IT Asset Management and Endpoint Management

IT asset management (ITAM) and endpoint management tools track hardware inventory, manage device lifecycles, enforce configurations, and maintain visibility across organisational fleets. ITAM focuses on the administrative record: what devices exist, who owns them, when warranties expire, and how assets depreciate. Endpoint management extends to active control: deploying software, enforcing security policies, and remediating configuration drift on managed devices.

This page covers tools that provide asset tracking, device inventory, and endpoint configuration management. Tools focused exclusively on security monitoring appear in Security and Monitoring. Mobile device management (MDM) capabilities are included where tools provide cross-platform management, but dedicated MDM-only solutions for iOS or Android are not covered here.

Requirements taxonomy

This taxonomy defines evaluation criteria for asset and endpoint management tools. Requirements are organised by functional area and weighted by typical priority for mission-driven organisations.

Functional requirements

Asset tracking and inventory

Automated discovery and inventory

Endpoint configuration management

Reporting and analytics

Technical requirements

Deployment and hosting

Integration architecture

Security requirements

Authentication and access control

Data protection

Operational requirements

Administration

Monitoring and maintenance

Comparison matrices

Rating scale

Tool overview

Asset tracking capabilities

Assessment notes:

• Snipe-IT and GLPI provide the most comprehensive traditional ITAM features including depreciation, warranties, and consumables
• Fleet focuses on endpoint visibility rather than administrative asset tracking
• Foreman focuses on server provisioning; asset tracking is secondary to configuration management
• Commercial tools (Intune, Jamf Pro) emphasise device management over financial asset tracking

Automated inventory capabilities

Assessment notes:

• Snipe-IT is a pure ITAM tool without agent or discovery capabilities; inventory is manual or via API integration
• GLPI provides the GLPI Agent for automated inventory across platforms
• Fleet uses osquery for deep endpoint visibility with real-time query capability
• Foreman uses Puppet or Ansible for configuration; inventory is a byproduct
• Intune provides comprehensive inventory for Windows and mobile; Linux support is limited
• Jamf Pro focuses exclusively on Apple platforms

Endpoint management capabilities

Assessment notes:

• Snipe-IT does not provide endpoint management; it is purely asset tracking
• GLPI requires plugins for most endpoint management features
• Fleet provides MDM for Apple and configuration management via osquery for all platforms
• Foreman excels at server provisioning and configuration management
• Intune and Jamf Pro provide full MDM and endpoint management capabilities

Integration capabilities

Assessment notes:

• All tools provide REST APIs with varying coverage
• Microsoft Intune uses Microsoft Graph API with GraphQL capabilities
• Fleet provides extensive osquery-based integrations with SIEM and security tools
• GLPI relies heavily on plugins for third-party integrations

Security capabilities

Assessment notes:

• Commercial tools (Intune, Jamf Pro) have extensive compliance certifications
• Snipe-IT hosted version provides SOC 2 compliance
• Self-hosted FOSS tools require organisations to implement their own compliance controls

Individual tool assessments

Snipe-IT

Metadata

Overview

Snipe-IT is a web-based IT asset management system built on Laravel (PHP framework). The project has been actively developed since 2013 and provides comprehensive asset lifecycle tracking without endpoint agent capabilities. Snipe-IT focuses on the administrative aspects of asset management: tracking ownership, location, warranty status, depreciation, and licence compliance.

The architecture follows a traditional web application model with MySQL or MariaDB backend. Snipe-IT does not include agents for automated inventory collection; instead, it relies on manual data entry, CSV imports, or API integrations with other tools that perform discovery. This design makes it suitable for organisations that need robust asset tracking but already have separate tools for endpoint management.

Snipe-IT is developed by Grokability, Inc., which offers both the open source version and a hosted cloud service with additional support options.

Capability assessment

Snipe-IT excels at traditional IT asset management functions. The asset model supports hardware tracking with component relationships, consumable inventory with quantity management, and software licence tracking with seat counting. Each asset maintains a complete history of assignments, status changes, and modifications.

The depreciation engine supports multiple calculation methods including straight-line and declining balance, with scheduled reports for financial planning. Warranty tracking includes expiry alerting and integration with purchase order information.

