Microsoft Entra ID vs Microsoft Intune comparison

You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Microsoft Entra ID and Microsoft Intune based on real PeerSpot user reviews.

Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Microsoft Entra ID vs. Microsoft Intune Report (Updated: September 2023).
744,865 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"We have about 80 users in the Azure Active Directory right now, however, we know that if it was necessary to scale it for hundreds or thousands of users, it wouldn't be a problem.""Azure AD allowed us to get rid of servers and other hardware running at our offices. We moved everything to the cloud. Once we set up roles and permissions, it's only a matter of adding people and removing people from different groups and letting permissions flow through.""The most valuable features in Active Directory are the password writeback product and the MDM technology.""It has made our work easier in that it’s simplified everything for us.""The two-step authentication is the most valuable.""Azure Active Directory has been very useful for our company, it is not difficult to use.""It enhances security, especially for unregistered devices. It 1000% has security features that help to improve our security posture. It could be irritating at times, but improving the security posture is exactly what the Authenticator app does.""The solution is free to use and you can use it for every service."

More Microsoft Entra ID Pros →

"The ability to wipe data from and reset devices is one of the most important and valuable features. If a device is reported stolen, we can freeze it or wipe the data from it, preventing data leakage.""One of the best features is Windows Autopilot because if you change any of your devices, whatever security policies and compliance policies that applied can be easily migrated to the new devices. Windows Autopilot gives you that flexibility.""The ability to switch between Affinity and non-Affinity enrollment is great.""The performance of Microsoft Intune is good.""The main advantage is that Intune performs its intended functions effectively.""Based on my experience, I find Intune very flexible for managing Windows devices. We can use scripting, and we can make use of the self-service portal or the company portal to publish some of the applications for Windows.""Microsoft Endpoint Manager is not expensive overall, especially for small environments.""If you need only to load a specific profile and you don't have deep security functionalities, et cetera, Intune is very nice and good."

More Microsoft Intune Pros →

"I think something that is key would be the group policies replication over the cloud, in order to prevent or to avoid relying on the on-premise Active Directory servers and to manage group policies.""Technical support could be better.""Microsoft Entra ID's impact on access and identity management is relatively limited.""Maybe there could be a dashboard view for Active Directory with some pie or bar charts on who is logged in, who is not logged in, and on the activity of each user for the past few days: whether they're active or not active.""The monitoring dashboard could be a bit better.""I think the solution can improve by making the consumption of that data easier for our customers.""I had some issues with the Azure Active Directory on Windows XP. However, it worked well on Windows 7.""When it comes to Azure, creating certain things or getting different resources isn't very clear. You need a certain level of knowledge of the system. It could be a little bit more friendly so that some of the things can be done easily, but after everything is created, it's easy to use."

More Microsoft Entra ID Cons →

"One big problem with Microsoft is that they're changing the names of the products quite often, or they're quite consistently doing so. Intune is now Endpoint administration. Constantly switching the user interface or the administrative interface makes it quite hard to keep pace. If you are on a two-week holiday and you come back and look at the same screen you have looked at for the last couple of months, it looks different, which is annoying. Changing things around all the time doesn't make it easy.""In the next release, I would like a feature to be able to properly lock down the device. For example, if an attacker or somebody steals the phone, you can be sure that the pin cannot be broken.""It would really be helpful to have the option to manage server operating systems as well, like Windows Server, at least. That way, we could scrap the use of SCCM, which requires a lot of on-premises infrastructure.""Reporting in Microsoft solutions is pathetic. With Intune, I'm getting a free inventory tool, but I don't get a reporting tool. When I go to Intune, I can see one machine's entire data in terms of the hardware and the software running on it, but I cannot generate a report for all the machines in the organization. The reporting is the only feature holding back the functionality that is already there.""The mobile and tablet-based versions need improvement because they are not completely user-friendly, compared to the web version. Also, data synchronization with our existing asset manager, the synchronization between multiple assets and multiple devices, takes a lot of time due to the security scanning. It should be reduced.""The technical support could be improved.""In terms of what can be improved, I am looking for better enhancements regarding Apple management, not only on the mobile device, but also on the laptop.""There should be more support for macOS. Even though macOS is supported by Intune and Microsoft is working very hard to get more features into Intune to manage macOS, that's one thing they can give a lot more attention to."

