TLDR: Kandji rebranded to Iru and expanded beyond Apple device management to cover Windows, Android, EDR, vulnerability management, compliance automation, and workforce identity in a single platform. If you're evaluating Kandji alternatives, this guide compares Iru to the seven most common options (Jamf, Intune, JumpCloud, NinjaOne, Mosyle, Addigy, and Rippling) with honest assessments of where each tool is strongest.

If you're reading this, something in your stack probably isn't working. Maybe your MDM renewal came back higher than expected. Maybe a compliance audit revealed that your security tools aren't actually talking to each other. Maybe device management works fine for one OS but every ticket from the other is a small nightmare. Or maybe the team has just grown to the point where running separate tools for device management, endpoint security, and compliance feels less like a strategy and more like a liability.

What Iru (formerly Kandji) brings to the table

Before getting into individual comparisons, here's what Iru offers as a unified platform. Over 6,000 companies use Iru today, including Airbus, Notion, Plaid, Vercel, Loveable, and Demandbase.

Cross-platform endpoint management

Mac, Windows, Android, iOS, iPadOS, tvOS, and visionOS from a single console with a single lightweight agent. The Apple management capabilities (zero-touch deployment, Blueprint automation, granular policy controls) carry over from Kandji. Windows and Android support was built natively rather than acquired and bolted on.

Integrated EDR and vulnerability management

Behavioral analysis, threat hunting, and automated response built into the same platform that manages your devices. When a vulnerability is detected, remediation happens through the same agent and policy engine, not a separate tool.

AI-powered compliance automation

Continuous evidence collection and tailored controls for SOC 2, ISO 27001, and HIPAA. Instead of spending weeks preparing for audits, Iru AI builds controls for your team and maintains compliance posture as a background process.

Passwordless workforce identity

SSO and device trust integrated directly with endpoint management, removing the need for a separate IAM tool and the integration work that comes with it.

24/5 support from IT engineers

Average initial response time is under 2 minutes, and the people responding have hands-on admin experience rather than working from scripts. Iru maintains a 98% customer support satisfaction rating.

"Iru is so reliable. It's really night and day from where we were before."

— Robby Siu, Senior IT Manager, Demandbase

Demandbase saw a 75% reduction in Mac-related support tickets after switching to Iru. Syndio freed up 600 hours of IT staff time per year and achieved a 3x return on investment.

Kandji (now Iru Endpoint) vs. Jamf

Jamf is the most established name in Apple device management and earns that reputation. Two decades of deep Apple-specific development means Jamf Pro has a feature depth, particularly around advanced policy scoping, complex Smart Group logic, and its active community of certified administrators, that no newer entrant has fully replicated. Organizations with dedicated Jamf specialists and custom automation built on Jamf's API have real infrastructure value there. Jamf Nation, the community forum, is also a genuinely useful resource for complex Mac admin work.

Where platform scope and security diverge

The meaningful divergence point is scope. Jamf was built for Apple and stays there. If your organization has Windows or Android devices, or expects to, Jamf requires separate tools for those platforms, which means separate consoles, separate policies, and separate reporting.

Security capabilities are also structured differently. Jamf Protect (EDR) and Compliance Editor are separate add-on products with their own interfaces and pricing. Iru includes EDR, vulnerability management, and compliance automation as native capabilities in the same platform, sharing the same data layer as device management. When a threat is detected, the same platform that manages the device handles the response, no handoff between products required.

Pricing is worth modeling carefully. Jamf's layered SKU structure (Jamf Pro, Jamf Business Security, Jamf Protect as separate add-ons) makes total cost of ownership harder to predict than Iru's transparent per-device pricing.

On G2, Iru carries a 4.75/5 overall rating. On Capterra (4.8/5 across 108 reviews vs. Jamf's 4.7/5 across 537), reviewers switching from Jamf most commonly cite setup complexity and the learning curve for advanced features as their reasons for moving. See our Iru vs. Jamf comparison.

"Migrating to Iru from Jamf was quick and easy, and was completed in half the time we first planned."

— Shai Ankory, IT Manager, Lusha

Choose Jamf if: You're a large, Apple-only organization with a dedicated Jamf admin team, deep ecosystem investment, and complex policy requirements that benefit from Jamf's customization depth and community support.