For organisations requiring barcode-based workflows, Snipe-IT generates and scans 1D and 2D barcodes including QR codes. Mobile-friendly responsive design supports field-based asset audits.

The REST API provides comprehensive programmatic access to all features, enabling integration with discovery tools, help desk systems, and custom automation. Third-party libraries exist for Python, PowerShell, Go, and other languages.

Key strengths

1. Comprehensive traditional ITAM: Full asset lifecycle support including depreciation, warranties, consumables, and licence tracking exceeds most endpoint management tools
2. Active development: Frequent releases with responsive community support
3. Clean API: Well-documented REST API with OpenAPI specification enables reliable integrations
4. Flexible deployment: Self-hosted at no cost or managed cloud service with 99.99% SLA
5. Low resource requirements: Runs on modest hardware; suitable for small organisations

Key limitations

1. No endpoint agents: Cannot perform automated inventory collection; requires external discovery tools or manual entry
2. No configuration management: Does not deploy software or enforce endpoint configurations
3. No MDM capabilities: Cannot manage mobile devices or enforce security policies
4. Limited real-time visibility: Asset status reflects last manual update or API import, not live device state

Deployment and operations

Self-hosted deployment requires a LAMP stack (Linux, Apache/Nginx, MySQL/MariaDB, PHP 8.1+). Official Docker images are available. The installation process is well-documented with active community support.

System requirements for self-hosted deployment:

• 2 CPU cores minimum
• 2 GB RAM minimum (4 GB recommended for larger deployments)
• 20 GB storage (varies with attachment storage needs)
• MySQL 8.0+ or MariaDB 10.6+

The hosted cloud service eliminates infrastructure management and provides automatic updates, backups, and uptime guarantees.

Integration capabilities

Cost analysis

Organisational fit

Best suited for:

• Organisations needing comprehensive asset lifecycle management (depreciation, warranties, procurement)
• Environments with existing discovery or endpoint management tools needing a dedicated ITAM layer
• Budget-constrained organisations requiring self-hosted deployment
• Organisations with barcode-based asset audit workflows

Less suitable for:

• Organisations requiring automated endpoint inventory without additional tools
• Environments needing unified asset tracking and endpoint management in one platform
• Organisations primarily managing mobile devices

GLPI

Metadata

Overview

GLPI (Gestionnaire Libre de Parc Informatique) is an open source IT service management platform combining asset management, help desk, and ITIL-aligned service management. Developed since 2003, GLPI provides comprehensive asset tracking with native automated inventory through the GLPI Agent.

The platform architecture separates the core GLPI application from the inventory agent. GLPI Agent supports Windows, Linux, macOS, and Android, collecting hardware specifications, installed software, and network configuration. The agent reports to GLPI via HTTP/HTTPS on configurable schedules.

GLPI is developed by Teclib’, which also offers GLPI Network (commercial support) and a cloud-hosted service. The plugin ecosystem extends functionality significantly; essential plugins include FusionInventory (legacy inventory), FormCreator (custom forms), and various integrations.

Capability assessment

GLPI provides integrated asset management and ITSM functionality. The asset management module tracks computers, network equipment, peripherals, software, and consumables with full lifecycle support including financial tracking, contracts, and suppliers.

The GLPI Agent collects detailed inventory automatically:

• Hardware: CPU, memory, storage, firmware versions, BIOS information
• Software: Installed applications with versions and publishers
• Network: Interfaces, IP addresses, connections
• Operating system: Type, version, patch level

The ITSM component provides ticket management, problem management, change management, and a service catalogue. Assets link directly to tickets, enabling incident tracking and impact analysis.

Entity separation supports multi-tenant deployments where organisations or departments maintain separate asset views with delegated administration.

