We performed a comparison between Microsoft Entra ID and Microsoft Intune based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We have about 80 users in the Azure Active Directory right now, however, we know that if it was necessary to scale it for hundreds or thousands of users, it wouldn't be a problem."
"Azure AD allowed us to get rid of servers and other hardware running at our offices. We moved everything to the cloud. Once we set up roles and permissions, it's only a matter of adding people and removing people from different groups and letting permissions flow through."
"The most valuable features in Active Directory are the password writeback product and the MDM technology."
"It has made our work easier in that it’s simplified everything for us."
"The two-step authentication is the most valuable."
"Azure Active Directory has been very useful for our company, it is not difficult to use."
"It enhances security, especially for unregistered devices. It 1000% has security features that help to improve our security posture. It could be irritating at times, but improving the security posture is exactly what the Authenticator app does."
"The solution is free to use and you can use it for every service."
"The ability to wipe data from and reset devices is one of the most important and valuable features. If a device is reported stolen, we can freeze it or wipe the data from it, preventing data leakage."
"One of the best features is Windows Autopilot because if you change any of your devices, whatever security policies and compliance policies that applied can be easily migrated to the new devices. Windows Autopilot gives you that flexibility."
"The ability to switch between Affinity and non-Affinity enrollment is great."
"The performance of Microsoft Intune is good."
"The main advantage is that Intune performs its intended functions effectively."
"Based on my experience, I find Intune very flexible for managing Windows devices. We can use scripting, and we can make use of the self-service portal or the company portal to publish some of the applications for Windows."
"Microsoft Endpoint Manager is not expensive overall, especially for small environments."
"If you need only to load a specific profile and you don't have deep security functionalities, et cetera, Intune is very nice and good."
"I think something that is key would be the group policies replication over the cloud, in order to prevent or to avoid relying on the on-premise Active Directory servers and to manage group policies."
"Technical support could be better."
"Microsoft Entra ID's impact on access and identity management is relatively limited."
"Maybe there could be a dashboard view for Active Directory with some pie or bar charts on who is logged in, who is not logged in, and on the activity of each user for the past few days: whether they're active or not active."
"The monitoring dashboard could be a bit better."
"I think the solution can improve by making the consumption of that data easier for our customers."
"I had some issues with the Azure Active Directory on Windows XP. However, it worked well on Windows 7."
"When it comes to Azure, creating certain things or getting different resources isn't very clear. You need a certain level of knowledge of the system. It could be a little bit more friendly so that some of the things can be done easily, but after everything is created, it's easy to use."
"One big problem with Microsoft is that they're changing the names of the products quite often, or they're quite consistently doing so. Intune is now Endpoint administration. Constantly switching the user interface or the administrative interface makes it quite hard to keep pace. If you are on a two-week holiday and you come back and look at the same screen you have looked at for the last couple of months, it looks different, which is annoying. Changing things around all the time doesn't make it easy."
"In the next release, I would like a feature to be able to properly lock down the device. For example, if an attacker or somebody steals the phone, you can be sure that the pin cannot be broken."
"It would really be helpful to have the option to manage server operating systems as well, like Windows Server, at least. That way, we could scrap the use of SCCM, which requires a lot of on-premises infrastructure."
"Reporting in Microsoft solutions is pathetic. With Intune, I'm getting a free inventory tool, but I don't get a reporting tool. When I go to Intune, I can see one machine's entire data in terms of the hardware and the software running on it, but I cannot generate a report for all the machines in the organization. The reporting is the only feature holding back the functionality that is already there."
"The mobile and tablet-based versions need improvement because they are not completely user-friendly, compared to the web version. Also, data synchronization with our existing asset manager, the synchronization between multiple assets and multiple devices, takes a lot of time due to the security scanning. It should be reduced."
"The technical support could be improved."
"In terms of what can be improved, I am looking for better enhancements regarding Apple management, not only on the mobile device, but also on the laptop."
