot experience. | 4.0 Windows Autopilot integration for modern Windows deployment alongside traditional staging options. | 3.0 Basic Windows Autopilot support; Windows MDM enrollment available but less mature than Intune-native experience. | 3.0 Windows Autopilot integration available for automated Windows enrollment and provisioning. | 3.0 Windows Autopilot support with basic deployment profiles for cloud-based Windows provisioning. | 0.0 Apple-only platform; no Windows device management capabilities. | 0.0 Apple-only platform; no Windows device management capabilities. | 0.0 No Windows MDM capabilities; Windows management requires NinjaOne RMM (separate product). |
Bulk Enrollment & Staging Mass device enrollment using QR codes, NFC, tokens, CSV import, or staging workflows for deploying large numbers of devices simultaneously. | 5.0 Comprehensive staging with QR code, NFC, barcode, token, and CSV-based bulk enrollment across all supported platforms. | 3.0 Enrollment invitations via email/SMS and CSV import; bulk enrollment mainly through ADE or Configurator for Apple devices. | 3.0 Bulk enrollment via provisioning packages (PPKG), enrollment tokens, and device identifiers CSV import. | 5.0 Excellent staging capabilities with QR code, NFC, barcode scanning, and SOTI Stage launcher for rugged device deployment. | 3.0 Bulk enrollment via CSV import, QR codes, and email invitations with group-based enrollment profiles. | 4.0 QR code, email, SMS enrollment invitations and CSV-based bulk device import for mass provisioning. | 4.0 Bulk enrollment via QR code, email invitation, and Apple Configurator support for staging. | 2.0 Basic bulk enrollment through Apple Business Manager; limited staging capabilities beyond ADE. | 2.0 Enrollment links and Apple Configurator-based bulk enrollment; limited staging automation. | 3.0 Enrollment links and email invitations for bulk mobile device onboarding. |
BYOD / User-Initiated Enrollment Self-service enrollment flows for personal devices, including work profile separation, privacy controls, and user-driven onboarding. | 4.0 Intelligent Hub app provides polished BYOD enrollment with Android Work Profile and iOS User Enrollment with privacy separation. | 4.0 User-Initiated Enrollment via web portal and Jamf Self Service; supports Account-Driven User Enrollment for iOS BYOD. | 5.0 Best-in-class BYOD with MAM without enrollment (APP), Android Work Profile, and iOS User Enrollment — data protection without full MDM. | 3.0 BYOD enrollment available with Android Work Profile support; user experience less polished than consumer-friendly competitors. | 4.0 Self-enrollment portal with Android Work Profile and iOS User Enrollment; clear privacy separation for BYOD. | 4.0 User self-enrollment via link/QR with Android Work Profile and privacy-focused BYOD enrollment options. | 3.0 BYOD enrollment with Bring Your Own app and Android Work Profile; containerisation for personal device privacy. | 3.0 User-initiated enrollment via web link; BYOD support present but primarily designed for corporate-owned Apple devices. | 2.0 Basic web-based enrollment for user devices; limited BYOD-specific privacy separation features. | 3.0 Self-enrollment links for iOS and Android; basic BYOD support with user-initiated onboarding. |
App Store / Play Store Distribution Deploy public apps from Apple App Store, Google Play Store, and Microsoft Store to managed devices silently or on-demand. | 5.0 Silent app installation from all major stores with Workspace ONE UEM app catalog and managed Google Play integration. | 4.0 App Store deployment via VPP with silent installation on supervised devices; Mac App Store app management. | 5.0 Deploy from Apple App Store, Google Play, Microsoft Store, and winget with assignment targeting and required/available modes. | 4.0 App Store and Play Store deployment with silent installation for managed Android Enterprise devices. | 4.0 App distribution from all major stores with silent install capability on supervised iOS and managed Android. | 4.0 App Store, Play Store, and Microsoft Store app deployment with mandatory and optional installation modes. | 3.0 App catalog with store app deployment; managed Google Play integration for Android Enterprise. | 3.0 Apple App Store distribution with VPP; auto-app installation on supervised devices. | 2.0 App Store app deployment for iOS and macOS; limited silent installation capabilities. | 2.0 Basic App Store and Play Store app deployment; less mature than dedicated MDM solutions. |
Enterprise / In-House App Deployment Deploy internal line-of-business applications (IPA, APK, MSI, DMG, PKG) to managed devices with versioning and update management. | 5.0 Full enterprise app deployment for IPA, APK, MSI, DMG, PKG, and EXE with versioning, assignment rules, and delivery optimisation. | 4.0 PKG and DMG deployment for macOS via Jamf Admin; IPA deployment for iOS with version management. | 5.0 LOB app deployment for all formats (MSI, MSIX, IPA, APK) with Win32 app management and dependency chaining. | 4.0 Enterprise app deployment for APK, IPA, MSI with staged rollout and version tracking. | 4.0 LOB app distribution supporting APK, IPA, and enterprise certificate-signed apps with auto-update. | 4.0 Enterprise app deployment across platforms with IPA, APK, MSI upload and forced installation. | 3.0 Enterprise app hosting with IPA and APK deployment; Windows LOB app support via MSI. | 3.0 Custom app deployment for macOS (PKG/DMG) and iOS (IPA) with basic version management. | 2.0 Custom app deployment via Predefined Apps and custom scripts; PKG and DMG support for macOS. | 2.0 Limited in-house app deployment for mobile; macOS app deployment through custom scripts. |
