I’ve been talking to a few clients about migrating away from Jamf. In general, these clients are all in on Microsoft 365, so a combined approach using Microsoft Intune and Munki can replace most, if not all, of the practical capabilities of Jamf for macOS device management and software deployment, while offering greater flexibility and reliability than using Intune alone.

Role separation: Intune vs Munki

Microsoft Intune is used as the authoritative MDM layer for macOS. It handles:

• Device enrolment and compliance
• Security configuration (FileVault, firewall, OS update policies)
• Configuration profiles, certificates, and access control
• Conditional Access integration with Microsoft 365

Munki is used as the dedicated software deployment and lifecycle management system. It handles:

• Application installation, updates, and removals
• Version pinning and staged rollouts
• User-initiated installs via Managed Software Centre
• Reliable enforcement of required software versions

This separation mirrors Jamf’s internal architecture but with clearer boundaries and less coupling between MDM policy and application logic.

Intune + Munki is stronger than Intune alone

Using Intune by itself for macOS application deployment is functional but limited. Munki addresses these limitations directly:

Faster and more predictable deployments

• Munki installs software using native macOS installer mechanisms without repackaging into Intune-specific formats.
• Installation and update behaviour is deterministic and repeatable across machines.
• Dependencies, blocking applications, and install ordering are first-class concepts.

Clear progress and user feedback

• Managed Software Centre provides explicit progress indication during download and installation.
• Users can see what is installing, what is pending, and what failed, without opaque “installing…” states.
• This significantly reduces helpdesk noise during large deployments or updates.

Robust handling of non-universal and architecture-specific apps

• Munki allows explicit targeting of Intel vs Apple silicon builds.
• This is critical for applications that are not shipped as Universal binaries.
  • A common example is Dropbox, which provides separate architecture builds and cannot be cleanly handled by Intune’s macOS app model without workarounds.
  • Munki selects the correct installer automatically based on the device architecture.

Strong version control and rollback

• Specific application versions can be enforced or deferred.
• Updates can be staged or pinned to known-good releases.
• Rollback is straightforward if an upstream vendor release causes issues.

Operational advantages compared to Jamf

• No vendor lock-in to a single macOS management platform.
• Munki repositories are simple, transparent, and auditable.
• Packaging and testing workflows are faster and easier to automate.
• Intune continues to improve as a macOS MDM without being forced to act as a full software deployment engine.

Low cost and light-weight infrastructure requirements

Munki is developed by Walt Disney Animation Studios and is released under a free and open-source model, with no licensing costs per device, per admin, or per application.

Infrastructure requirements are minimal:

• A Munki repository is simply a static file structure served over https. It does not need to be hosted on macOS.
• It can run on any standard web server (nginx, Apache, IIS, etc.).
• It can be trivially hosted in Azure or AWS using low-cost object storage or a lightweight VM.
• It can also be hosted on-premises on inexpensive hardware, such as a Mac mini, with excellent performance for small to medium fleets.

There is no database, no application server, and no proprietary backend. This makes Munki:

• Highly reliable
• Easy to back up
• Easy to audit
• Easy to migrate between hosting environments
• Easy to replicate across geographical regions if required

From an operational perspective, Munki infrastructure is simple enough that failure modes are well understood and easy to remediate, which is not always the case with fully managed SaaS-only platforms.

Overview

In this model, Intune provides secure, standards-based macOS management and compliance. Munki provides fast, reliable, and architecture-aware software deployment. Together, they match or exceed Jamf’s real-world capabilities for most organisations, particularly where Microsoft 365 is the preferred platform.

For organisations with mixed Apple silicon and Intel fleets, or with a strong need for predictable software deployment and clear user feedback, Intune + Munki is materially stronger than Intune alone and a viable replacement for Jamf.

Why use Automatica to deploy Munki for you?

Automatica brings over a decade of hands-on experience deploying, managing, and supporting Munki at scale.

We have deep expertise in:

• Packaging macOS software specifically for Munki
• Managing Intel and Apple silicon application workflows
• Designing reliable Munki repositories and deployment pipelines
• Integrating Munki cleanly with Microsoft Intune enrolment and policy flows
• Implementing advanced Intune configurations, including Platform SSO (PSSO) for macOS
• Leveraging Apple Business Manager (ABM) and Apple Device Enrolment Program (DEP) for streamlined deployment of Apple devices