Choose Iru if: You manage a mixed fleet, want security and compliance built into your endpoint platform rather than purchased separately, or want the Apple management depth Kandji was known for combined with a much broader feature set.

Kandji (now Iru Endpoint) vs. Microsoft Intune

If your organization runs on Microsoft 365, Intune is a genuinely compelling option. It's included in many M365 licensing bundles, integrates natively with Entra ID, and for Windows-first environments the device management capabilities are solid. Organizations that have already standardized on the Microsoft stack: Defender, Entra, Purview, get real value from keeping device management in the same ecosystem. That integration isn't just convenience; it's meaningful for conditional access policies, compliance reporting, and security event correlation.

Where your Microsoft investment draws the line

The friction point for most organizations evaluating both tools is Apple. Intune's Mac management has improved, but it's still designed around a Windows-first architecture, polling-based rather than persistent-connection, fewer native automation options, and a more manual compliance workflow than what dedicated Apple MDM tools provide. For teams where Mac is primary (not secondary), that gap is noticeable in day-to-day administration.

"Intune manages Mac very poorly. Enrollment is flakey and it's a constant battle to keep apps and OS versions up to date. The difference working with Iru is night and day."

— Justin Severinsen, Cloud Systems Engineer, AVB Marketing

Iru's automated patching covers 200+ workplace apps across Mac and Windows with proactive prompts and intelligent update logic. For organizations where Mac users need the same quality of management experience as Windows users, not a second-class version of it, that difference matters.

The other consideration is licensing build-up. Comparable EDR functionality in the Microsoft ecosystem requires Microsoft Defender for Endpoint. Passwordless identity features comparable to Iru's require Entra ID Premium. These aren't deal-breakers if you're already paying for M365 E5, but for organizations not on that tier, the costs compound quickly and create multiple administrative surfaces to manage. Iru bundles these capabilities at the platform level.

Choose Intune if: Your organization is primarily Windows, deeply invested in Microsoft 365, and the bundled licensing and native Microsoft integrations make Intune the most cost-effective path, especially if Mac management is a secondary concern.

Choose Iru if: Mac is a first-class part of your fleet, you want deep Apple management alongside Windows and Android, or you're looking to consolidate endpoint management, EDR, and compliance automation without layering additional Microsoft licenses. See our Iru vs. Intune comparison.

Kandji (now Iru Endpoint) vs. JumpCloud

JumpCloud takes a fundamentally different starting point than most MDM tools: it's a cloud directory platform with device management built in, rather than a device management platform with directory features added. For organizations that need a modern replacement for on-prem Active Directory with SSO, user provisioning, and basic device policies in one place, that approach works well. JumpCloud's directory and identity capabilities are legitimately strong, and for smaller teams that want everything tied to user identity rather than device configuration, it's a coherent product.

Where directory-first has its limits

The tradeoff is device management depth. Because JumpCloud leads with directory, the MDM layer is designed for coverage rather than depth, basic configuration profiles, limited automation, and minimal security features at the endpoint. For organizations that need granular control over their devices (staged patch rollouts, Blueprint-style automation, autonomous app updates for 200+ applications) JumpCloud's lighter approach shows.

"Iru has proven to be a far superior choice for our needs. The platform's intuitive design made policy implementation a breeze and tailored to our organization's requirements."

— Vahid Hashemi, Sr. Manager of IT and Security Operations, Humi

Endpoint security is also outside JumpCloud's scope. If you need EDR, vulnerability scanning, or threat hunting, that requires a separate tool, which means a separate console, separate agent, and manual coordination between your directory, MDM, and security platforms. Iru handles vulnerability detection and remediation through the same agent that manages the device.

For compliance-driven organizations, JumpCloud can enforce basic device policies but doesn't collect audit evidence or maintain continuous compliance posture for frameworks like SOC 2 or ISO 27001. That work still needs to happen elsewhere. See our Iru vs. Jumpcloud comparison.

"Iru ensures that our devices stay secure and compliant with our internal policies, helping us achieve ISO 27001 standards."