More Microsoft Intune Cons →

Pricing and Cost Advice
  • "For you to make use of some of the security features, you need to upgrade your licenses. If it is possible, could they just make some features free? For instance, for the Condition Access policy, you need to set that up and be on Azure AD P2 licensing. So if they could make it free or reduce the licensing for small businesses, that would be cool, as I believe security is for everyone."
  • "It is a packaged license. We have a Premium P1 subscription of Office 365, and it came with that."
  • "It's relatively inexpensive in comparison with third-party solutions. It's highly available and supported by Microsoft Azure in our enterprise agreements. With the addition of their B2C tenants, it's hard to beat from a cost perspective now."
  • "The solution has three types of tiers: E1 has very basic features. You get limited stuff in E2 and cannot have Office 360 associated with it. E3 is on the costly side and has all the features."
  • "We don't really have a choice. It's the one shop in town. If you want this, you have to pay for it."
  • "The price of the solution's license is good."
  • "The price is fine. It's a good value for the money compared with other solutions."
  • "We have a yearly license."
  • More Microsoft Entra ID Pricing and Cost Advice →

  • "It is reasonable. When you have Microsoft 365 E3 or E5 license, it is already licensed in that license. So, you could say it is free."
  • "Every customer used to purchase licenses based on their needs."
  • "Previously the price was $4 per month per user. Now it's $2.25 per user per month."
  • "It is not a cheap solution. The price for a device when you start using it at a large scale can be improved. It is covered under our enterprise agreement. We pay once a year. I am not aware of any additional costs."
  • "The price is very reasonable."
  • "This cost is approximately $30 USD per user per month."
  • "Microsoft's licensing is more flexible and adaptive than its competitors."
  • "It's reasonable. They're not giving it away, but it's reasonable."
  • More Microsoft Intune Pricing and Cost Advice →

    Use our free recommendation engine to learn which Microsoft Security Suite solutions are best for your needs.
    744,865 professionals have used our research since 2012.
    Answers from the Community
    Ronald Chavez
    Thomas Naylor - PeerSpot reviewerThomas Naylor
    Real User

    In recent years Microsoft has really upped its game with Defender and Intune.  As core cyber-security for an SME, keeping just to Microsoft is now a real option.  The challenge is understanding the gaps / cyber security service weaknesses (if they exist) in comparison with other vendors such as ESET, Malwarebytes, Trend Micro, etc.

    Russell Rothstein - PeerSpot reviewerRussell Rothstein

    Azure AD Services, Defender for Endpoint, and Intune are all Microsoft products, but it is important to understand how each product works as they may not be compatible and there may be some limitations.

    Devices managed through Intune may not have all of the Defender for Endpoint features. Some advanced features such as automated investigation and remediation may only be available for devices that are enrolled in Defender for Endpoint standalone. 

    In addition, Azure AD and Intune have different requirements for device enrollment and management. Intune requires devices to be enrolled and managed through an MDM solution, while Azure AD provides basic device management capabilities but may not support all of the features available in Intune. 

    Lastly, there may be limitations to how user identities and access are managed between Azure AD and Intune. Some features that are available in Azure AD, such as conditional access policies, may not suit Intune, and additional configuration may be required to ensure that user identities and access are properly managed across both services.

    If anyone out there has other experiences, please let me know!

    Gaurav Chandola - PeerSpot reviewerGaurav Chandola
    Real User

    It depends on your company's infrastructure. Check with your cyber team whether you can sync your endpoints to Cloud using Azure AD as Azure Registered/ Azure Hybrid AD join/ Azure AD join, etc.       

    1. So, if the ask is only to enroll them in Intune to leverage defender/BitLocker services - go directly to Azure AD's join approach.       

    2. If you still want to manage patch management/mcm BitLocker but Defender via cloud, the approach should be Azure Hybrid AD join.        