Key strengths

1. Integrated ITSM: Combined asset management and service desk reduces tool sprawl
2. Native inventory agent: Cross-platform automated discovery without third-party dependencies
3. ITIL alignment: Formal service management processes for mature IT operations
4. Plugin ecosystem: Extensive customisation through marketplace plugins
5. Entity separation: Multi-tenant architecture suits federated organisations
6. Data centre features: Network topology, rack management, power distribution tracking

Key limitations

1. Complexity: Full ITSM platform is more complex than dedicated ITAM tools
2. Documentation gaps: Documentation quality varies; some features poorly documented
3. Plugin dependencies: Essential features require plugins with varying maintenance status
4. No MDM: Cannot manage mobile devices or enforce endpoint configurations
5. Limited real-time management: Inventory is periodic; no real-time query capability

Deployment and operations

Self-hosted deployment requires a LAMP/LEMP stack with PHP 8.1+ and MySQL 8.0+ or MariaDB 10.5+. Installation involves web-based setup wizard after extracting files.

System requirements:

• 2 CPU cores minimum (4+ recommended)
• 4 GB RAM minimum (8 GB+ recommended)
• 20 GB storage (more for attachments and inventory data)
• PHP 8.1+ with required extensions
• MySQL 8.0+ or MariaDB 10.5+

GLPI Agent deployment:

• Windows: MSI installer, GPO deployment supported
• Linux: RPM/DEB packages available
• macOS: PKG installer
• Android: APK for mobile inventory

Integration capabilities

Cost analysis

Organisational fit

Best suited for:

• Organisations wanting integrated asset management and help desk
• Environments requiring ITIL-aligned service management processes
• Multi-entity organisations needing delegated administration
• Organisations with data centre infrastructure requiring topology tracking

Less suitable for:

• Small organisations needing simple asset tracking without ITSM
• Environments requiring real-time endpoint management
• Organisations primarily managing Apple or mobile devices

Fleet

Metadata

Overview

Fleet is an open source device management platform built on osquery, the open source endpoint agent originally developed by Facebook. Fleet provides cross-platform visibility into endpoint state through SQL-based queries, combined with MDM capabilities for macOS, Windows, iOS, and iPadOS.

The architecture centres on osquery’s ability to expose operating system state as queryable tables. Fleet adds a management server for enrolling devices, scheduling queries, aggregating results, and enforcing policies. The fleetd agent wraps osquery with additional capabilities including MDM enrollment, software deployment, and secure certificate management.

Fleet is developed by Fleet Device Management Inc., which offers both the open source core and Fleet Premium with additional enterprise features.

Capability assessment

Fleet’s core strength is endpoint visibility through osquery. Administrators write SQL queries against 300+ osquery tables covering:

• System information: hardware, OS, users, groups
• Security: certificates, browser extensions, firewall rules, encryption status
• Software: installed applications, running processes, startup items
• Network: interfaces, connections, DNS cache, routing

Queries can run on-demand (live queries) or on schedules (scheduled queries). Results aggregate in Fleet for reporting, export, or integration with SIEM platforms.

Fleet’s MDM capabilities (added in 2023-2024) include:

• macOS: Configuration profiles, software deployment, FileVault management
• Windows: Configuration profiles (via Intune-compatible schema), software deployment
• iOS/iPadOS: Device enrollment, configuration profiles, app deployment

Fleet Premium adds features including vulnerability detection (matching installed software against CVE databases), automations, and premium support.

Key strengths

1. Deep endpoint visibility: osquery’s SQL-based approach enables granular queries impossible with traditional inventory agents
2. Cross-platform consistency: Same query language across macOS, Windows, Linux, iOS, iPadOS
3. GitOps workflow: Configuration as code enables version-controlled fleet management
4. Real-time queries: Live query capability provides instant answers about fleet state
5. Vulnerability detection: Premium feature matches software inventory against CVE databases
6. Transparency: Open source agent; users can verify exactly what data is collected
7. Security integrations: Native connectors for Snowflake, Splunk, Elastic, Vanta

Key limitations

1. Complexity: osquery learning curve steeper than traditional management tools
2. Resource consumption: osquery agent consumes more resources than lightweight inventory agents
3. Premium features: Vulnerability detection and some automations require paid tier
4. Limited traditional ITAM: No financial tracking, depreciation, or warranty management
5. Newer MDM: MDM capabilities less mature than Intune or Jamf Pro

Deployment and operations

Self-hosted deployment requires MySQL 8.0+ and Redis 6.0+. Fleet server is distributed as a Go binary or Docker image. Kubernetes deployment via Helm chart is documented.