"There should be more support for macOS. Even though macOS is supported by Intune and Microsoft is working very hard to get more features into Intune to manage macOS, that's one thing they can give a lot more attention to."
Microsoft Entra ID is ranked 4th in Microsoft Security Suite with 100 reviews while Microsoft Intune is ranked 3rd in Microsoft Security Suite with 72 reviews. Microsoft Entra ID is rated 8.8, while Microsoft Intune is rated 8.4. The top reviewer of Microsoft Entra ID writes "Saves time, creates a single pane of glass, and offers good conditional access features". On the other hand, the top reviewer of Microsoft Intune writes "Enables you to use MDM to lock devices and push restrictions, but isn't as stable as other solutions". Microsoft Entra ID is most compared with Google Cloud Identity, Auth0, Yubico YubiKey, Cisco Duo and RSA SecurID Access, whereas Microsoft Intune is most compared with Jamf Pro, VMware Workspace ONE, ManageEngine Endpoint Central, SOTI MobiControl and Cisco Meraki Systems Manager (MDM+EMM). See our Microsoft Entra ID vs. Microsoft Intune report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
In recent years Microsoft has really upped its game with Defender and Intune. As core cyber-security for an SME, keeping just to Microsoft is now a real option. The challenge is understanding the gaps / cyber security service weaknesses (if they exist) in comparison with other vendors such as ESET, Malwarebytes, Trend Micro, etc.
Azure AD Services, Defender for Endpoint, and Intune are all Microsoft products, but it is important to understand how each product works as they may not be compatible and there may be some limitations.
Devices managed through Intune may not have all of the Defender for Endpoint features. Some advanced features such as automated investigation and remediation may only be available for devices that are enrolled in Defender for Endpoint standalone.
In addition, Azure AD and Intune have different requirements for device enrollment and management. Intune requires devices to be enrolled and managed through an MDM solution, while Azure AD provides basic device management capabilities but may not support all of the features available in Intune.
Lastly, there may be limitations to how user identities and access are managed between Azure AD and Intune. Some features that are available in Azure AD, such as conditional access policies, may not suit Intune, and additional configuration may be required to ensure that user identities and access are properly managed across both services.
If anyone out there has other experiences, please let me know!
It depends on your company's infrastructure. Check with your cyber team whether you can sync your endpoints to Cloud using Azure AD as Azure Registered/ Azure Hybrid AD join/ Azure AD join, etc.
1. So, if the ask is only to enroll them in Intune to leverage defender/BitLocker services - go directly to Azure AD's join approach.
2. If you still want to manage patch management/mcm BitLocker but Defender via cloud, the approach should be Azure Hybrid AD join.
3. You can still use autopilot using both of these approaches.
I believe it is a good first step, and I would say even a requirement, but in no way is it a comprehensive security solution, even for endpoints.
There are many things that need to be addressed for security. In addition to this, there is XDR, MDR, more comprehensive AV for endpoints & Servers that stop attacks, Threat Hunting, Mitigation, PEN Testing, Security Training for end users, Multi-Factor Authentication (Microsoft's MFA is good but only for Microsoft products), Patch Management for Endpoints, Servers and Cloud Workloads, Network Access Control, Firewalls for On-Premise and Cloud server workloads, Network Segmentation, Password Management, Data Backups (3-2-1-1 Rule) with Immutable Backups, Power Backups, Physical Security, Monitoring, NOC/SOC services, and working towards a Zero Trust architecture...
But there are no single-point solutions that will make you secure, so don't get complacent. And you can outspend your profits if you do everything. Just remember it's best to have a layered approach that works together and looks at everything from a security perspective and how it integrates with your overall security plans and objectives to help identify holes and possible mitigations.
Healthcare must do Risk Assessments by law, but I recommend that all companies of all sizes do at least annual risk assessments since there is so such thing as being too small or inconspicuous to be hit with malware or have a cyber security attack since much of the delivery is automated and not just by the script-kiddies of years gone by... Nation States are actively engaging in cyber warfare daily, along with terrorists, and opportunists looking to make big money from you...