| Manage app licenses through Apple Business Manager Volume Purchase Program for silent, license-revocable app distribution. | 5.0 Full VPP/ABM integration with device-based and user-based licensing, automatic license reclamation, and managed distribution. | 5.0 Excellent VPP management with volume license tracking, device-based assignment, and automatic license revocation. | 4.0 VPP token sync with Apple Business Manager; device and user-based licensing with license tracking. | 3.0 VPP support via Apple Business Manager integration; basic license assignment and tracking. | 4.0 VPP integration with Apple Business Manager for silent app deployment and license management. | 4.0 ABM/VPP integration with device-based and user-based licensing for iOS and macOS apps. | 3.0 VPP support through Apple Business Manager with license assignment and basic tracking. | 3.0 VPP/ABM app licensing with managed distribution for iOS and macOS devices. | 2.0 Basic VPP support via Apple Business Manager; limited license management capabilities. | 1.0 Minimal VPP integration; basic Apple Business Manager connection for app licensing. |
Managed App Configuration Push app-level configuration settings, restrictions, and managed open-in policies using AppConfig or Android managed configurations. | 5.0 Full AppConfig and Android managed configuration support with key-value pairs, app tunnelling, and per-app VPN settings. | 4.0 AppConfig support for iOS managed apps with configuration keys and managed open-in restrictions. | 4.0 App configuration policies for managed apps and managed devices with JSON-based settings deployment. | 4.0 Managed app configuration for Android Enterprise and iOS with AppConfig standard support. | 4.0 AppConfig and managed app configuration for iOS and Android with key-value pair deployment. | 4.0 Managed app configuration with AppConfig for iOS and managed configurations for Android Enterprise. | 3.0 App configuration via managed app settings; MaaS360 SDK for deeper app-level controls. | 2.0 Basic managed app configuration for iOS apps; limited AppConfig key-value deployment. | 2.0 Limited managed app configuration; relies on custom profiles for app-level settings. | 2.0 Basic managed app configuration for iOS; Android managed configurations support is minimal. |
| End-user-facing app portal where employees can browse and install approved applications on-demand without IT intervention. | 4.0 Workspace ONE Intelligent Hub serves as the self-service app catalog with categories, featured apps, and notification-driven installs. | 4.0 Jamf Self Service provides a polished app catalog for macOS and iOS with branding, categories, and bookmarks. | 4.0 Company Portal app serves as the self-service catalog across iOS, Android, Windows, and macOS. | 4.0 Enterprise App Store with categorised app catalog for self-service deployment on managed devices. | 4.0 App Catalog with self-service portal for end users to install approved apps across platforms. | 4.0 Self-service app catalog with Hexnode UEM app for on-demand application installation. | 3.0 MaaS360 App Catalog with limited customisation for end-user self-service app installation. | 2.0 Basic self-service through Mosyle Manager app; limited app catalog customisation. | 2.0 Prebuilt Apps community catalog with limited end-user self-service capabilities. | 2.0 No dedicated self-service app catalog; app deployment is admin-initiated only. |
Compliance Policies & Rules Define device compliance rules checking PIN strength, encryption status, OS version, jailbreak/root detection, and custom conditions. | 5.0 Industry-leading compliance engine with 5-minute check intervals, 30+ compliance rules, and automated escalation actions. | 4.0 Smart Groups drive compliance with criteria-based targeting; Jamf Protect adds security compliance posture monitoring. | 4.0 Comprehensive compliance policies with custom compliance scripts, grace periods, and non-compliance notifications. | 4.0 Compliance rules with jailbreak/root detection, password enforcement, and automated remediation actions. | 5.0 Extensive compliance rules with geo-fencing compliance, app-based compliance, and automated remediation workflows. | 4.0 Compliance policies for password, encryption, OS version, and app blacklist/whitelist enforcement. | 3.0 Standard compliance policies with Watson-powered compliance insights and automated actions. | 2.0 Basic compliance rules for Apple devices including passcode and encryption; CIS benchmark templates available. | 2.0 Compliance monitoring via custom Facts and Policies; less structured than dedicated compliance engines. | 2.0 Basic compliance checks for passcode and encryption on iOS and Android devices. |
Conditional Access / Zero Trust Enforce zero-trust access policies that block non-compliant devices from corporate resources like email, VPN, and cloud applications. | 5.0 Workspace ONE Access provides comprehensive conditional access with device compliance, network, and risk-based policies. | 4.0 Conditional Access via Microsoft Entra ID integration and Jamf Connect; compliance data shared with identity providers. | 5.0 Native Entra ID Conditional Access — the gold standard for zero-trust policy enforcement with compliance-driven access. | 3.0 Basic conditional access via compliance-driven email blocking and VPN restrictions. | 4.0 Conditional access for Exchange and corporate Wi-Fi based on compliance status. | 3.0 Compliance-based access control for email and corporate resources via gateway integration. | 3.0 Conditional access through compliance-driven policies and gateway integration for corporate resources. | 2.0 Limited conditional access; compliance-based restrictions for Apple device access to resources. | 1.0 No native conditional access; basic compliance alerting without automated resource blocking. | 1.0 No conditional access capabilities; compliance monitoring is informational only. |
