ManageEngine MDM Plus

Full SCEP support with built-in PKI server. Microsoft AD CS and DigiCert integration. ACME CA support. Zero-user intervention certificate deployment and silent installation.

Custom XML/OMA-URI for Windows 10/11. Plist/mobileconfig for iOS/macOS. OEMConfig support for Android vendor-specific settings. Profile Creator tool available.

Comprehensive platform-specific restrictions. Kiosk mode for single/multi-app lockdown. App disabling for non-compliance. Camera, USB, Bluetooth, AirDrop restrictions.

Email, Exchange ActiveSync, and mail server configuration with SSL authentication. Dynamic variable mapping for user-specific details. Conditional Exchange Access (CEA).

Passcode complexity enforcement including length, age, history. Brute-force protection with auto-wipe capability. Biometric policy support.

Full per-app VPN for iOS and macOS. Not supported on Android, Windows, or ChromeOS in MDM Plus standalone.

Wide range of VPN types supported including IKEv2, IPSec, SSL. Dynamic variables for user-specific configuration. Per-app VPN available for iOS.

Corporate Wi-Fi and proxy configuration. WPA2/WPA3 enterprise authentication with 802.1X and certificate-based auth support.

Android Zero-Touch Enrollment supported. Also supports EMM Token (QR), NFC, and ADB enrollment methods for automated Android device provisioning.

Full Apple Business Manager (ABM) integration for automated device enrollment on iOS/iPadOS and macOS. Supervised mode with user assignment automation. Zero-touch provisioning for corporate-owned Apple devices.

CSV-based bulk enrollment supporting multiple devices and users. Staging support for devices not yet activated. Invite-based mass enrollment methods available.

Group and OU-based enrollment policies. Device ownership type (corporate vs BYOD) determines applied profiles. Azure AD conditional access integration for enrollment gating.

QR code, SMS, and email invitation-based enrollment. Self-enrollment portal for all major platforms. Intuitive step-by-step process.

Knox-validated MDM. Streamlined bulk enrollment of Samsung devices with out-of-the-box configuration and automatic app/profile distribution upon enrollment.

Self-enrollment portal for BYOD scenarios. Users access portal, authenticate with company credentials, and install MDM profile. Android work profile separates personal and corporate data.

Windows Autopilot support for Windows 10/11. Automatic enrollment upon initial startup with minimal manual intervention. Requires Endpoint Central UEM edition.

App allowlisting and blocklisting with gradual enforcement (notify then uninstall). Periodic device scans for app classification. Manages pre-installed, user-installed, and enterprise apps.

On-demand self-service app catalog. Integration with Apple ABM, Managed Google Play, Chrome Web Store, and Windows Business Store. Enterprise app publishing supported.

AppConfig framework support for iOS. Managed Google Play app configuration for Android. Limited managed app config for Windows/macOS desktop apps.

Apple Business Manager (ABM) integration for device-based and user-based app licensing. Content tokens upload. Managed Apple ID support. Legacy VPP migration path.

Managed Google Play integration for deploying public, private, and web apps. App approval workflow before distribution. Enterprise app repository support.

Containerization for iOS and Android. Android work profile for BYOD. Copy/paste and sharing restrictions between managed and personal contexts. Limited app wrapping/SDK documentation.

Silent app installation and removal without user interaction. License management and scheduled deployment options. Requires supervised mode for iOS.

Windows MSI/EXE/MSIX and macOS DMG/PKG app deployment via MDM Plus. Linux software deployment requires Endpoint Central. Over 850 pre-built app templates available in Endpoint Central.

Real-time compliance monitoring with automated remediation. Detects jailbroken/rooted devices, blocked apps, and policy violations. Configurable actions for non-compliant devices.

Work profile prevents corporate data transfer to personal apps. Restrictions on Bluetooth, NFC, Wi-Fi Direct, USB sharing. Managed open-in for iOS. Limited desktop DLP controls.

Device-level encryption enforcement. BitLocker for Windows, FileVault for macOS, native encryption for iOS/Android. Storage and SD card encryption for Android.

Geofencing for iOS and Android with compliance actions when devices enter/leave designated areas. Geo-tracking and location history available in Lost Mode.

Detects jailbroken iOS and rooted Android devices during and after enrollment. Automatic removal from management upon detection. Continuous scanning capability.

Complete factory reset for lost/stolen/decommissioned devices. Restores device to out-of-box state. Includes malware remediation scenarios.

Remove only corporate data, profiles, and managed apps. Preserves personal contacts, photos, and apps. Essential for BYOD offboarding and employee transitions.

Check Point Harmony Mobile integration for mobile threat detection. Endpoint Central includes EDR for Windows with DeepAV, behaviour detection, and ransomware prevention engines. Log360 SIEM for XDR.

