I am the Technology Support Manager for a large educational organization.
We already own Intune as we are a Microsoft house but we are looking to purchase Chromebooks in large quantities, so we want to utilize Intune to manage the devices. We were wondering what would be the pros and cons for either solution. At the moment I am swayed to use Intune as it would be a cost-savi...
What do you think of the integration of Azure AD Services, Defender for Endpoint, and Intune as comprehensive security solutions?
I have demoed these solutions together. There are as well other alternatives that integrate with SaaS services.
Thank you for your help.
Sr. Solutions Sales Executive - Commercial/Charity/Healthcare/SMB Individual Contributor at Hypertec Direct
Feb 15, 2023
I believe it is a good first step, and I would say even a requirement, but in no way is it a comprehensive security solution, even for endpoints.
There are many things that need to be addressed for security. In addition to this, there is XDR, MDR, more comprehensive AV for endpoints & Servers that stop attacks, Threat Hunting, Mitigation, PEN Testing, Security Training for end users, Multi-Factor Authentication (Microsoft's MFA is good but only for Microsoft products), Patch Management for Endpoints, Servers and Cloud Workloads, Network Access Control, Firewalls for On-Premise and Cloud server workloads, Network Segmentation, Password Management, Data Backups (3-2-1-1 Rule) with Immutable Backups, Power Backups, Physical Security, Monitoring, NOC/SOC services, and working towards a Zero Trust architecture...
But there are no single-point solutions that will make you secure, so don't get complacent. And you can outspend your profits if you do everything. Just remember it's best to have a layered approach that works together and looks at everything from a security perspective and how it integrates with your overall security plans and objectives to help identify holes and possible mitigations.
Healthcare must do Risk Assessments by law, but I recommend that all companies of all sizes do at least annual risk assessments since there is so such thing as being too small or inconspicuous to be hit with malware or have a cyber security attack since much of the delivery is automated and not just by the script-kiddies of years gone by... Nation States are actively engaging in cyber warfare daily, along with terrorists, and opportunists looking to make big money from you...
Senior Associate Specialist at a financial services firm with 1,001-5,000 employees
Feb 16, 2023
It depends on your company's infrastructure. Check with your cyber team whether you can sync your endpoints to Cloud using Azure AD as Azure Registered/ Azure Hybrid AD join/ Azure AD join, etc.
1. So, if the ask is only to enroll them in Intune to leverage defender/BitLocker services - go directly to Azure AD's join approach.
2. If you still want to manage patch management/mcm BitLocker but Defender via cloud, the approach should be Azure Hybrid AD join.
3. You can still use autopilot using both of these approaches.
Our organization researched both Microsoft Intune and IBM MaaS360 when considering the type of endpoint security tool that we wanted. Ultimately we decided to choose IBM MaaS360 to secure and manage our endpoints. IBM MaaS360 is a platform that approaches endpoint management from a user-oriented point of view. Its user interface is designed for use by those who are not necessarily technologically savvy. You can click through the interface screens and manage the program effectively.
Microsoft Intune is a software solution that allows companies to practice remote endpoint management and security from a single unified dashboard, which offers great value. However, there are too many hyperlinks needed to navigate the screen. There is simply too much technical knowledge required to manage it, which means that the average employee would not be able to use it without special training.
IBM MaaS360 can remotely enable, track, wipe, shutdown, or troubleshoot any device that is connected to it from anywhere in the world. You can send someone out into the field without a fully configured device and once they activate the program, it will handle the configuration in the field. Lost devices are now something that companies no longer have to be concerned with. Devices are now trackable from any location. Additionally, if a device is misplaced or is no longer needed, it can be remotely wiped or shut down. This can remove data that could be exploited or prevent the usage of devices by unauthorized parties. IBM MaaS360’s cognitive unified endpoint management allows users to remotely identify whether issues can be solved remotely or whether it requires an in-person examination of the device in question.
Microsoft Intune also allows for a limited degree of remote usage. As long as the device is accessible, users of Microsoft Intune can log in and perform remote troubleshooting to solve issues that may arise. Administrators can also remotely limit the type of websites that employees can access on a connected device. IBM MaaS360’s remote capabilities surpass Microsoft Intune’s,which is a large part of the reason that we chose it.
While both Microsoft Intune and IBM MaaS360 offer robust services, the intuitive nature of IBM MaaS360 gives it a big advantage over the competition. Additionally, IBM MaaS360’s remote capabilities are far more versatile than anything that Microsoft Intune can offer.