I am the Technology Support Manager for a large educational organization.
We already own Intune as we are a Microsoft house but we are looking to purchase Chromebooks in large quantities, so we want to utilize Intune to manage the devices. We were wondering what would be the pros and cons for either solution. At the moment I am swayed to use Intune as it would be a cost-savi...
What do you think of the integration of Azure AD Services, Defender for Endpoint, and Intune as comprehensive security solutions?
I have demoed these solutions together. There are as well other alternatives that integrate with SaaS services.
Thank you for your help.
Sr. Solutions Sales Executive - Commercial/Charity/Healthcare/SMB Individual Contributor at Hypertec Direct
Feb 15, 2023
I believe it is a good first step, and I would say even a requirement, but in no way is it a comprehensive security solution, even for endpoints.
There are many things that need to be addressed for security. In addition to this, there is XDR, MDR, more comprehensive AV for endpoints & Servers that stop attacks, Threat Hunting, Mitigation, PEN Testing, Security Training for end users, Multi-Factor Authentication (Microsoft's MFA is good but only for Microsoft products), Patch Management for Endpoints, Servers and Cloud Workloads, Network Access Control, Firewalls for On-Premise and Cloud server workloads, Network Segmentation, Password Management, Data Backups (3-2-1-1 Rule) with Immutable Backups, Power Backups, Physical Security, Monitoring, NOC/SOC services, and working towards a Zero Trust architecture...
But there are no single-point solutions that will make you secure, so don't get complacent. And you can outspend your profits if you do everything. Just remember it's best to have a layered approach that works together and looks at everything from a security perspective and how it integrates with your overall security plans and objectives to help identify holes and possible mitigations.
Healthcare must do Risk Assessments by law, but I recommend that all companies of all sizes do at least annual risk assessments since there is so such thing as being too small or inconspicuous to be hit with malware or have a cyber security attack since much of the delivery is automated and not just by the script-kiddies of years gone by... Nation States are actively engaging in cyber warfare daily, along with terrorists, and opportunists looking to make big money from you...
Senior Associate Specialist at a financial services firm with 1,001-5,000 employees
Feb 16, 2023
It depends on your company's infrastructure. Check with your cyber team whether you can sync your endpoints to Cloud using Azure AD as Azure Registered/ Azure Hybrid AD join/ Azure AD join, etc.
1. So, if the ask is only to enroll them in Intune to leverage defender/BitLocker services - go directly to Azure AD's join approach.
2. If you still want to manage patch management/mcm BitLocker but Defender via cloud, the approach should be Azure Hybrid AD join.
3. You can still use autopilot using both of these approaches.
Microsoft Intune is a great configuration management tool and has a lot of good things going for it. Here are some of the things I like about it:
Protected productivity: Intune gives you the ability to continue tasks in the most efficient way possible while protecting their data against online threats.
Flexibility with data control: Companies are confident in securing the devices of their employees and enrolling employee devices in their network. They can also enroll devices owned by business partners and other third-party entities. This enables companies to allow users to complete their tasks while completing their workflow with ease. At the same time, organizations can gain access to sensitive files restricted only to certain individuals.
Third-party compatibility: Intune offers support to various devices that include Android, iOS, and macOS. One of the best parts about the solution is that it can handle any mobile environment.
Cloud-based: The software is deployed within the cloud, which helps organizations of all sizes to save costs from on-premise server fees. It can also help users concentrate on their essential business processes and needs while supporting them to scale globally. I like that Microsoft Intune’s cloud-based system is constantly updated and maintained consistently.
24/7 support: When you choose to use Microsoft Intune, you have full access to technical support 24 hours a day, 7 days a week. If you’re in need of fast-tracking deployment, you can easily seek help from Microsoft’s support team.
Although I consider Microsoft Intune to be a great product, it does in fact have some drawbacks.
Lack of server support: Unfortunately, Microsoft Intune doesn’t support server-side applications.
Planning challenges: It is often difficult to predict the number or size of software updates that will occur over time, especially in an environment where most applications are going cloud native with a higher frequency of updates.
Usage fees: The solution incurs egress or monthly usage fees based on the volume of data transmitted – software deployment is often a reactive activity based on the software provider updates; usage fees add up and get more expensive over time.
Intune is good in terms of resetting the OS and applying policy to the endpoint but is quite misleading in terms of many parts of the templates it provides - e.g. password policy - talk of password policy which applies to the device NOT the user account. Likewise, it does not have any capability to do application control while it claims to do so
It cant help you to migrate user profiles from one machine to another.
If you have other Microsoft security products it will integrate (e.g. Defender system).