System requirements for Fleet server (managing 10,000 hosts):

• 4 CPU cores
• 8 GB RAM
• MySQL with 100 GB storage
• Redis with 2 GB memory

fleetd agent requirements:

• macOS 12+, Windows 10+, major Linux distributions
• 50-100 MB RAM typical usage
• 100 MB disk space

Integration capabilities

Cost analysis

Organisational fit

Best suited for:

• Security-conscious organisations needing deep endpoint visibility
• Engineering-oriented teams comfortable with SQL and GitOps workflows
• Cross-platform environments (macOS, Windows, Linux, iOS)
• Organisations integrating endpoint data with SIEM or data platforms

Less suitable for:

• Organisations needing traditional ITAM (depreciation, warranties, procurement)
• Teams preferring GUI-based management over query-based approaches
• Small organisations without security engineering capacity
• Apple-only environments (Jamf Pro offers deeper Apple integration)

Foreman + Katello

Metadata

Overview

Foreman is an open source lifecycle management platform for server provisioning, configuration, and orchestration. Katello is a Foreman plugin adding content management capabilities including repository mirroring, content views, and subscription management. Together, they provide comprehensive server management for enterprise Linux environments.

The architecture integrates multiple components: Foreman provides the core web interface and host management, Katello manages content (RPM/DEB packages, Puppet modules), and Smart Proxies distribute services (DHCP, DNS, TFTP, Pulp) across geographic locations.

Foreman with Katello is the upstream project for Red Hat Satellite, the commercial offering with support subscriptions.

Capability assessment

Foreman + Katello excels at enterprise Linux server management:

Provisioning:

• Bare metal: PXE boot with kickstart/preseed automation
• Virtual: VMware, RHEV, oVirt, Proxmox, cloud providers
• Container: Kubernetes and OpenShift integration
• Discovery: Automatic detection of unprovisioned hardware

Configuration management:

• Puppet: Native Puppet integration with ENC (External Node Classifier)
• Ansible: Ansible integration for playbook execution
• Salt: Salt master integration available

Content management (Katello):

• Repository mirroring for RHEL, CentOS, Ubuntu, custom repos
• Content views for controlling package versions across environments
• Lifecycle environments (Dev → QA → Production)
• Subscription management for Red Hat systems

Key strengths

1. Comprehensive Linux management: End-to-end lifecycle from provisioning through decommissioning
2. Content management: Granular control over package versions across environments
3. Multi-tool orchestration: Integrates Puppet, Ansible, Salt for configuration management
4. Geographic distribution: Smart Proxy architecture supports distributed deployments
5. Red Hat alignment: Upstream of Red Hat Satellite; compatible practices
6. Scale: Designed for thousands of hosts across multiple locations

Key limitations

1. Complexity: Steep learning curve; requires significant expertise to deploy and operate
2. Linux-focused: Limited support for Windows; no macOS or mobile device management
3. Self-hosted only: No cloud-hosted option; requires infrastructure investment
4. Resource intensive: Server requirements are substantial for the full stack
5. No traditional ITAM: Financial tracking, depreciation, warranty management not included

Deployment and operations

Foreman with Katello requires Enterprise Linux 8 or 9 (RHEL, AlmaLinux, Rocky Linux). Installation uses the foreman-installer, a Puppet-based deployment tool.

Minimum system requirements:

• 4 CPU cores
• 20 GB RAM
• 150 GB storage (more for content mirroring)
• Enterprise Linux 8 or 9
• Dedicated server recommended

Content storage requirements scale with mirrored repositories. A typical deployment mirroring RHEL, EPEL, and common repositories requires 300+ GB for content.

