All Projects
Device Management

Mobile Device Management Rollouts

Full MDM deployments across Jamf, Mosyle, IRU, and Microsoft Intune. Zero-touch enrollment, security baselines, app deployment, and lifecycle automation for Apple-first and cross-platform fleets.

Reviewed by the Stabilise engineering team.

+44 203 355 7522

What's Involved

How we deliver this

Why MDM stops being optional above ten devices

A spreadsheet of serial numbers and a shared admin password works until it doesn't. Once you cross ten devices, manual onboarding, ad-hoc app installs, and "please update your laptop" Slack messages start eating real hours. Once you cross fifty, the security gaps become audit findings. Once you cross a hundred, you cannot pass Cyber Essentials Plus, ISO 27001, or SOC 2 without proper Mobile Device Management.

MDM is the layer that turns a pile of devices into a managed fleet. Policy applied automatically, apps deployed without user effort, security posture provable on demand, and lifecycle events (joiner, mover, leaver) handled in minutes instead of days.

The platforms we deploy

We're platform-agnostic. The right tool depends on what you run, what your security posture needs to be, and what you already own. We have engineers certified on all four.

Jamf Pro

Apple-only, enterprise depth. The most mature platform for serious Mac fleets. The right choice when you have over fifty Macs, compliance requirements, or complex policy needs. Stabilise is a Jamf Silver Partner, and our engineers hold Jamf 200 (Certified Jamf Pro Administrator), Jamf 300 (Certified Jamf Expert), and Jamf 370 certifications. We deploy Jamf Pro, Jamf Connect, and Jamf Protect as a complete stack.

Mosyle

Apple-only, lighter footprint than Jamf, lower cost per seat. The right fit for growing creative teams and SMBs that need full MDM features without Jamf's enterprise complexity. Mosyle Business and Mosyle Fuse (which bundles MDM, identity, encryption, and endpoint security) both supported.

IRU (formerly Kandji)

Apple-first MDM with a strong focus on compliance automation and drift correction. Particularly good for businesses going for SOC 2 or ISO 27001 where you need provable, automatically-remediated device state. Library blueprints and pre-built compliance frameworks reduce setup time significantly.

Microsoft Intune

The right choice when your fleet is cross-platform (Mac, iOS, Windows, Android), when you're already deep in Microsoft 365, or when your compliance framework is built around Entra ID and Conditional Access. We deploy Intune as a primary MDM or alongside Jamf via Cloud Connector for organisations that need both.

What a rollout includes

Every MDM rollout follows the same shape regardless of platform.

  1. Audit and inventory. Every device, every user, every existing tool that might fight the MDM. We catalogue first so nothing gets missed during cutover.
  2. Apple Business Manager setup. Required for zero-touch enrollment. We connect ABM (or Apple School Manager) to your MDM, link device serial numbers to your tenant, and handle the bulk import.
  3. Policy baseline. FileVault, screen lock, firewall, password complexity, software update enforcement, Gatekeeper hardening, USB restrictions. Baseline meets Cyber Essentials Plus out of the box.
  4. App deployment. Required apps pushed automatically. Optional apps available via Self Service or the Company Portal. Adobe Creative Cloud, DaVinci Resolve, Microsoft 365, Slack, browsers, and internal tools, all delivered without user effort.
  5. Zero-touch enrollment. New device ships from Apple, arrives at your team's desk, signs in with their work account, and is fully configured within minutes.
  6. Monitoring and reporting. Alerts for offline devices, missing patches, encryption failures, and security incidents. Monthly fleet reports for IT and quarterly summaries for senior management.
  7. Lifecycle automation. Joiner workflows that provision new starters in under an hour. Leaver workflows that wipe and recover devices the moment HR closes the ticket. Mover workflows that swap policies when someone changes teams or location.

Migrating from an existing MDM

Most clients come to us with an MDM already in place that nobody owns. Either the original engineer left, or it was deployed by a generalist MSP that did not understand Apple. We migrate fleets from JumpCloud, Hexnode, Workspace ONE, Addigy, and unconfigured Intune deployments without losing devices, breaking apps, or forcing user-facing factory resets. Migration plans are scoped so users see no interruption to their working day.

Compliance and audit

MDM done properly is what makes Cyber Essentials Plus, ISO 27001, SOC 2, and HIPAA achievable rather than aspirational. We configure the platform so the evidence you need for audit is automatically generated and exportable. No manual screenshot collection, no spreadsheet evidence packs, no scrambling the week before assessment.

Stabilise credentials

  • Jamf Silver Partner
  • Jamf 200, Certified Jamf Pro Administrator
  • Jamf 300, Certified Jamf Expert
  • Jamf 370
  • Apple Certified Macintosh Technician (ACMT)
  • Apple Certified Support Professional (ACSP)
  • Cyber Essentials Plus certified

Every rollout we deliver is led by an engineer who has actually built the platform, not just resold a licence.

How a Project Lands

Scoped, priced, delivered.

Every project follows the same predictable path. You know what you're paying for and when it lands, before we write a single line of config.

01

Discovery

We assess scope, requirements, and constraints. You get a clear picture of what's involved before we quote.

02

Plan & Quote

Fixed scope, fixed price, fixed timeline. No hourly billing, no scope creep, no surprise invoices.

03

Delivery

We build it while your team keeps working. Zero downtime, 90 days of post-project optimisation included.

More like this

Related projects

Device Management

Fleet Refresh & Hardware Lifecycle

Plan and execute a full hardware refresh. Procurement through Apple Business Manager, zero-touch deployment, old device recovery and certified wiping.

2025View project

Want this delivered for your team?

We'll scope it, give you a clear plan, and tell you exactly what it costs. No obligation.

+44 203 355 7522