Microsoft Intune vs. MDM for Office 365Alex Fields
I have previously written about configuring Mobile Device Management for Office 365. The Office 365 Admin Center has a great subset of features lifted from Microsoft’s cloud-based Intune service, which is admittedly a much more “full-blown” MDM solution.
Whether you are using MDM for Office 365 or Microsoft Intune, the enrollment process works basically the same way from the perspective of end-users (presumably, since it is using the same back-end). But from an administrative standpoint, the feature set is just a lot more robust from the Intune portal, compared to what you get in the Office 365 Admin Center.
The best resource I know of for comparing the difference between these services is here: Ways to do enterprise mobility.
The following is a summary of that resource, describing what you get with Office 365 MDM:
- Cloud-based mobile management: Manage iPhone, Android and Windows phones and tablets with no infrastructure required.
- Conditional access: Ensure that Office 365 corporate email and documents can be accessed only on phones and tablets that are managed by your company and that are compliant with your IT policies.
- Device management: Set and manage security policies, like device level pin lock and jailbreak detection, to help prevent unauthorized users from accessing corporate email and data on a device when it is lost or stolen.
- Selective wipe: Remove Office 365 company data from an employee’s device while leaving their personal data in place.
Intune includes all of those features (obviously), plus these others:
- Profile push: Help users securely access corporate resources with certificates, Wi-Fi, VPN, and email.
- Collections: Enroll and manage collections of corporate-owned devices, simplifying policy and app deployment.
- Corporate app store: Deploy your internal line-of-business apps and apps in stores to users.
- Application management: Enable your users to securely access corporate information using the Office mobile and line-of business apps they know, while ensuring security of data by restricting actions like copy,cut, paste, and save as, to only those apps managed by Intune.
- Secure web browsing: Enable secure web browsing using the Intune Managed Browser app.
- Advanced management: Manage PC’s from the cloud with no infrastructure required using Intune, or connect Intune to System Center 2012 Configuration Manager to manage all of your devices including PCs, Macs, Linux and UNIX servers, and mobile devices from a single management console.
Where the Office 365 MDM falls short for the SMB, I think, is really just in leaving out the ability to push profiles for VPN, Wi-Fi and so forth–a pretty basic feature for MDM. Therefore, some SMB’s may find value in upgrading, if for no other reason, these essentials.
Truthfully, MDM for Office 365 is usually “good enough” for most small businesses. But the ability to restrict moving, copying or saving data into non-managed applications is really quite amazing–bordering on the magical (how did they do that?!). So there is plenty to like in the paid version, also.
What if I already have another (3rd-party) MDM Solution?
Since most SMB’s work with a Managed Services Provider or other technology partner on device management, Intune may not be strictly necessary. For example, some other agent-based MDM solution may come bundled in a Managed Services offering.
Still, how many MDM products have risen, fallen and faded into obscurity over the past decade? Answer: a whole lot. Intune will probably have much better staying power in the long run, compared to some of the third-party software companies who jumped into mobility during its “wild west” days.
The market has matured a lot in recent years, and Microsoft continues to prove that they are going to be a leader in this area. New features are being released into Intune, Office 365 and their other mobile-first, cloud-first platform of products all the time.
So even if you are satisfied with your MDM solution today, keep this in mind. You might consider EMS anyway–mostly for the Azure AD Premium features (that and it is a cost-effective way to upgrade everything else that comes in a “lite” flavor through Office 365). And if you decide to do that, then why pay for two MDM solutions when you really only need the one?