— Gabriel Gullon, CTO, Permisso

Choose JumpCloud if: You're building your IT stack around cloud directory and user identity, you need a modern Active Directory replacement with basic device policies included, and your endpoint security and compliance requirements are straightforward.

Choose Iru if: You need enterprise-grade device management and security alongside identity capabilities, or your compliance requirements go beyond basic policy enforcement.

Kandji (now Iru Endpoint) vs. NinjaOne

NinjaOne is a well-regarded RMM platform built for MSPs and IT teams running Windows-heavy environments. Its patch management, remote monitoring, scripting, and alerting capabilities are genuinely strong, and its per-technician pricing model is designed for how MSPs actually bill. For service providers managing large Windows client networks, NinjaOne is a capable, purpose-built tool.

Where your situation determines the answer

NinjaOne's architecture reflects its RMM roots. Mac management is available but not a focus, organizations with significant Mac fleets find it lacks the depth they need for zero-touch Apple deployment, granular macOS policy controls, and managed app configurations for iOS. If Macs are a meaningful part of your fleet rather than a handful of exceptions, the management gap becomes apparent.

The bigger divergence is security. NinjaOne provides patch management and endpoint monitoring, but doesn't include behavioral threat analysis, threat hunting, or automated incident response. Organizations using NinjaOne for security typically pair it with a separate EDR tool, which adds cost, another agent on the endpoint, and coordination overhead between platforms. See our Iru vs. NinjaOne comparison.

"With Iru, we've significantly reduced IT workload, improved security posture, and enhanced the employee experience."

— Erez Epstein, Senior Manager of IT and Operations, Hunters

Choose NinjaOne if: You're an MSP or internal IT team managing primarily Windows endpoints where RMM functionality, remote access, monitoring, and scripting across client networks, is your primary need, and per-technician pricing fits your business model.

Choose Iru if: You manage a mixed fleet with a real Mac and mobile presence, need integrated endpoint security beyond monitoring, or want to consolidate MDM, EDR, and patch management under a single agent.

Kandji (now Iru Endpoint) vs. Mosyle

Mosyle has a strong reputation in education and among small Apple-focused organizations for good reason. Its Apple School Manager and Apple Business Manager integrations are well-executed, pricing is accessible for smaller deployments, and for straightforward Apple device management needs, particularly in K-12 and higher ed, it covers the essentials well. Schools managing shared iPads and Mac labs don't need the overhead of an enterprise-grade security platform.

Where your growth changes the equation

For organizations scaling into enterprise security and compliance territory, Mosyle's education-first roots show. EDR, vulnerability management, threat hunting, and automated compliance evidence collection for SOC 2 or ISO 27001 aren't part of the platform. If those requirements arrive, and they tend to arrive as companies grow, you'll need additional tools.

Mosyle is also Apple-only. Windows and Android devices require a separate management platform, which introduces the usual fragmentation: separate consoles, separate policies, fragmented reporting.

For organizations beyond a few hundred devices, the difference in automation depth starts to matter more. Iru's Blueprint automation, Auto Apps for 200+ applications with autonomous patching, and automatic compliance drift remediation reduce the ongoing admin overhead that Mosyle's simpler model still requires at scale.

Choose Mosyle if: You're an educational institution or small business with an Apple-only fleet, very simple MDM needs, and you value competitive pricing over enterprise security and compliance features.

Choose Iru if: You're a growing organization that needs cross-platform support, enterprise-grade endpoint security, compliance automation, or you're approaching the point where basic Apple MDM isn't keeping up with IT demands. See our Iru vs. Mosyle comparison.

Kandji (now Iru Endpoint) vs. Addigy

Addigy is built for Apple MSPs and technically skilled IT teams who want hands-on control. Live terminal access, a custom scripting engine, and granular per-device monitoring give administrators direct access to their fleet in ways that pre-built automation platforms don't. For MSPs who've built sophisticated custom workflows in Addigy, or teams where scripting is a core competency and flexibility matters more than out-of-the-box convenience, that's a genuine strength, not a workaround.