    3. You can still use autopilot using both of these approaches. 

    James OConnor - PeerSpot reviewerJames OConnor (Hypertec Direct)

    I believe it is a good first step, and I would say even a requirement, but in no way is it a comprehensive security solution, even for endpoints.  

    There are many things that need to be addressed for security. In addition to this, there is XDR, MDR, more comprehensive AV for endpoints & Servers that stop attacks, Threat Hunting, Mitigation, PEN Testing, Security Training for end users, Multi-Factor Authentication (Microsoft's MFA is good but only for Microsoft products), Patch Management for Endpoints, Servers and Cloud Workloads, Network Access Control, Firewalls for On-Premise and Cloud server workloads, Network Segmentation, Password Management, Data Backups (3-2-1-1 Rule) with Immutable Backups, Power Backups, Physical Security, Monitoring, NOC/SOC services, and working towards a Zero Trust architecture...  

    But there are no single-point solutions that will make you secure, so don't get complacent. And you can outspend your profits if you do everything. Just remember it's best to have a layered approach that works together and looks at everything from a security perspective and how it integrates with your overall security plans and objectives to help identify holes and possible mitigations.

    Healthcare must do Risk Assessments by law, but I recommend that all companies of all sizes do at least annual risk assessments since there is so such thing as being too small or inconspicuous to be hit with malware or have a cyber security attack since much of the delivery is automated and not just by the script-kiddies of years gone by... Nation States are actively engaging in cyber warfare daily, along with terrorists, and opportunists looking to make big money from you...

    Questions from the Community
    Top Answer:We switched to Duo Security for identity verification. We’d been using a competitor but got the chance to evaluate Duo for 30 days, and we could not be happier Duo Security is easy to configure and… more »
    Top Answer:Microsoft Entra ID Protection and Microsoft Sentinel are both excellent monitoring features for Microsoft Entra ID.
    Top Answer:Entra ID's pricing is comprehensive and affordable. The prices are easy to understand, and the licenses include a variety of security monitoring and additional features.
    Top Answer:Microsoft Intune is a great tool for managing a mobile device fleet while keeping access control. The solution makes it easy to control security and manage the usage of mobile apps when you have a… more »
    Top Answer:Microsoft Intune is a great configuration management tool and has a lot of good things going for it. Here are some of the things I like about it Pros: Protected productivity: Intune gives you the… more »
    Top Answer: Microsoft Intune offers not only an easy-to-deploy data protection and productivity management solution, but also access to both Microsoft’s user community as well as around-the-clock customer… more »
    Average Words per Review
    Average Words per Review
    Also Known As
    Azure Active Directory (Azure AD), Azure Active Directory, Microsoft Authenticator
    Intune, MS Intune, Microsoft Endpoint Manager
    Learn More

    Secure access to any app or resource from anywhere

    Take advantage of adaptive identity and network access controls to secure access to any app or resource for every user or digital workload across your entire environment.

    Protect and verify every identity

    Implement consistent security policies for every user—employees, frontline workers, customers, partners—as well as apps, devices, and workloads across multicloud and hybrid.

    Provide only the access necessary

    Discover and right-size permissions, manage access lifecycles, and ensure least privilege access for any identity.

    Simplify the user experience

    Reduce IT friction and improve the hybrid workforce experience with seamless access to any resource, single sign-on, user self-service management, and automated lifecycle workflows.

    Microsoft Intune is a comprehensive cloud-based service that allows you to remotely manage mobile devices and mobile applications without worrying about the security of your organization’s data. Device and app management can be used on company-owned devices as well as personal devices.

    In an increasingly mobile workforce, Microsoft Intune keeps your sensitive data safe while on the move. Microsoft Intune makes it possible for your team members to work anywhere using their mobile devices. Microsoft Intune provides both the flexibility and the control needed for securing all your data on the cloud, no matter where the device with the data is located.

