MDM WITHOUT THE RELIGION
Mobile Device
Management
Done Properly
Hexnode for mixed-OS fleets, Intune for Microsoft-heavy shops with the right licences. We size the choice to your fleet, then plan the rollout so users actually enrol.
2
MDMs we deploy in anger
100%
Device visibility post-rollout
< 10 min
Autopilot enrolment
R0
Lock-in to either vendor
Accreditations & partnerships
Microsoft 365
CSP Partner
Hexnode
MDM Partner
Apple
Business Manager
Android
Enterprise
Google Workspace
Partner
Founded 2001
24 years trading
Hexnode + Intune both deployed
Independent advice, vendor-neutral
Apple Business Manager reseller linkage
Direct line, no support queue
Unmanaged fleet vs. managed fleet
What a typical SMB fleet looks like before and after an MDM engagement.
Unmanaged devices
Personal phones syncing work mailNo PIN, no encryption, no remote wipe. The first stolen device is your audit.
Mac drift across the fleetFileVault status is a guess. Patching is voluntary. Nobody knows what's on them.
Compliance policies that misfireA policy written for Windows applied to all platforms. The IT admin's Mac locks out at 2am.
No compliance dashboardYou have enrolled devices and zero visibility into whether any of them are actually compliant.
VS
With OSH MDM
Full fleet visibility in one consoleEvery device (encrypted, patched, enrolled) reported in real time.
Selective wipe in one clickDevice goes missing. Company mail, apps, files wiped. Personal data untouched.
Conditional Access piloted properlyPolicies tested on a group first. No accidental lockouts. Break-glass accounts excluded.
Cyber insurance answeredYes, we can prove fleet compliance state at any point in time. Yes, encryption is enforced.
WHAT WE DEPLOY
MDM Solutions We Deploy
Hexnode MDM
Cross-platform management for mixed Apple/Windows/Android/ChromeOS fleets. Cleaner UI, faster Apple Business Manager setup, and honest cross-platform parity.
Microsoft Intune
The right call for Windows-heavy shops on Business Premium, E3, or E5. Bundled licence, native Conditional Access, and Autopilot zero-touch enrolment.
Apple Business Manager
ABM / DEP enrolment so iPhones, iPads, and Macs configure themselves on first boot. We handle the reseller linkage and Hexnode or Intune integration.
BYOD Policy Design
Work profiles, app protection policies, and a signed BYOD policy that gives users privacy and gives you data control. Both tools do it; the policy is what matters.
Conditional Access
Block non-compliant devices, require MFA from untrusted locations, protect sensitive apps. Wired up properly so the IT admin's MacBook isn't the first casualty.
Compliance Reporting
A dashboard that tells you which devices are encrypted, patched, and not jailbroken. Not just that you have 47 enrolled.
PLATFORM CHOICE
Hexnode or Intune: which one fits?
We deploy both. The choice depends on your fleet, not our preference.
MIXED-OS FLEETS
Hexnode MDM
No Microsoft licence required
Right when you have:
- Mac + iOS + Android + Windows in the same fleet
- ChromeOS devices that need managing
- No qualifying M365 SKU (Business Premium / E3 / E5)
- A small IT team that needs a simpler console
WINDOWS-FIRST SHOPS
Microsoft Intune
Bundled in Business Premium, E3, E5
Right when you have:
- Windows-heavy fleet on Business Premium or E3+
- Conditional Access as the priority security gate
- Autopilot for zero-touch Windows provisioning
- Existing Intune included in your M365 licence
HOW IT WORKS
How an MDM Engagement Runs
01
Fleet Audit
Inventory by OS, by ownership (corporate vs BYOD), by enrolment readiness. We surface the Macs nobody told us about.
02
Tool Selection
Hexnode or Intune, with reasoning tied to your M365 SKUs, Apple footprint, and IT team size. Sometimes both, scoped per platform.
03
Pilot Rollout
Ten devices across the riskiest groups. Compliance policies, app deployment, conditional access wired up and tested before anyone else sees it.
04
Phased Enrolment
Users enrol first, policies tighten later. We never ship blocking compliance before the fleet is in. That's the worst rollout you can do.
Fleet under control in one engagement. No lock-in to either vendor.
Book a 60-minute fit assessment. We inventory your fleet by OS, look at the M365 licences you already pay for, and give you a written recommendation on Hexnode vs Intune, or both. No pitch. No slide deck.
QUESTIONS
MDM Questions We Get Asked
Business Premium includes Intune, so the licensing question is already answered for Windows and personal phones. The real question is whether your team has set it up properly. Most haven’t. Default tenants ship with no compliance policies, no Conditional Access, and no Autopilot profiles. The licence is the cheap bit; the configuration is the work.
Yes, and we sometimes recommend it. Intune for Windows (because Conditional Access is the killer feature), Hexnode for Macs and Androids (because the UI is friendlier and Apple Business Manager integration is cleaner). Two consoles, but each one doing what it’s best at.
On a corporate iPhone with Apple Business Manager, the user unboxes, picks Wi-Fi, signs in, and the device configures itself. On a BYOD Android, they install the company portal app, sign in, accept a work profile, done. On Windows with Autopilot, they sign in once and walk away while it provisions. None of this requires the user to be technical.
Modern MDM uses work profiles and app protection. We can see device compliance state (encrypted, patched, not jailbroken) but not personal photos, personal apps, or personal browsing. Set the expectation up front, write it into the BYOD policy, and complaints drop to near zero.
Selective wipe: company mail, company apps, company files removed. Personal data untouched. On corporate-owned devices, full wipe. Either way, one click in the console.
For a 50-seat shop on Business Premium: roughly four to six weeks calendar time, of which maybe two weeks is hands-on engineering. Autopilot profiles, compliance policies, app packaging, Conditional Access rules, pilot, then phased rollout. Bigger fleets stretch longer because of app packaging volume.
Hexnode handles ChromeOS reasonably. Intune does not, in any meaningful sense. If you have more than a handful of Chromebooks, Hexnode wins that argument before we even start.
Both. Some clients want us to design and build the MDM, hand over documentation, and step back. Others want us holding the console permanently. We’ll quote either way.
Get a 60-Minute MDM Fit Assessment
We inventory your fleet by OS, sketch your BYOD-vs-corporate split, look at the M365 licences you already pay for, and tell you whether Hexnode, Intune, or both is the right answer. No pitch, written reasoning.
Email us directly
support@osh.co.za
