JumpCloud

Full SCEP for macOS, iOS, Windows; requires external CA; Android Device Trust certs (not SCEP-based).

Custom .mobileconfig for macOS/iOS; OMA-URI for Windows; M1 kernel extension limitations noted.

Granular restriction policies: camera, iCloud backup, downloads, app installation controls per OS.

No native email profile templates. Email config possible via custom .mobileconfig on iOS/macOS only (requires Apple Configurator/iMazing). Source: jumpcloud.com/support/create-mac-or-ios-mdm-custom-configuration-profile-policy.

Passcode/password policies all platforms including Linux; min length, complexity, expiration, rotation.

Android VPN Restrictions Policy; app-level VPN control via conditional access; limited specificity.

VPN profile policies all platforms; VPNv2 for Windows 10/11; RADIUS auth; Pritunl, WireGuard integrations.

Remote Wi-Fi deployment with SSID, WPA2-Enterprise/Personal, auto-connect; RADIUS auth supported.

Full zero-touch enrollment for Android with automatic config during OOBE; reseller-uploaded devices.

ADE via Apple Business Manager; service discovery for Account-driven Enrollment with redirect URL retrieval.

Bulk enrollment via config files; reduces deployment from hours to minutes across all platforms.

Conditional Access Policies gate enrollment by identity trust, device trust, network trust conditions.

QR code via User Portal for iOS/Android BYOD; Windows provisioning packages; manual direct link option.

No Knox ME support. JumpCloud absent from Samsung Knox ME partner list. Standard Android zero-touch enrollment only.

User Portal enrollment for iOS personal devices; Android EMM via QR code and Device Policy app.

Autopilot enrollment for Windows 10/11; single-click admin activation for automatic enrollment.

Allowlist (default deny) and blocklist modes; Windows Application Restriction; macOS Santa binary control.

JumpCloud App Catalog for macOS/Windows with curated apps; Managed Google Play for Android; auto-update.

AppConfig XML for iOS/Android; variable substitution ($username$, $emailAddress$); managed config for Android.

Full VPP integration for macOS/iOS; bulk license purchasing and assignment; license reclamation.

Curated Managed Google Play Store; public, private, web apps; user-selectable or force-install modes.

Modern MDM MAM; container-based management; selective corporate data wipe; mobile-focused.

Android silent install via EMM; iOS via VPP/MDM; Windows needs vendor silent support.

MSI via Private Repository, Chocolatey, Microsoft Store, WinGet, remote PowerShell; silent install required.

Compliance Enforcement policies with remediation actions; SOC 2, ISO 27001, PCI DSS, HIPAA audit support.

No native DLP; relies on least-privilege access control rather than data exfiltration prevention.

FDE enforcement with recovery key escrow; conditional access blocks unencrypted devices.

IP-based geofencing (country/IP whitelists); conditional access location restrictions; no GPS geofencing.

JumpCloud Protect evaluates device integrity and jailbreak detection via Mobile Device Trust framework.

Erase device MDM command; protected wipe for Windows; immediate obliteration for macOS volumes.

Corporate data selective wipe for iOS/Android; Windows/macOS support full device wipe only.

CrowdStrike Falcon EDR/XDR integration; Falcon for Mobile MTD for Android/iOS; cross-OS visibility.

Android System Updates Policy: OTA updates for fully managed/dedicated devices. Default, automatic, windowed, postpone (30 days), and freeze period modes. Android 6.0+. Source: jumpcloud.com/support/create-an-android-system-updates-policy.

Chrome browser patching included. OS-level driver updates via Windows patch policies. Android and Linux firmware management not confirmed.

OS patch management with update visibility/install controls; deferral options; auto upgrade enforcement.

Automated macOS patch management with deployment rings; version tracking; auto upgrade enforcement.

OS patch policies with deferral and scheduling; deployment rings control timing; sane defaults provided.

Automated patch management Win 10/11; deployment rings (Vanguard, Ring 1-3); deferral scheduling.

Software inventory with "last opened" timestamps. No granular app usage analytics (time spent, frequency). SaaS Management tracks daily login activity only.

Centralized audit logging; Directory Insights activity logs; SIEM-compatible event export.

CSV export of compliance; audit trail for SOC 2, ISO 27001, PCI DSS, HIPAA; column customization.

JumpCloud Reports UI with search, customization, save; automated query refinement; CSV export.

System Insights with hourly hardware/software collection; vendor, model, serial, custom fields.

System Insights real-time inventory and status; hourly updates; device posture and compliance.

PowerShell, Bash, Shell scripts; parallel fleet execution; AI Commands Builder; webhook triggers.

Remote restart with immediate enforcement; scheduled via deployment rings.

Remote screen lock MDM command; macOS requires PIN; immediate enforcement.

JumpCloud Remote Assist: cloud-based screen access, multi-monitor, E2E encryption, attended/unattended.

Remote script execution: PowerShell, Bash, Shell; bulk execution with stdout/stderr/exit code capture.

Erase device command; persists if locked/off; obliteration (macOS), protected wipe (Windows).

Device groups per OS type; policies assigned per platform; device-specific configuration.

Attribute-driven dynamic groups; Contains/StartsWith/EndsWith operators; AND logic; auto-membership updates.

IP-based geofencing; network-based conditional access; location-aware enforcement.

Attribute-based targeting for policies; dynamic group rules based on device attributes; flexible operators.

Policies assigned to user groups; device-to-user binding; group-based policy deployment.

SSO with M365/Entra ID federation; SAML-based auth; Azure AD/Entra SSO for JumpCloud Vault; two-way sync.

Zero Trust conditional access: Identity Trust, Device Trust, Network Trust pillars; granular posture rules.

Google Workspace SSO integration; directory attribute mapping; third-party SSO disable required.

Third-party IdP integration via SAML/OIDC; documented with OpenVPN and various applications.

ADI import and sync agents; LDAPS support; extends AD to cloud or migrates away; two-way user/group/password sync.

Full SAML 2.0 SSO; custom SAML app connectors; OIDC support; federated SSO with SAMLP protocol.

Cloud server orchestration; scheduled/ad-hoc tasks; bulk remote commands; webhook-triggered workflows.

Extensible API framework; Workato, Tray.io connectors; custom workflow building.

REST API v1.0/v2.0; event logs, user auth, device management; API key auth; RBAC.

SSO integration with ServiceNow via SAML documented. Native ITSM data sync (device inventory, incident creation) not confirmed.

Directory Insights SIEM-compatible logs; serverless app auto-polls API to S3; comprehensive logging.

Event-driven webhooks; custom script execution via webhooks; Directory Insights event data.