    Microsoft Intune Device Management Key Features

    With Microsoft Intune Device Management you can:

    • Ensure devices and apps are compliant with your security requirements.
    • Rapidly deploy and authenticate apps on all company devices.
    • Remotely access devices to troubleshoot issues or to remove data from them.
    • Generate reports for all devices in the system.
    • Monitor the way users access and share information to protect company information.
    • Set rules and configure settings on personal and organization-owned devices to access data and networks.
    • Create user groups and device groups, allowing you to rapidly access many users and devices simultaneously.

    Mobile Application Management

    Mobile application management in Intune is designed to protect your organization’s data at the application level.

    With Microsoft Intune Application Management you can:

    • Configure apps to run with specific settings enabled.
    • Update existing apps that are already on the device.
    • See reports on which apps are used and monitor their usage.
    • Selectively wipe organization data from apps.
    • Add mobile apps to user groups and devices.

    As part of Microsoft's Enterprise Mobility + Security (EMS) suite, Intune integrates with Microsoft Entra ID for access control and with Azure Information Protection for data protection. It also integrates with Microsoft 365 Applications.

    Reviews from Real Users

    Microsoft Intune stands out among its competitors for a number of reasons. Two major ones are its ability to secure all devices under its management and the flexibility that the solution offers its users.

    A computing services manager notes, "Its security is most valuable. It gives us a way to secure devices, not only those that are steady. We do have a few tablets and other devices, and it is a way for us to secure these devices and manage them. We know they're out there and what's their status. We can manage their life cycle and verify that they're updated properly."

    The head of IT engineering at a financial services company writes, "The one feature we find most useful is the Mobile Application Manager. There are two types: we have the complete MDM and the Mobile Application Manager (MAM). We don't give our users phones, it is their own personal phone, and we need to allow them to have access to the company details on their phone. We need to create a balance between their own personal data and the company data. We deploy the Mobile Application Manager for them so that we won't be able to interfere with their own personal data."

    Learn more about Microsoft Entra ID
    Learn more about Microsoft Intune
    Sample Customers
    Microsoft Entre ID is trusted by companies of all sizes and industries including Walmart, Zscaler, Uniper, Amtrak,, and more.
    Mitchells and Buzzers, Callaway
    Top Industries
    Computer Software Company14%
    Financial Services Firm14%
    Non Profit6%
    Educational Organization5%
    Educational Organization23%
    Computer Software Company12%
    Financial Services Firm10%
    Computer Software Company19%
    Financial Services Firm17%
    Comms Service Provider11%
    Healthcare Company5%
    Educational Organization23%
    Computer Software Company13%
    Financial Services Firm6%
    Company Size
    Small Business33%
    Midsize Enterprise14%
    Large Enterprise54%
    Small Business19%
    Midsize Enterprise32%
    Large Enterprise50%
    Small Business35%
    Midsize Enterprise12%
    Large Enterprise53%
    Small Business20%
    Midsize Enterprise33%
    Large Enterprise47%
    Buyer's Guide
    Microsoft Entra ID vs. Microsoft Intune
    September 2023
    Find out what your peers are saying about Microsoft Entra ID vs. Microsoft Intune and other solutions. Updated: September 2023.
    744,865 professionals have used our research since 2012.

    Microsoft Entra ID is ranked 4th in Microsoft Security Suite with 100 reviews while Microsoft Intune is ranked 3rd in Microsoft Security Suite with 72 reviews. Microsoft Entra ID is rated 8.8, while Microsoft Intune is rated 8.4. The top reviewer of Microsoft Entra ID writes "Saves time, creates a single pane of glass, and offers good conditional access features". On the other hand, the top reviewer of Microsoft Intune writes "Enables you to use MDM to lock devices and push restrictions, but isn't as stable as other solutions". Microsoft Entra ID is most compared with Google Cloud Identity, Auth0, Yubico YubiKey, Cisco Duo and RSA SecurID Access, whereas Microsoft Intune is most compared with Jamf Pro, VMware Workspace ONE, ManageEngine Endpoint Central, SOTI MobiControl and Cisco Meraki Systems Manager (MDM+EMM). See our Microsoft Entra ID vs. Microsoft Intune report.

    See our list of best Microsoft Security Suite vendors.

    We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.