| Enforce and manage device encryption including FileVault (macOS), BitLocker (Windows), and device encryption with key escrow and recovery. | 5.0 Full encryption management with FileVault key escrow, BitLocker management, and Android encryption enforcement. | 4.0 FileVault management with institutional recovery key escrow; personal recovery key escrow and rotation. | 4.0 BitLocker management with key escrow to Entra ID; FileVault management and encryption compliance reporting. | 4.0 Device encryption enforcement with BitLocker and FileVault management capabilities. | 4.0 FileVault and BitLocker enforcement with recovery key escrow and encryption compliance monitoring. | 3.0 Encryption enforcement for FileVault and BitLocker with basic key management. | 3.0 Encryption compliance checking and enforcement; limited key escrow compared to leaders. | 2.0 FileVault enforcement and key escrow for macOS; basic iOS encryption compliance checking. | 2.0 FileVault management with recovery key escrow for macOS devices. | 1.0 Basic encryption status monitoring; no key escrow or encryption management capabilities. |
| Deploy identity, root, and intermediate certificates via SCEP, PKCS, or manual upload for Wi-Fi, VPN, and email authentication. | 5.0 Full SCEP, PKCS#12, and manual certificate deployment with certificate authority integration and auto-renewal. | 4.0 SCEP and PKCS certificate deployment with ADCS integration; certificate-based Wi-Fi and VPN authentication. | 4.0 SCEP, PKCS, and imported PKCS certificate profiles with NDES connector for on-premises certificate authorities. | 4.0 Certificate deployment via SCEP and manual upload; certificate-based authentication for enterprise resources. | 4.0 SCEP certificate deployment with auto-renewal and manual certificate distribution across platforms. | 3.0 Certificate deployment with SCEP support and manual upload for identity and root certificates. | 3.0 Certificate management with SCEP proxy and manual certificate deployment. | 2.0 Basic certificate deployment for Apple devices; SCEP support for Wi-Fi and VPN authentication. | 1.0 Manual certificate deployment via custom profiles; no native SCEP integration. | 1.0 Minimal certificate management; relies on custom profile deployment for certificate distribution. |
Threat Detection & Response Detect security threats including jailbreak/root, malware, risky apps, phishing, and network attacks with automated remediation. | 4.0 Trust Network integrations with third-party MTD vendors; Workspace ONE Intelligence for risk scoring and automated response. | 4.0 Jamf Protect (separate product) provides endpoint protection, threat detection, and compliance reporting for Apple devices. | 3.0 Microsoft Defender for Endpoint integration for threat detection; third-party MTD connector support. | 4.0 Built-in jailbreak/root detection, app reputation scanning, and network threat monitoring. | 5.0 Built-in threat detection with jailbreak/root detection, malicious app scanning, and automated remediation. | 4.0 Jailbreak/root detection, app blacklisting, and compliance-driven threat response actions. | 3.0 Watson-powered threat management with MaaS360 Advisor for security insights and recommendations. | 2.0 Basic jailbreak detection; CIS and NIST compliance templates for security posture evaluation. | 1.0 Limited threat detection; basic compliance monitoring without dedicated security scanning. | 2.0 Basic jailbreak/root detection; security monitoring primarily through RMM integration. |
| Push, defer, schedule, or enforce operating system updates across managed devices with version targeting and compliance enforcement. | 5.0 Comprehensive OS update management with DDM for Apple, Windows Update for Business, and Android Enterprise firmware policies. | 4.0 Apple Declarative Device Management (DDM) for macOS and iOS updates; version-targeted enforcement and Nudge-like notifications. | 4.0 Windows Update for Business, iOS/macOS software update policies, and Update Compliance reporting via Azure Monitor. | 4.0 OS update management across platforms with firmware-over-the-air for Android, iOS MDM commands, and Windows update policies. | 3.0 iOS and Android OS update scheduling; Windows/macOS OS updates require Endpoint Central for full management. | 3.0 iOS and macOS OS update scheduling with deferral; Android and Windows OS update policies. | 3.0 OS update policies for iOS scheduling and Android firmware management; Windows updates via WSUS proxy. | 3.0 macOS and iOS update management with Apple DDM support; automated update scheduling. | 2.0 Basic macOS and iOS update management; update enforcement through compliance policies. | 2.0 iOS update scheduling; limited OS update management for Android and no Windows MDM updates. |
| Deploy third-party application patches and OS security patches with testing, staging, and rollback capabilities. | 5.0 Full patch management via Freestyle Orchestrator with third-party app patching, testing groups, and automated rollout. | 3.0 Third-party app patching through Jamf App Installers and Patch Management; limited to macOS applications. | 4.0 Windows patch management via Windows Update for Business; third-party patching through Win32 app updates. | 4.0 Patch deployment for Windows and macOS with firmware update management for Android devices. | 2.0 Limited patch management; Windows and macOS patching requires Endpoint Central integration. | 3.0 Basic patch management with OS update policies; third-party patching limited. | 2.0 Basic patch awareness; Windows patching limited to OS update scheduling. | 3.0 Automated macOS app patching for common applications; third-party patch catalog available. | 1.0 Manual patch deployment via custom scripts; no automated third-party patching. | 1.0 No mobile patch management; Windows/macOS patching requires NinjaOne RMM module. |