Integration capabilities

Cost analysis

Organisational fit

Best suited for:

• Organisations with substantial Linux server estates requiring lifecycle management
• DevOps teams implementing infrastructure as code practices
• Environments requiring controlled software distribution across lifecycle stages
• Organisations comfortable with self-hosted infrastructure and Puppet/Ansible expertise

Less suitable for:

• Organisations primarily managing workstations or mobile devices
• Small organisations without dedicated Linux systems administration capacity
• Environments requiring Windows or macOS management
• Organisations seeking managed/hosted solutions

Microsoft Intune

Metadata

Overview

Microsoft Intune is a cloud-based unified endpoint management (UEM) service integrated into the Microsoft 365 ecosystem. Intune manages Windows, macOS, iOS, iPadOS, Android, and Linux devices through a single console accessible via the Microsoft Intune admin center.

Intune operates as a SaaS service with no on-premises components required. Device enrollment connects endpoints to the Intune service, where administrators configure policies, deploy applications, and monitor compliance. Intune integrates deeply with Microsoft Entra ID (formerly Azure AD) for identity, Defender for Endpoint for security, and Autopilot for zero-touch deployment.

Capability assessment

Intune provides comprehensive endpoint management across platforms:

Device management:

• Windows: Full MDM with device configuration, BitLocker management, Windows Update for Business
• macOS: Device enrollment, configuration profiles, FileVault management
• iOS/iPadOS: Supervised and user enrollment, app deployment, managed settings
• Android: Work profile, fully managed, dedicated device modes
• Linux: Basic enrollment and compliance (Ubuntu, RHEL)

Configuration management:

• Settings catalog: Granular policy configuration with 5,000+ settings
• Configuration profiles: Templates for common scenarios
• Endpoint security: Attack surface reduction, firewall, antivirus policies
• Compliance policies: Define requirements, automated remediation

Application management:

• Microsoft 365 apps: Native deployment and update management
• Win32 apps: MSI, MSIX, EXE deployment with detection rules
• Store apps: Microsoft Store, Apple App Store, Google Play
• LOB apps: Custom line-of-business application deployment

Key strengths

1. Microsoft ecosystem integration: Seamless connection with Microsoft 365, Entra ID, Defender
2. Cross-platform coverage: Single console for Windows, macOS, iOS, Android
3. Zero-touch deployment: Windows Autopilot and Apple Business Manager integration
4. Compliance-driven access: Conditional Access policies enforce device compliance
5. Copilot integration: AI-assisted policy creation and troubleshooting
6. Scale: Manages millions of devices across Microsoft’s customer base
7. Nonprofit programme: Discounted pricing available through Microsoft Nonprofits

Key limitations

1. Cloud-only: No on-premises deployment option; requires internet connectivity
2. Microsoft dependency: Deep tie to Microsoft ecosystem may limit flexibility
3. Complexity: Extensive feature set creates learning curve
4. Cost structure: Per-user licensing can be expensive for large workforces
5. US jurisdiction: Data processed through Microsoft’s cloud (CLOUD Act applies)
6. Linux support: Linux management is less mature than Windows or macOS

Deployment and operations

Intune is a SaaS service requiring no infrastructure deployment. Administrators access the Intune admin center via web browser.

Licensing requirements:

• Microsoft Intune Plan 1: Included in Microsoft 365 E3/E5, Business Premium
• Microsoft Intune Plan 2: Add-on for advanced features
• Microsoft Intune Suite: Comprehensive add-on including Endpoint Privilege Management

Device enrollment methods vary by platform:

• Windows: Autopilot, Azure AD join, hybrid Azure AD join
• macOS: Apple Business Manager, user enrollment
• iOS/iPadOS: Apple Business Manager, user enrollment
• Android: Android Enterprise enrollment

Integration capabilities

Cost analysis

Note: Microsoft changed nonprofit grant offerings in 2025. Verify current eligibility and pricing through Microsoft Nonprofits programme.

Organisational fit

Best suited for:

• Organisations already invested in Microsoft 365 ecosystem
• Mixed device environments (Windows, macOS, mobile)
• Organisations requiring Conditional Access integration with identity
• Environments prioritising cloud-native management without infrastructure

Less suitable for:

• Organisations avoiding Microsoft ecosystem lock-in
• Environments requiring on-premises management
• Apple-focused organisations (Jamf provides deeper Apple integration)
• Organisations with data sovereignty concerns regarding US cloud providers

Jamf Pro

Metadata

Overview

Jamf Pro is an Apple-focused enterprise management platform providing device enrollment, configuration, security, and application management for macOS, iOS, iPadOS, tvOS, visionOS, and watchOS. With over 20 years of Apple management expertise, Jamf provides same-day support for new Apple operating system releases.

