What do you think of the integration of Azure AD Services, Defender for Endpoint, and Intune as comprehensive security solutions?

Hi everyone, 

What do you think of the integration of Azure AD Services, Defender for Endpoint, and Intune as comprehensive security solutions?

I have demoed these solutions together. There are as well other alternatives that integrate with SaaS services.

Thank you for your help.

Ronald Chavez - PeerSpot reviewer
Cloud Services
  • 4
  • 114
PeerSpot user
4 Answers
Thomas Naylor - PeerSpot reviewer
Founder at hifo
Real User
Top 20
Feb 20, 2023

In recent years Microsoft has really upped its game with Defender and Intune.  As core cyber-security for an SME, keeping just to Microsoft is now a real option.  The challenge is understanding the gaps / cyber security service weaknesses (if they exist) in comparison with other vendors such as ESET, Malwarebytes, Trend Micro, etc.

Product comparison that may be of interest to you
Russell Rothstein - PeerSpot reviewer
CEO at PeerSpot
Feb 16, 2023

Azure AD Services, Defender for Endpoint, and Intune are all Microsoft products, but it is important to understand how each product works as they may not be compatible and there may be some limitations.

Devices managed through Intune may not have all of the Defender for Endpoint features. Some advanced features such as automated investigation and remediation may only be available for devices that are enrolled in Defender for Endpoint standalone. 

In addition, Azure AD and Intune have different requirements for device enrollment and management. Intune requires devices to be enrolled and managed through an MDM solution, while Azure AD provides basic device management capabilities but may not support all of the features available in Intune. 

Lastly, there may be limitations to how user identities and access are managed between Azure AD and Intune. Some features that are available in Azure AD, such as conditional access policies, may not suit Intune, and additional configuration may be required to ensure that user identities and access are properly managed across both services.

If anyone out there has other experiences, please let me know!

Gaurav Chandola - PeerSpot reviewer
Senior Associate Specialist at a financial services firm with 1,001-5,000 employees
Real User
Top 5Leaderboard
Feb 16, 2023

It depends on your company's infrastructure. Check with your cyber team whether you can sync your endpoints to Cloud using Azure AD as Azure Registered/ Azure Hybrid AD join/ Azure AD join, etc.       

1. So, if the ask is only to enroll them in Intune to leverage defender/BitLocker services - go directly to Azure AD's join approach.       

2. If you still want to manage patch management/mcm BitLocker but Defender via cloud, the approach should be Azure Hybrid AD join.        

3. You can still use autopilot using both of these approaches. 

James OConnor - PeerSpot reviewer
Sr. Solutions Sales Executive - Commercial/Charity/Healthcare/SMB Individual Contributor at Hypertec Direct
Feb 15, 2023

I believe it is a good first step, and I would say even a requirement, but in no way is it a comprehensive security solution, even for endpoints.  

There are many things that need to be addressed for security. In addition to this, there is XDR, MDR, more comprehensive AV for endpoints & Servers that stop attacks, Threat Hunting, Mitigation, PEN Testing, Security Training for end users, Multi-Factor Authentication (Microsoft's MFA is good but only for Microsoft products), Patch Management for Endpoints, Servers and Cloud Workloads, Network Access Control, Firewalls for On-Premise and Cloud server workloads, Network Segmentation, Password Management, Data Backups (3-2-1-1 Rule) with Immutable Backups, Power Backups, Physical Security, Monitoring, NOC/SOC services, and working towards a Zero Trust architecture...  

But there are no single-point solutions that will make you secure, so don't get complacent. And you can outspend your profits if you do everything. Just remember it's best to have a layered approach that works together and looks at everything from a security perspective and how it integrates with your overall security plans and objectives to help identify holes and possible mitigations.

Healthcare must do Risk Assessments by law, but I recommend that all companies of all sizes do at least annual risk assessments since there is so such thing as being too small or inconspicuous to be hit with malware or have a cyber security attack since much of the delivery is automated and not just by the script-kiddies of years gone by... Nation States are actively engaging in cyber warfare daily, along with terrorists, and opportunists looking to make big money from you...