| Defer or stage OS updates by days, deployment rings, or groups to test updates before broad rollout. | 4.0 Update deferral for iOS/macOS via DDM restrictions and Windows Update for Business ring-based deployment. | 3.0 macOS and iOS update deferral via managed software update delay settings; up to 90-day deferral. | 4.0 Windows Update rings with deferral periods, quality/feature update policies, and phased deployment support. | 4.0 Update deferral policies with staged rollout capabilities for iOS, Android, and Windows devices. | 3.0 iOS update deferral and scheduling; limited deferral options for other platforms. | 3.0 iOS and macOS update deferral settings; basic scheduling for update deployment windows. | 2.0 Basic iOS update deferral; limited Windows update staging capabilities. | 3.0 macOS and iOS update deferral with configurable delay periods via Apple DDM. | 1.0 Basic update deferral for macOS; limited granularity in update staging. | 1.0 Minimal update deferral capabilities for mobile devices. |
| Remote wipe, selective wipe, and device retirement workflows for securely decommissioning devices at end of lifecycle. | 5.0 Full wipe, enterprise wipe, and device retirement workflows with audit trail and Apple Business Manager release. | 3.0 Remote wipe and unenroll for Apple devices; inventory record archival for retired devices. | 3.0 Full wipe, selective wipe, and Fresh Start for Windows; device retire action removes corporate data. | 4.0 Remote wipe, selective wipe, and device retirement with configurable data erasure policies. | 4.0 Complete and selective wipe with device reassignment and retirement audit logging. | 3.0 Remote wipe, corporate wipe, and device unenrollment with basic lifecycle tracking. | 3.0 Selective and full wipe with device unenrollment and inventory cleanup. | 2.0 Remote wipe and unenroll for Apple devices; basic device retirement workflows. | 2.0 Remote wipe and device removal with basic lifecycle management. | 2.0 Remote wipe capability for enrolled devices; basic retirement workflow. |
Lifecycle & Warranty Reporting Track device age, warranty expiration, refresh cycles, and hardware lifecycle data for fleet planning and budgeting. | 4.0 Device lifecycle dashboard with warranty tracking, device age reporting, and Intelligence Platform for refresh planning. | 2.0 Hardware inventory with purchase date and warranty tracking; limited lifecycle dashboards. | 3.0 Device inventory with hardware details; warranty tracking through Intune Suite add-on. | 4.0 Device lifecycle reporting with warranty tracking, hardware health monitoring, and battery analytics. | 3.0 Device inventory with hardware lifecycle data; asset management reports for fleet planning. | 3.0 Device inventory with purchase and warranty information; basic lifecycle reporting. | 3.0 Watson Advisor provides lifecycle insights; device inventory with hardware lifecycle attributes. | 2.0 Basic device inventory with hardware details; limited warranty and lifecycle reporting. | 2.0 Device inventory with hardware specs; limited lifecycle and warranty tracking. | 2.0 Basic device inventory; lifecycle and warranty reporting more mature in RMM module. |
| Real-time dashboards displaying fleet health, compliance status, enrollment trends, and key performance indicators. | 5.0 Intelligence Platform provides advanced analytics dashboards with trend analysis, risk scoring, and predictive insights. | 5.0 Rich dashboard with compliance overview, device breakdown charts, and real-time fleet health metrics. | 4.0 Intune dashboard with compliance overview, device status, and integration with Azure Monitor workbooks. | 4.0 SOTI ONE Platform dashboard with cross-product analytics and customisable fleet overview. | 4.0 Dashboard with compliance status, device breakdown, and enrollment analytics widgets. | 4.0 Admin dashboard with device health, compliance metrics, and enrollment status visualisations. | 4.0 Watson-powered advisor dashboard with AI-driven insights and fleet health analytics. | 3.0 Basic dashboard with device status overview and compliance summary for Apple fleet. | 3.0 Dashboard with device health monitoring and policy compliance overview. | 3.0 Unified dashboard combining MDM and RMM metrics; basic mobile device analytics. |
| Build custom reports with flexible filters, grouping, scheduling, and export to CSV/PDF for stakeholder reporting. | 5.0 Custom report builder with 250+ data points, scheduled reports, and Intelligence custom dashboards with SQL-like queries. | 5.0 Advanced search and Smart Groups enable powerful custom queries; CSV export and scheduled email reports. | 5.0 Intune Data Warehouse, KQL queries via Azure Monitor, and Power BI integration for custom reporting. | 4.0 Custom report builder with filterable data fields and scheduled CSV/PDF export. | 5.0 Extensive canned and custom reports with scheduling, PDF/CSV export, and Active Directory-linked reporting. | 4.0 Report builder with predefined and custom reports; scheduled delivery via email. | 4.0 Custom report creation with filters and scheduling; limited compared to enterprise leaders. | 2.0 Basic predefined reports; limited custom report building capabilities. | 3.0 Custom Searches with flexible criteria; CSV export for device data queries. | 2.0 Basic reporting with predefined reports; custom reporting more robust in RMM module. |
Hardware & Software Inventory Track detailed hardware specifications, installed applications, OS versions, storage capacity, and software licences across the fleet. | 5.0 Comprehensive inventory with hardware specs, installed apps, certificates, profiles, and real-time device telemetry. | 5.0 Deep Apple hardware and software inventory with extension attributes for custom data collection. | 4.0 Device inventory with hardware details, discovered apps, and configuration profiles status. | 4.0 Hardware and software inventory with custom attributes and device property tracking. | 4.0 Detailed inventory tracking with app blacklist/whitelist enforcement and storage monitoring. | 4.0 Hardware and software inventory with app management and storage usage tracking. | 4.0 Device inventory with hardware specs, installed apps, and Watson-powered app analytics. | 3.0 Apple device inventory with hardware details, installed apps, and macOS system extensions. | 2.0 Device inventory with custom Facts for extended data collection; basic app tracking. | 3.0 Device inventory leveraging RMM heritage for detailed hardware and software tracking. |