Jamf Pro operates as either a cloud-hosted service (Jamf Cloud) or self-hosted deployment on customer infrastructure. The platform integrates with Apple Business Manager (formerly DEP and VPP) for zero-touch device enrollment and app distribution.

Capability assessment

Jamf Pro provides comprehensive Apple device management:

Device enrollment:

• Zero-touch deployment via Apple Business Manager
• User-initiated enrollment for BYOD
• Automated device setup and configuration
• Pre-stage enrollment customisation

Configuration management:

• Configuration profiles: Full Apple payload support
• Scripts: Custom script deployment and execution
• Policies: Triggered actions based on events or schedules
• Blueprints: Declarative device management (introduced 2024)

Application management:

• Mac App Store: VPP app deployment
• Self Service: User-initiated software catalogue
• Patch management: Automated software updates
• Package deployment: PKG, DMG installer distribution

Security:

• FileVault management: Encryption key escrow
• Gatekeeper: Application allow/block lists
• Firmware password: NVRAM protection
• Jamf Protect integration: Endpoint security

Key strengths

1. Apple expertise: Deepest integration with Apple management frameworks
2. Same-day support: New macOS/iOS versions supported on release day
3. Self Service: Polished end-user portal for software and support
4. Deployment flexibility: Cloud or self-hosted to meet data residency needs
5. Jamf ecosystem: Integrates with Jamf Connect (identity), Jamf Protect (security)
6. Community: Active Jamf Nation community with peer support
7. Education pricing: Substantial discounts for educational institutions

Key limitations

1. Apple-only: No support for Windows, Linux, or Android devices
2. Cost: Higher per-device cost than some alternatives
3. Complexity: Full feature utilisation requires Apple device management expertise
4. No traditional ITAM: Financial tracking and depreciation not included
5. Self-hosted overhead: On-premises deployment requires infrastructure management

Deployment and operations

Jamf Cloud (hosted):

• No infrastructure required
• Automatic updates and maintenance
• Regional data centres available

Self-hosted requirements:

• macOS Server, Linux, or Windows Server
• MySQL or MariaDB database
• 8 GB RAM minimum
• 150 GB storage minimum

Jamf agent deployment:

• Jamf Management Framework installed on managed devices
• Supports Apple Remote Desktop for initial deployment
• Bootstrap package deployment via Apple Business Manager

Integration capabilities

Cost analysis

Note: Education pricing requires verification. Nonprofit-specific pricing is not formally published but organisations should contact Jamf directly.

Organisational fit

Best suited for:

• Organisations with Apple-focused device fleets
• Environments requiring same-day support for Apple OS releases
• Schools and higher education institutions
• Organisations valuing self-hosted deployment for data control
• Teams needing polished end-user self-service experience

Less suitable for:

• Mixed-platform environments requiring Windows/Android management
• Small organisations with limited Apple device management expertise
• Budget-constrained organisations prioritising cost over Apple-specific features
• Organisations primarily managing servers rather than workstations

Selection guidance

Decision framework

                    +----------------------------------+
                    | What is the primary requirement? |
                    +----------------+-----------------+
                                     |
         +---------------------------+---------------------------+
         |                           |                           |
         v                           v                           v
+--------+--------+        +--------+--------+        +--------+--------+
| Asset lifecycle |        | Endpoint        |        | Server          |
| management      |        | management      |        | provisioning    |
| (inventory,     |        | (config, MDM,   |        | (Linux          |
| depreciation)   |        | compliance)     |        | infrastructure) |
+-----------------+        +-----------------+        +-----------------+
         |                           |                           |
         v                           v                           v
+--------+--------+        +--------+--------+        +--------+--------+
| Need ITSM/help  |        | Primary         |        | Foreman +       |
| desk too?       |        | platform?       |        | Katello         |
+--------+--------+        +--------+--------+        +-----------------+
    |         |                     |
    v         v                     v
  Yes        No          +---------+----------+
    |         |          |         |          |
    v         v          v         v          v
+-------+  +--------+  Apple   Microsoft  Cross-platform
| GLPI  |  |Snipe-IT|    |         |          |
+-------+  +--------+    v         v          v
                    +------+  +-------+   +------+
                    | Jamf |  |Intune |   | Fleet|
                    | Pro  |  |       |   |      |
                    +------+  +-------+   +------+

