@hackdefendr @BlueBee yeah, so where I am now we have iPads managed via a combo of meraki and apple school. It works well and is quite flexible, I can restrict apps and os features, set up users synced with ADDS but doing it with mac's is a little different, the surface that is exposed is far greater. You'd have to be sure of the degree of control JAMF actually offers. Things that can't be done with meraki and iOS ( afaik) include blocking access to settings app, because ( I believe) Apple doesn't allow it - what can't be done on macos? And is it a problem?

@hackdefendr @BlueBee oh, I've heard nothing but good things, however we used a third party support contractor to once in a while pop in and 'do some work' to get the MACs talking to AD... so very glad I'm no longer there. The thing with JAMF and the like is that they try to apply policies, wherever possible. The problem is that in too many cases it simply isn't possible to do certain things, so if you're a hybrid environment that cares about policy and procedures and having a maintainable stack of management tools etc, it becomes a pain. For instance: all client endpoints must have enterprise managed firewall configured centrally with x config. Or AV must be installed that applies following settings... if you can't do that with JAMF or [enter AV vendor] then you have to find Yet Another Tool. If your not a hybrid environment and its all MAC then the decision has been made at another level to make do, so all your policies will have to reflect the limitations (or not) of the chosen client OS. Personally I think MACs are too limited in how they can be configured in an enterprise, but then I haven't used them (properly) that way for an age, and I'm becoming an old timer who wants to control every aspect of how a machine works. MDMs just don't cut the mustard for me.

@paco This is the way