Audit Logging & Activity Trails Log administrative actions, policy changes, enrollment events, and command history with timestamps and user attribution. | 5.0 Comprehensive audit logs with admin actions, console events, device commands, and API call tracking. | 5.0 Detailed audit log with change tracking, policy history, and computer/device history per record. | 4.0 Audit logs for all admin operations with Azure AD integration for identity correlation. | 4.0 Admin activity logging with device command history and policy change audit trail. | 4.0 Audit logging with admin activity tracking, policy change history, and enrollment event logging. | 4.0 Activity log with admin actions, device commands, and policy change tracking. | 3.0 Basic audit logging with admin actions and device command history. | 2.0 Basic activity logging for admin actions; limited audit trail granularity. | 2.0 Policy change tracking and command history; basic admin activity logging. | 3.0 Activity log with admin actions; more detailed audit trails in RMM module. |
| Live device status monitoring including battery level, storage, location, network connectivity, and last check-in time. | 5.0 Real-time device queries with battery, storage, location, and connectivity data refreshed on 5-minute cycles. | 4.0 Device details with last check-in, battery, storage, and location (managed lost mode); inventory updates on check-in. | 4.0 Device status with last sync time, compliance state, and hardware metrics; 8-hour default check-in interval. | 3.0 Real-time device monitoring with battery, signal strength, and GPS location tracking. | 4.0 Live device status with location tracking, battery monitoring, and connectivity status. | 5.0 Real-time device tracking with location history, battery monitoring, and network status. | 3.0 Device status with last check-in, battery, and location; Watson Advisor adds health insights. | 2.0 Basic device status with last check-in time; limited real-time monitoring capabilities. | 3.0 Live Terminal and device monitoring with real-time connectivity and health checks. | 2.0 Basic device status monitoring; real-time capabilities stronger in RMM module. |
| Remotely lock devices, send custom lock messages, perform full or selective wipe, and restart devices. | 5.0 Full remote lock, wipe, enterprise wipe, restart, and shutdown commands across all platforms with confirmation workflows. | 4.0 Remote lock with custom message, remote wipe, restart, and shut down for macOS and iOS devices. | 4.0 Remote lock, wipe, retire, restart, and Fresh Start for Windows; custom lock screen message for Android. | 5.0 Comprehensive remote actions including lock, wipe, restart, and device reboot for all managed platforms. | 4.0 Remote lock, complete wipe, corporate wipe, and device restart across supported platforms. | 4.0 Remote lock, wipe, and restart with custom lock messages and selective data erasure. | 3.0 Remote lock and wipe with selective wipe option; basic restart capabilities. | 3.0 Remote lock and wipe for Apple devices; lost mode with custom message support. | 3.0 Remote lock, wipe, and restart for macOS and iOS; basic remote action capabilities. | 3.0 Remote lock and wipe for mobile devices; restart capability for managed devices. |
| View or control a managed device screen in real-time for troubleshooting, training, and end-user support. | 4.0 Remote view/control via Workspace ONE Assist (separate add-on) for Android, iOS, Windows, and macOS. | 4.0 Jamf Remote for macOS screen sharing and remote control; iOS remote view via screen mirroring. | 2.0 Remote help (Intune Suite add-on) for Windows and Android; no native iOS/macOS remote view. | 5.0 Built-in XSight remote control with no additional licensing — industry-leading for Android and Windows. | 3.0 Remote view for Android and iOS; macOS/Windows remote control requires Endpoint Central or Zoho Assist. | 3.0 Remote view for Android and iOS; desktop remote control via third-party integration. | 3.0 Remote screen sharing via MaaS360 for Android; TeamViewer integration for cross-platform remote support. | 1.0 No built-in remote screen sharing; relies on third-party tools like Apple Remote Desktop. | 4.0 LiveDesktop provides real-time macOS screen sharing; GoLive for iOS screen viewing. | 2.0 Basic remote view leveraging RMM tools; limited native MDM remote screen capabilities. |
Remote Shell / Terminal Access Execute shell commands, run scripts, or open terminal sessions on remote managed devices for advanced troubleshooting. | 5.0 Remote shell via Sensors and Scripts across macOS, Windows, and Linux with output collection and scheduling. | 4.0 Remote command execution via Jamf API; Extension Attributes run scripts and collect output from macOS devices. | 3.0 Remediation scripts and PowerShell script deployment for Windows; shell scripts for macOS. | 4.0 Remote terminal access for Android and Windows devices with command execution and output logging. | 3.0 Custom script execution on macOS and Windows; limited to batch command deployment. | 3.0 Remote script execution for macOS and Windows with custom script deployment. | 2.0 Limited remote command capabilities; basic script deployment for macOS. | 2.0 Custom command execution for macOS; basic terminal command deployment capabilities. | 4.0 LiveTerminal provides real-time interactive shell access to macOS devices. | 1.0 No remote shell for mobile devices; terminal access available through RMM module. |