Recommendations by organisational context

Organisations with minimal IT capacity

Primary recommendation: Snipe-IT (hosted) or Microsoft Intune

For asset tracking only, Snipe-IT’s hosted service provides comprehensive ITAM without infrastructure management. The interface is straightforward, and support is included with hosting plans.

For endpoint management with Microsoft 365 already in use, Intune requires no infrastructure and integrates with existing identity. The nonprofit programme provides substantial discounts.

Implementation approach:

1. Start with Snipe-IT hosted for asset tracking (manual entry or CSV import)
2. Add Intune if endpoint configuration management is needed
3. Connect Snipe-IT to Intune via API for automated inventory updates

Organisations with established IT functions

Primary recommendation: GLPI + Fleet or Intune + dedicated ITAM

GLPI provides integrated asset management and service desk, reducing tool sprawl. GLPI Agent automates inventory collection. For organisations needing deeper endpoint visibility, Fleet’s osquery-based approach complements GLPI’s ITAM strengths.

For Microsoft-centric environments, Intune handles endpoint management while a dedicated ITAM tool (Snipe-IT or GLPI) manages financial tracking and lifecycle data that Intune does not address.

Implementation approach:

1. Deploy GLPI for integrated ITAM and service desk
2. Deploy GLPI Agent or Fleet for automated inventory
3. Integrate with existing directory services (AD/LDAP)
4. Configure compliance policies and reporting

Apple-focused organisations

Primary recommendation: Jamf Pro

For organisations where Apple devices constitute the majority of the fleet, Jamf Pro provides the deepest integration with Apple management frameworks. Same-day OS support ensures compatibility as Apple releases updates.

Implementation approach:

1. Enroll devices via Apple Business Manager
2. Configure Jamf Pro policies and profiles
3. Deploy Self Service for end-user software access
4. Consider Jamf Protect add-on for endpoint security

Complement with: Snipe-IT for financial asset tracking (depreciation, warranties) that Jamf Pro does not provide.

Organisations with specific data sovereignty requirements

Primary recommendation: Self-hosted FOSS solutions

For organisations with strict data residency requirements or concerns about US cloud provider jurisdiction, self-hosted open source solutions provide complete control over data location.

Options by function:

• Asset tracking: Snipe-IT (self-hosted)
• Asset tracking + ITSM: GLPI (self-hosted)
• Endpoint visibility: Fleet (self-hosted)
• Server provisioning: Foreman + Katello (self-hosted)

Note: Self-hosting requires infrastructure and expertise. Organisations should assess whether the data sovereignty benefit justifies the operational overhead.

Large or federated organisations

Primary recommendation: GLPI or commercial tools with multi-tenant support

GLPI’s entity separation architecture supports delegated administration across organisational units. Each entity maintains separate asset views while central IT retains oversight.

For well-funded organisations, Microsoft Intune’s integration with Microsoft 365 and Entra ID provides unified management across geographic and organisational boundaries.

Implementation considerations:

1. Define entity/tenant structure matching organisational hierarchy
2. Establish central policies with local administration delegation
3. Implement reporting that aggregates across entities
4. Plan synchronisation with federated directory services

Migration paths

Resources and references

Official documentation

Nonprofit programme links

Relevant standards

See also

• Asset Management -Concepts and processes for managing IT assets
• Configuration Management -CMDB design and configuration tracking
• Hardware Lifecycle -Device lifecycle from procurement to disposal
• Identity and Access Management -Identity systems that integrate with endpoint management
• ITSM and Help Desk -Service desk tools that complement asset management
• Security and Monitoring -Security tools that integrate with endpoint management