Android system update policies including automatic, windowed, and postpone modes. Freeze periods supported for managed devices.

Not available in MDM Plus standalone. BIOS/UEFI, driver, and firmware updates require ManageEngine Endpoint Central.

iOS/iPadOS OS update scheduling and control. Defer updates, push specific versions to supervised devices. Scheduled update deployment windows.

Not available in MDM Plus standalone. macOS software update management requires ManageEngine Endpoint Central (full UEM product).

Update scheduling and deferral for iOS, Android, and ChromeOS. Windows/macOS update deferral requires Endpoint Central.

Not available in MDM Plus standalone. Windows patch management requires ManageEngine Endpoint Central (full UEM product).

App deployment status tracking and installation success rates. App inventory per device. License utilization tracking for VPP apps. Limited deep usage analytics.

Action Log Viewer for auditing all admin actions. Remote session reason logging. Enrollment and compliance state change tracking.

10+ pre-defined compliance reports. Compliance violation tracking, inactive device reports, installed apps reports. Policy adherence dashboards.

Drag-and-drop custom report builder with column reordering and Group By. Multiple filter criteria, CSV export, and scheduled report generation.

Comprehensive mobile asset management from central console. Granular device details, warranty tracking, IMEI, owner details. Custom field upload. Real-time device status with periodic scans.

Centralised dashboard with real-time device monitoring. Battery level, storage capacity, online/offline state, and last check-in tracking.

Not available in MDM Plus standalone. Custom script deployment (PowerShell, Bash, Shell) requires ManageEngine Endpoint Central.

Remote restart for iOS and Android managed devices. Windows/macOS remote restart and wake-on-LAN require Endpoint Central.

Immediate remote device locking with passcode requirement. Custom message and contact number display on iOS. Remote alarm capability for locating devices.

iOS view-only screen sharing. Full remote view and control for Android (fully managed devices). Windows/macOS remote desktop requires Endpoint Central or Zoho Assist add-on.

Android chat-based command execution during remote troubleshooting sessions only. Windows/macOS/Linux remote terminal requires Endpoint Central.

Full device wipe action from admin console. Factory reset for lost/stolen/decommissioned devices. Confirmation workflow before execution.

Policies based on device model, manufacturer, OS version, and ownership type (corporate vs BYOD). Supports kiosk/rugged device-specific configurations.

Dynamic device groups based on OS, ownership type, compliance state, and device attributes. Auto-updating groups for policy targeting. Less granular than Jamf's 150+ criteria.

Geofencing for compliance actions on iOS/Android. Basic network-based policies available. Less sophisticated than dedicated geo/network targeting in enterprise competitors.

Custom grouping and categorization for devices. Admin-defined tags for flexible device targeting beyond built-in attributes. Department and location-based grouping.

User and group-based policy assignment via AD/Entra ID groups. Consistent experience across all devices enrolled by the same user.

Azure AD / Entra ID integration for user sync, group-based targeting, and conditional access. Certificate-based authentication (CBA) with Azure AD supported.

Azure AD Conditional Access integration. Conditional Exchange Access (CEA) for email. Device compliance-based access controls. Trust scoring concept for Zero Trust approach.

Google Workspace directory integration for user identity and group-based targeting. ChromeOS device management through Google Admin integration.

SAML 2.0 integration with Okta, ADFS, Auth0 for admin console SSO. Limited device-level third-party IdP integration compared to cloud-native competitors.

Deep on-premises Active Directory integration - a core ManageEngine strength. OU-based targeting, automatic user and group sync, LDAP with SSL support. Daily complete sync.

SAML 2.0 authentication for Endpoint Central console and cloud portal. Azure AD, ADFS, Auth0 integration. Users login with single SSO credentials.

Scheduled deployments, compliance remediation automation, and app update policies. Limited general-purpose workflow engine compared to WS ONE Freestyle Orchestrator. AppCreator available as separate product.

REST API-based extensibility. No formal marketplace or plugin ecosystem. ManageEngine ecosystem offers 90+ IT management products with native integrations. Partner integrations available.

Comprehensive REST API following HTTP standards. Device queries, profile management, bulk operations. Extensive API documentation. No GraphQL support.

ServiceNow integration via certified plug-in app. Asset data sync with CMDB. Incident, change request, and problem management from ServiceNow. Also integrates with ManageEngine ServiceDesk Plus.

Native integration with ManageEngine Log360 SIEM. Third-party SIEM integration via REST APIs and syslog forwarding. Security event data for threat detection and incident investigation.

Notification framework for enrollment, compliance changes, and security events. Integration with third-party systems via REST API callbacks. Less mature than dedicated webhook engines.