Find out what your peers are saying about Microsoft Defender for Endpoint vs. Microsoft Entra ID and other solutions. Updated: September 2023.
735,432 professionals have used our research since 2012.
Related Questions
IT Coordinator at Carglass SAS
Jul 2, 2023
Hello peers,  I am an IT Coordinator at a large manufacturing company.  I am currently researching UEM tools. What are the differences between MobileIron UEM and Microsoft Intune? Which solution do you prefer? Thank you for your help.
See 2 answers
Ronald Chavez - PeerSpot reviewer
Cloud Services
Jun 28, 2023
The MobileIron UEM solution is now Ivanti and is divided into 3 areas: Client Management (EndPoint)-Mobile Management (MDM) and Desktop or workspace customization. Microsoft solutions are Defender Endpoint - Microsoft Intune (MDM and MAM). The advantage, if they are Windows, is because the Defender antivirus is managed in Defender EndPoint and the management or control of Android or Windows devices and application deployment With Intune; It is also complemented with Office 365. I hope to be helpful. https://www.ivanti.com/es/lp/uem/reports/gartner-magic-quadrant-for-uem
Avigayil Henderson - PeerSpot reviewer
Content Development Manager at PeerSpot
Jul 2, 2023
Hello Lahcen,  I am posting this comment on behalf of one of our site users who is the Head of Infrastructure at his company. He says: One of the key differences is MobileIron is much more mature than Intune in some aspects. So you have much more granular controls in MobileIron if you need to. Microsoft Intune on the other hand is easier to use in my opinion and has most features that most organization needs. If you already have a Microsoft 365 Tenant or intend to have one, Microsoft Intune is really a no-brainer. Unless you need those super granular controls that only MobileIron or Airwatch has, you will want to keep Intune. Intune is much faster and easier to deploy if you know the solution well. I typically need 1 week to configure everything in a Tenant to manage IOS & Windows devices as long as the requirements are fixed before I start the configuration. There are not many Intune experts out there but it’s not that difficult to learn either. MobileIron is a much more complicated solution and has been adopted from an on-prem solution to start with so it has its legacies limitation too. Microsoft Intune started on the cloud right from the start so it does not have such issues.
Manager, Technology Support at EL Paso Independent School District
Apr 11, 2023
Hello community,  I am the Technology Support Manager for a large educational organization. We already own Intune as we are a Microsoft house but we are looking to purchase Chromebooks in large quantities, so we want to utilize Intune to manage the devices. We were wondering what would be the pros and cons for either solution. At the moment I am swayed to use Intune as it would be a cost-savi...
2 out of 3 answers
Chief Digitalization Executive at a energy/utilities company with 1,001-5,000 employees
Apr 10, 2023
Intune is more recommended for Microsoft OS or Microsoft products. On Chromebooks, if you are going with Google tech stack of Office apps, Google Workspace will be your go-to option in this case. 
Dhiraj Verma - PeerSpot reviewer
Global Information Technology Manager at Kaleyra
Apr 10, 2023
I agree with @Saiyed Shahab Ahmed​. You should also consider the management overhead of having multiple productivity tools. 
Related Articles
Content Manager at PeerSpot (formerly IT Central Station)
Aug 17, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Single Sign-On (SSO) Tools to help...
See 2 comments
Jun 3, 2022
It was interesting not to see Okta on this list. Did it make a broader list, but not the top tools?   I have implemented Okta, and I have implemented a dual-headed Okta in the past with ease, so I was a little surprised. The other tool I use is Thycotic Secret Server for Admin passwords, though they are now part of a new company.  
rtechenthusiast85 - PeerSpot reviewer
Search Engine Optimization Specialist at LoginRadius
Aug 17, 2022
LoginRadius SSO is a single sign-on authentication that allows fast, secure access across multiple websites and apps via one single identity. Try it today.
Product Comparisons
Related Articles
Content Manager at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Top 8 Single Sign-On (SSO) Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our FREE report comparing Microsoft Defender for Endpoint and Microsoft Entra ID based on reviews, features, and more! Updated: September 2023.
735,432 professionals have used our research since 2012.