| End-user portal enabling device info lookup, password reset, app installation, and help desk ticket submission. | 4.0 Self-Service Portal via Intelligent Hub with device info, app catalog, and help desk integration. | 4.0 Jamf Self Service provides a branded portal for apps, bookmarks, policies, and password changes on macOS and iOS. | 3.0 Company Portal app provides device status, app install, and compliance information for end users. | 3.0 End-user self-service for device info and app catalog access through managed browser. | 4.0 Self-service portal with device location, remote alarm, lock, and app installation capabilities. | 4.0 User self-service portal for device info, location tracking, and app installation requests. | 3.0 MaaS360 end-user portal with device status and limited self-service capabilities. | 2.0 Basic self-service through Mosyle Manager app; limited user-facing actions. | 3.0 MyAddigy self-service portal for end users with device info and basic actions. | 2.0 Limited self-service; end-user capabilities focused on RMM module. |
| Push files to managed devices, retrieve logs and diagnostic data, or browse device file systems remotely. | 5.0 File push and retrieval via Content Gateway; log collection and diagnostic bundle retrieval from devices. | 3.0 File distribution via Jamf Distribution Server for macOS packages; log collection via scripts. | 3.0 Log collection for Windows and Android; file deployment via Win32 app packaging or scripts. | 4.0 Remote file manager with browse, push, and pull capabilities for Android, Windows, and macOS. | 3.0 File distribution for macOS and Windows; content management for document deployment. | 3.0 Content management for file distribution; basic remote file push to managed devices. | 3.0 MaaS360 Docs for document distribution and content management on managed devices. | 2.0 Basic file distribution for macOS; custom command-based file push. | 2.0 File deployment through custom scripts and Predefined Apps for macOS. | 2.0 Limited mobile file management; file transfer more mature in RMM module. |
Smart Groups & Dynamic Targeting Automatically assign devices to groups based on dynamic criteria such as OS version, compliance state, location, or custom attributes. | 5.0 Smart Groups with organisational groups, custom attributes, and compliance-based dynamic membership across all platforms. | 5.0 Industry-leading Smart Groups with 150+ criteria for macOS and iOS including extension attributes and LDAP lookups. | 4.0 Azure AD dynamic groups with device and user properties; filters for policy assignment scoping. | 4.0 Device groups with dynamic rules based on custom properties and device attributes. | 4.0 Dynamic groups with AD-synced membership and custom criteria-based device targeting. | 3.0 Device groups with basic dynamic membership based on OS, ownership, and custom tags. | 3.0 Device groups with rule-based membership; limited dynamic criteria compared to leaders. | 2.0 Basic device groups with limited dynamic criteria; manual group assignment primary. | 2.0 Policies act as targeting mechanism; Smart Software for basic dynamic grouping. | 1.0 Basic device groups; limited dynamic targeting for mobile devices. |
Tag-Based Policy Assignment Use tags, labels, or custom attributes to scope policies, profiles, and apps to specific device subsets. | 4.0 Tags and organisational group hierarchy for policy scoping with assignment groups and exclusions. | 5.0 Scope-based policy assignment with targets, limitations, and exclusions using Smart Groups, buildings, and departments. | 3.0 Scope tags for RBAC and assignment filters; Azure AD group-based policy targeting. | 3.0 Tag-based device organisation with custom properties for policy assignment. | 3.0 Group and tag-based policy deployment with custom property-driven assignment. | 3.0 Tag-based device organisation with manual and dynamic tag assignment for policy scoping. | 2.0 Basic group-based policy assignment; limited tag/label functionality. | 2.0 Blueprint-based policy assignment with basic tagging capabilities. | 1.0 Policy-based organisation structure; limited tag-based targeting options. | 1.0 Basic group-based policy assignment; minimal tagging support for mobile. |
Geofencing & Location Rules Trigger actions, enforce policies, or generate alerts based on device geographic location or geo-boundary violations. | 4.0 Geofencing with compliance actions and location-based profiles; geo-boundary alerts and compliance escalation. | 4.0 iOS geofencing via managed location services; location-based inventory and compliance reporting. | 3.0 Basic location compliance rules; geo-fencing for Android and iOS compliance policies. | 4.0 Strong geofencing with location tracking, geo-boundary alerts, and location-triggered actions. | 4.0 Geofencing with location-based compliance, geo-boundary alerts, and automated actions. | 4.0 Geofencing with location tracking, boundary alerts, and location-based policy enforcement. | 3.0 Basic geofencing with location-based compliance rules and boundary alerts. | 2.0 Basic device location tracking; limited geofencing capabilities for Apple devices. | 1.0 Device location tracking available; no native geofencing or location-based policy triggers. | 1.0 Basic device location; no geofencing capabilities for mobile devices. |
Time-Based & Scheduled Policies Apply policies on schedules, maintenance windows, or time-of-day rules for managing device behaviour during specific periods. | 4.0 Time-based compliance windows and Freestyle Orchestrator for scheduled workflow execution. | 5.0 Policy trigger scheduling with recurring execution, maintenance windows, and custom triggers. | 4.0 Delivery optimisation with maintenance windows and Windows Update scheduling. | 3.0 Scheduled policy deployment and time-based device actions for managed devices. | 3.0 Scheduled profile deployment and time-based restrictions for managed devices. | 3.0 Time-based restrictions and scheduled policy deployment with configurable windows. | 2.0 Basic scheduling for compliance checks; limited time-based policy options. | 2.0 Basic scheduling through macOS LaunchDaemon-based timing; limited time-based controls. | 1.0 Limited scheduling capabilities; policies apply continuously without time-based logic. | 1.0 Basic scheduling; time-based policies more available in RMM module. |
