The unified endpoint management platform for IT and security teams that run fleets across every modern platform — with an ML layer that forecasts disk, battery, thermal, and memory failures days before users notice.
Insight + Manage + Automate + Connect. The four-quadrant UEM. Each module stands alone or compounds with the others.
We are not "yet another MDM with two checkboxes for compliance." The catalog ships pre-baked across all six platforms, against every framework procurement asks about.
Native agents where they buy us deep telemetry. Official MDM channels where the OS forbids agents. Same Smart Groups, same audit log, same 2-person rule everywhere.
| Platform | Integration | Insight | Manage | Zero-touch path |
|---|---|---|---|---|
| macOS | Native Rust agent (mTLS MQTT) | Apple Business Manager DEP | ||
| Windows | Native agent (WMI · PDH · ATA pass-through) | Windows Autopilot (Microsoft Graph) | ||
| Linux | Native agent (procfs · sysfs · journald) | apt / dnf / yum / zypper repo | ||
| iOS | Apple MDM protocol via APNS | Apple Business Manager DEP | ||
| Android | Android Management API (AMAPI) | Android Enterprise QR + Zero-Touch | ||
| ChromeOS | Google Workspace Admin SDK | Workspace domain auto-enrolment |
The predictive layer is plumbed into the dispatch surface. The compliance layer feeds your identity provider. The ML layer flags failures days before users notice. Each layer is what the others should have been.
Augur predicts which devices will fail this week — those devices automatically join a Smart Group. One click pushes a remediation script, a config profile, or an app to the matching set. Detect → fix in one product.
Our ML doesn't just train on your fleet; it pools failure signals across anonymised cohorts and learns which device generations, OS combinations, and software patterns predict outages. A failure pattern that hit one customer's fleet flags yours before it reaches you.
Wipe, mass-uninstall, bulk reboot — every destructive verb supports an approval gate. Issuer cannot self-approve. Built into every tier, not gated behind enterprise SKUs like Intune Multi-Admin Approval.
Okta / Azure AD / Google / generic OIDC asks Augur "is this device compliant?" before issuing a session token. The Intune-killer feature, available without Microsoft.
5 pre-baked baselines, 62 controls, automatic delta-against-fleet. Click "Apply CIS Level 1" and ~16 settings land at once. Kandji ships this for macOS only; we ship it cross-platform.
End-users open the portal on their device, browse approved apps, click install. Sensitive apps queue for one-click admin approval. Removes the "I need Slack installed" ticket queue that swallows 30-40% of IT time.
Compliance posture, integration roadmap, and pricing model adapted to where your regulators, end-users, and procurement office actually live.
Augur ships the same control-plane verbs as the incumbents. The differentiators are structural — they require both the ML and the MDM under one roof.
| Capability | Augur | Jamf | Kandji | Intune |
|---|---|---|---|---|
| Run scripts on devices | ||||
| Configuration profiles (mobileconfig / CSP / AE policy) | ||||
| App deployment + Self Service catalog | ||||
| Compliance evaluation + drift detection | ||||
| Smart Groups (dynamic device queries) | ||||
| Remote lock / wipe / power | ||||
| Append-only audit log | ||||
| Audit log → SIEM (Splunk HEC + webhooks) | ||||
| SAML SSO + SCIM provisioning | ||||
| Zero-touch enrolment (DEP · Autopilot · AE · Workspace) | ||||
| Pre-baked CIS / NIST / HIPAA / PCI baselines | — | — | ||
| Extension Attributes (custom inventory scripts) | — | — | ||
| Conditional Access (compliance-to-IdP loop) | — | — | ||
| EDR / MTD integration (Defender · Falcon · S1 · Lookout) | — | — | ||
| MAM — App Protection Policies for BYOD | — | — | ||
| Apple DDM (Declarative Device Management) | — | |||
| Samsung Knox SDK (Knox-enrolled fleets) | — | — | — | |
| Identity-bound local Mac accounts (Jamf Connect-style) | — | |||
| All six platforms (mac/win/linux/iOS/Android/CrOS) | — | — | ||
| Native Linux agent | — | — | — | |
| 2-person rule on destructive ops (every tier) | — | — | — | |
| Approval-gated Self Service | — | — | — | |
| Predictive ML (disk · battery · thermal · memory) | — | — | — | |
| Time-to-failure forecasts with p10/p90 bounds | — | — | — | |
| Per-prediction explainability (feature attribution) | — | — | — | |
| LLM-powered audit + incident summarisation | — | — | — | |
| Cross-fleet cohort intelligence | — | — | — | |
| ML-driven Smart Group membership | — | — | — | |
| Conversational rule builder (natural language) | — | — | — | |
| Phased ring deployment (5→25→50→100% with auto-pause) | — | — | ||
| Software Catalog with CVE annotation + license seats | — | — | ||
| Bulk-action wizard + scheduled reports + custom dashboards | ||||
| ≤1% CPU agent SLO (instrumented) | — | — | — |
Marks reflect each platform's documented general-availability surface as of mid-2026. Some competitor offerings exist as add-ons or in enterprise SKUs.
Three packaged tiers, plus a fully custom enterprise option for MSPs and regulated industries.
Privacy and security aren't afterthoughts — they're constraints from line one.
Every agent–broker connection uses mutual TLS with per-tenant topic ACLs. Device A can't see device B's commands, even within a tenant.
Telemetry is metadata only — never screen content, keystrokes, or file contents. The agent's data model literally can't carry PII.
Every command, every approval, every policy change → 7-year-retention audit trail. SOC 2 CC7.2-aligned.
Forward the audit log to Splunk HEC or any webhook. HMAC-signed, exponential-backoff retries, dead-letter pause on bad receivers.
Wipes, mass uninstalls, fleet reboots — every destructive verb supports an N-of-N approval gate. Issuer cannot self-approve.
Federated auth via your IdP (Okta, Azure AD, Google). Automatic user provisioning + deprovisioning via SCIM 2.0.
28 cross-tenant regression tests across 7 services. The same "not found" wording on foreign-tenant access — no ID enumeration.
Rust agent runs at ≤1% avg CPU, ≤80 MB RAM, ≤50 MB/day egress on idle. Instrumented; CI fails builds that exceed it.
Compliance & integrations
30-minute demo. We'll walk you through Insight, Manage, and the Smart-Group bridge against a simulated fleet — then talk through rollout sequencing for your platforms.
No credit card required · Self-serve demo available immediately