Where the scripting dependency surfaces

The tradeoff with script-dependent workflows is long-term maintainability. When the admin who wrote the scripts moves on, or Apple pushes an OS update that breaks them, the burden of maintaining those workflows falls on whoever inherits the environment. Iru's pre-built automations, Auto Apps, Blueprint enforcement, drift remediation, are maintained by Iru's platform team rather than by individual admins. For organizations where turnover is a factor or where IT coverage is thin, that distinction matters. See our Iru vs. Addigy comparison. 

"Iru does all the heavy lifting for you with their Auto Apps, enforcing updates and ensuring that all most common apps you see today are ready to be deployed."

— Miles Gargaritano, IT Manager, Ada

Endpoint security is the clearer gap. Addigy doesn't include integrated EDR or vulnerability management, so threat detection and response require separate tools.

Planning Center cut the time their one-person IT team spent on endpoint security by roughly 15% after switching to Iru's integrated solution, and reduced weekly EDR management from up to 6 hours to minutes.

Like Mosyle, Addigy is Apple-only, and compliance automation for SOC 2 or ISO 27001 requires external tooling or manual processes.

Choose Addigy if: You're an Apple-focused MSP or a technically skilled team with established scripting workflows, and the flexibility to build and maintain custom automations is more valuable to you than pre-built alternatives.

Choose Iru if: You want platform-maintained automations that don't depend on custom scripts, need integrated EDR and compliance automation, or manage devices beyond Apple.

Kandji (now Iru Endpoint) vs. Rippling

Rippling has built something genuinely useful: a unified platform where HR, IT, and Finance operate on the same data model. When someone is hired, Rippling can provision their laptop, accounts, and app access in one automated workflow. When they leave, it can deprovision everything. For companies where IT and HR are tightly coupled and operational efficiency matters more than endpoint management depth, that's a real advantage, not a consolation prize.

Where the trade offs show up

Rippling's device management is designed to serve the HR lifecycle, not to serve IT and security teams who need granular endpoint control. That means enrollment, basic profile deployment, and app installation are covered, but the advanced automation, deep Apple management, and security capabilities that dedicated endpoint platforms provide aren't Rippling's focus.

For Mac-forward organizations, the gap is most visible in things like zero-touch deployment with custom enrollment workflows, Blueprint-based policy automation, and managed OS update controls. Those are core to what Iru does; they're edge cases in Rippling's model.

Endpoint security is the clearest divergence. Rippling's security model focuses on identity and access, who can get in, and to what. EDR, vulnerability scanning, and behavioral threat detection at the device level require a separate tool. See our Iru vs. Rippling comparison.

"Iru is helping our endpoint security infrastructure to be the best it possibly can be."

— Christian Corrales, Senior Security Engineer, Varo Bank

It's also worth noting that Iru and Rippling can coexist. Iru integrates with existing HR systems, so organizations using Rippling for payroll and people management can still use Iru for endpoint security and device management without choosing between them.

Choose Rippling if: You're building your HR and IT stack at the same time, employee lifecycle automation is a top priority, and your device management needs are relatively straightforward.

Choose Iru if: Your IT and security requirements go beyond basic provisioning, you need deep Apple management or endpoint security, or you're separating device management from your HR platform and want a dedicated solution for each.

How to decide

The right tool depends on what matters most to your organization. Here's a summary to help narrow it down:

Customers who switch to Iru consistently report significant time savings and efficiency gains. Demandbase saw a 75% reduction in Mac-related support tickets. (source) Syndio freed up 600 hours of IT staff time per year. (source) GoCardless cut device enrollment time by 83% and reclaimed the equivalent of a full-time engineer. (source)

Iru offers a free 14-day trial for Workforce Identity, Endpoint Management, Vulnerability Management, and Endpoint Detection and Response, so you can evaluate the platform against your actual environment before committing.

If you're evaluating multiple tools because no single platform covers everything you need, that's the problem Iru was built to solve. The platform started as Kandji's Apple management foundation and expanded to cover the capabilities that previously required three or four separate products.

See how Iru compares for your environment

The best way to evaluate any of these tools is to see them against your actual requirements. Book a demo to get your 14 day trial, and we'll walk through how Iru handles your specific fleet, security needs, and compliance requirements.

For detailed side-by-side feature comparisons with each competitor, visit our comparison pages.