Multi-Policy Layering & Conflict Resolution Apply multiple overlapping policies with clear precedence rules, merge behaviour, and conflict resolution logic. | 5.0 Hierarchical organisational groups with inheritance and override; clear policy precedence across group levels. | 5.0 Multiple profiles and policies can coexist; Smart Group-based scoping with scope priority for overlapping assignments. | 4.0 Profile conflict detection and reporting; Settings Catalog with merged vs override behaviour for policy layers. | 4.0 Policy layering with device group hierarchy and inheritance rules for conflict resolution. | 4.0 Group-based policy hierarchy with inheritance and override capabilities. | 3.0 Policy priority ordering with basic conflict resolution for overlapping configurations. | 2.0 Single policy per device in recent versions; limited multi-policy support and layering. | 1.0 Blueprint-based model with limited layering; policies apply as a single configuration set. | 1.0 Policy stacking available but limited conflict resolution and precedence management. | 2.0 Basic policy assignment; limited multi-policy conflict handling for mobile. |
Microsoft Entra ID Integration Sync users and groups from Microsoft Entra ID (Azure AD), leverage conditional access policies, and enable Entra-based device compliance. | 4.0 Entra ID integration via Workspace ONE Access for user sync, conditional access, and compliance-driven policies. | 4.0 Entra ID integration with device compliance sharing; Jamf Connect enables Entra ID authentication on macOS login. | 5.0 Native Entra ID integration — the definitive experience with seamless conditional access, device compliance, and user sync. | 3.0 Azure AD user sync and group mapping; basic conditional access integration. | 4.0 Entra ID directory integration with user/group sync and device-to-user mapping. | 3.0 Entra ID user sync with group-based device assignment and basic directory integration. | 3.0 Azure AD integration for user sync and basic conditional access support. | 2.0 Basic Entra ID integration for user authentication and directory sync. | 1.0 Limited Entra ID support; basic user directory integration. | 1.0 Minimal Entra ID integration for mobile; better Azure AD support in RMM module. |
Okta / Google Workspace Integration Single sign-on and directory synchronisation with Okta, Google Workspace, or other SAML/OIDC identity providers. | 4.0 SAML/OIDC integration with Okta, Google, and other IDPs via Workspace ONE Access federation. | 4.0 Okta and Google Workspace integration; Jamf Connect supports Okta authentication for macOS login. | 4.0 Third-party IDP support via Entra ID federation; Google Workspace sync via connectors. | 3.0 SAML-based SSO integration with Okta and third-party identity providers. | 3.0 Google Workspace directory sync; basic SAML integration for third-party IDPs. | 3.0 Okta and Google Workspace integration for user sync and SSO authentication. | 3.0 SAML-based SSO with Okta and third-party IDP support; Google Workspace sync. | 2.0 Basic Google Workspace and Okta integration for Apple device user management. | 1.0 Limited third-party IDP support; basic SAML integration. | 1.0 Minimal third-party IDP integration for mobile devices. |
| Connect to on-premises Active Directory or LDAP servers for user/group synchronisation and authentication. | 4.0 ACC (AirWatch Cloud Connector) enables on-premises AD/LDAP sync without opening inbound firewall ports. | 3.0 LDAP integration with on-premises Active Directory for user lookups and group-based targeting. | 4.0 Entra ID Connect syncs on-premises AD to cloud; AD connector for hybrid join scenarios. | 3.0 Active Directory integration for user authentication and group-based device assignment. | 4.0 Deep on-premises AD integration with auto-enrollment triggers and OU-based device assignment. | 3.0 Active Directory integration with user sync and group-based policy assignment. | 3.0 On-premises AD connector for user/group sync with directory-based device assignment. | 1.0 No native on-premises AD integration; cloud-based directory only. | 0.0 No on-premises AD/LDAP integration; purely cloud-based identity management. | 0.0 No mobile AD integration; AD connectivity available through RMM module. |
Certificate-Based Authentication Authenticate devices and users via client certificates for secure Wi-Fi, VPN, and email access without passwords. | 4.0 SCEP and certificate authority integration for certificate-based Wi-Fi, VPN, and email authentication. | 4.0 Certificate-based authentication with ADCS integration for 802.1X Wi-Fi and VPN client certificates. | 5.0 SCEP and PKCS certificate profiles with NDES connector for certificate-based network authentication. | 3.0 Certificate deployment for Wi-Fi and VPN authentication; SCEP support available. | 3.0 SCEP certificate deployment for Wi-Fi and VPN certificate-based authentication. | 3.0 Certificate deployment with SCEP support for network authentication scenarios. | 2.0 Basic certificate-based authentication with SCEP proxy for certificate deployment. | 2.0 Certificate deployment for Apple devices; basic SCEP integration for authentication. | 1.0 Limited certificate-based authentication; manual certificate deployment only. | 1.0 Minimal certificate authentication support for mobile devices. |
User-Device Affinity Mapping Map users to their enrolled devices for user-centric targeting, reporting, and multi-device policy management. | 4.0 User-device mapping with primary device designation and user-centric policy targeting across platforms. | 3.0 User-device affinity tracking with LDAP-based user assignment and inventory reporting. | 4.0 Primary user mapping with device-to-user affinity; user-based policy and app targeting. | 3.0 User-device assignment with directory-based mapping and user-centric reporting. | 4.0 User-device affinity with AD-synced user assignment and user-based targeting. | 2.0 Basic user-device mapping with manual assignment and user-based grouping. | 3.0 User-device affinity with directory-synced user mapping and per-user reporting. | 1.0 Basic user assignment; limited user-device affinity management. | 1.0 Minimal user-device mapping; limited user-centric targeting capabilities. | 1.0 Basic user assignment; limited user-device affinity for mobile. |
| Public REST API for programmatic access to device management, user operations, app deployment, and policy configuration. | 5.0 Comprehensive REST API with Swagger documentation covering devices, users, apps, profiles, and compliance. | 4.0 Jamf Pro API and Classic API with extensive endpoint coverage for automation and integration. | 5.0 Microsoft Graph API provides programmatic access to all Intune functionality with excellent documentation. | 3.0 REST API available for device and user management; less comprehensive documentation than leaders. | 3.0 REST API for device management operations; Zoho API ecosystem for extended integration. | 3.0 REST API with basic device and user management endpoints. | 3.0 REST API for device management and reporting; documentation quality varies. | 1.0 Limited API availability; basic endpoints for device and user management. | 1.0 Basic API with limited endpoint coverage for automation. | 2.0 NinjaOne API covers RMM and basic MDM endpoints; growing mobile API coverage. |
Webhooks & Event Automation Push real-time events to external systems via webhooks or trigger automated workflows on device events. | 5.0 Webhook notifications for device events; Freestyle Orchestrator enables complex event-driven automation workflows. | 3.0 Webhook notifications for key events; Jamf Pro API webhooks for external system integration. | 4.0 Azure Logic Apps and Power Automate integration for event-driven workflows; audit log streaming. | 3.0 Event-based rules with external action triggers; basic webhook support for integrations. | 3.0 Basic webhook support; integration with Zoho Flow for workflow automation. | 3.0 Webhook integration for event notifications; basic automation trigger support. | 2.0 Limited webhook capabilities; event streaming for select device lifecycle events. | 1.0 Minimal webhook support; limited event-driven automation capabilities. | 1.0 Basic webhook support for device events; limited automation capabilities. | 1.0 NinjaOne webhook support; limited mobile-specific event automation. |
SIEM & Security Integration Forward device and security event logs to SIEM platforms like Splunk, QRadar, Microsoft Sentinel, and other security tools. | 5.0 Syslog forwarding, Splunk integration, and Intelligence Platform for security event correlation and SIEM connectivity. | 4.0 Jamf Protect SIEM integration with Splunk, Sentinel, and syslog forwarding for security event streaming. | 4.0 Azure Sentinel integration with audit log streaming via Diagnostic Settings for Intune events. | 3.0 Syslog forwarding for security event integration with SIEM platforms. | 3.0 Syslog support and integration with ManageEngine Log360 for security log analysis. | 2.0 Basic syslog forwarding for event log integration with SIEM tools. | 3.0 Native QRadar SIEM integration; syslog forwarding for third-party SIEM platforms. | 1.0 Minimal SIEM integration; basic log export capabilities. | 1.0 Limited security log forwarding; basic syslog support. | 1.0 NinjaOne syslog forwarding; limited mobile-specific SIEM integration. |
ITSM / ServiceNow Connectors Integrate with ServiceNow, Jira, Zendesk, or other ITSM tools for ticket creation, asset sync, and incident management. | 5.0 ServiceNow CMDB integration, ITSM connectors, and Intelligence Platform for automated ticket creation. | 3.0 ServiceNow integration via marketplace app; Jira and ITSM integration through API and community plugins. | 4.0 ServiceNow integration via Microsoft connector; Power Platform for custom ITSM workflows. | 3.0 ServiceNow integration available; API-based connectivity with ITSM tools. | 3.0 Native integration with ManageEngine ServiceDesk Plus; API connectivity for third-party ITSM. | 3.0 Basic ITSM integration via API; ServiceNow and Zendesk connectivity available. | 3.0 ServiceNow integration for CMDB sync; IBM ecosystem ITSM tool connectivity. | 1.0 Limited ITSM integration; basic API connectivity for third-party tools. | 1.0 Minimal ITSM integration; ConnectWise and PSA tool connectivity for MSP workflows. | 1.0 Basic ticketing built into NinjaOne; limited external ITSM connectors for mobile. |
Custom Scripting & Extensibility Run custom scripts (Bash, PowerShell, Python) on managed devices for advanced configuration, data collection, and remediation. | 5.0 Sensors and Scripts for macOS, Windows, and Linux with scheduling, output collection, and Freestyle Orchestrator workflows. | 4.0 Excellent macOS scripting with Extension Attributes, policies, and scripts; bash/python/zsh execution support. | 3.0 PowerShell script deployment for Windows; shell script support for macOS; Remediations for proactive fixes. | 4.0 Custom script execution on Windows and macOS; SOTI Snap for custom Android app workflows. | 3.0 Custom script deployment for macOS and Windows; limited to batch execution. | 3.0 Custom script execution for macOS and Windows with script deployment profiles. | 3.0 Basic script deployment capabilities; limited custom scripting options. | 2.0 Custom command execution for macOS; basic scripting through command deployment. | 2.0 Custom script deployment for macOS with monitoring scripts and Maintenance items. | 1.0 Scripting via NinjaOne for desktops; limited mobile custom script support. |