Microsoft Defender for Endpoint and Microsoft Intune serve different purposes. The first protects endpoints from cyber threats like viruses, malware, ransomware, and phishing attacks, and the second is a management console that helps you control and configure your devices.
To summarize, both are Microsoft products and offer seamless integration with other Microsoft tools. Microsoft Defender for Endpoint helps secure your devices from cyber threats and Microsoft Intune helps manage and configure various devices within your organization.
"Because it has been integrated with the OS, we get the entire software inventories, and we even get access to the registries. Those are the primary features."
"It doesn't cause the slowness of the system, which is one of the reasons why I like it."
"The most important feature is the way it monitors the threats and blocks them. About 10 days ago, we were implementing SOC for a particular client. The SOC was not yet implemented, but they had Microsoft Defender. That organization was hit by some ransomware, but the hacker could not succeed. Because of the EDR, the hacker could not install the hacking tools. They were trying to do that, but Microsoft Defender completely blocked that. The hacker could log into the system, but they could not install anything."
"Its real-time security is the most valuable."
"This is a very go, proactive solution to threat protection using advanced analysis."
"This solution definitely increases our security posture. When you are reviewing your existing fleet or endpoints and based on the configuration that you put out of your Defender for Endpoint, you then receive a security score from Microsoft. Depending on what rules you have configured, what policies you have deployed, and what attack surface reduction rules that you have set up and deployed, it is almost gamifying information security in the sense that you are always trying to achieve a higher score. The more hardening you perform on your endpoints, the better score you receive. This generally tends to give you a better peace of mind, but also makes you secure at the same time."
"One of the features which differentiates it from other EDR providers is the Automated Investigation and Response, which reduces the workload of SOC analysts or engineers. They don't have to manually investigate each and every alert on the endpoint, since it does so automatically. And you can automate the investigation part."
"It's stable."
"Stable solution at a good price."
"It's easy to manage and easy to configure."
"The feature I like the most is that we can perform remote tasks. If we want to retire or wipe out personal data or corporate data from a device, we can use Microsoft Intune remotely, and with the click of a button, data is removed automatically. Nothing needs to be done from the end-user side."
"There are so many features, but Windows Autopilot is one of the features that are very valuable for most customers."
"The Microsoft Windows Autopilot and Defender policies are the most valuable features of this solution."
"If the product works, remote access will be a benefit. To this point we have not had reason to have confidence in achieving that access."
"Conditional access has helped us tailor and enforce our security policies in the mobile space."
"Intune provides full endpoint visibility and IT control across device platforms. You can individualize it for your company with the Intune Company Portal app."
"We'd like the stability to be better."
"The UI for Microsoft Defender for Endpoint needs to be better. Integration with client dashboards is also lacking in this product, e.g. client dashboards shouldn't just be viewable from the cloud, because when the client's computer is offline, you won't be able to see the client dashboard."
"If the solution could be integrated more with Defender for Cloud, to be more unified, that would help. It is good now, but even more integration could be done with Defender for Cloud. We see two different portals. If Defender for Endpoint could be ported to the CSPM, Defender for Cloud, that would make things even easier for us."
"The interface isn't necessarily intuitive to a nontechnical person. You can get stuck in the little endpoint security portal. Sometimes, if you uninstall a competitive product, the end user doesn't always know if it's running or if they're protected even though it's silently running. There could be a notification, widget, or something that's resident on the screen for at least a bit, especially if you're doing remote support. You want to talk them through it, but sometimes, we're not allowed to look at the PCs we support."
"Lacks some additional integration."
"Microsoft support could be more knowledgeable."
"Microsoft Defender for Endpoint is secure but when it comes to security all solutions could improve security."
"We would like to see more tools for managing on-premises security... Sometimes, we have the tools, like Defender, to manage security in the cloud, but because we are so focused on the cloud, we forget the fact that we need to be sure about the security of the on-premises environment, specifically Active Directory."
"The initial setup is a little bit complex."
"In an upcoming release, I would like to see some kind of analytics report."
"There's quite a lot of development that they can do within their Intune dashboard. I think there are too many lines hyperlinked to move you around. Others, in contrast, give you a simple dashboard and an intuitive administrative walkthrough."
"China blocks Google and Google Play Store, which makes installation challenging. Microsoft Intune is a company software, which has to be installed to the app portal or Microsoft Software Center."
"The biggest problem we ever have is when something goes out of date after 30 days when nobody has logged into it. We do have a problem trying to get those back online. We've been working with Microsoft to resolve that problem, but that's been the only issue that we've had in the last few years."
"Sometimes, updating a client policy is very difficult. This needs to be improved."
"The installation could be improved to be simplified."
"The UI also needs improvements because it is complex for end-users. We have had feedback from a few users in our organization who found the UI is not feasible for tracking and analyzing all the processes and monitoring all the devices."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 5th in Microsoft Security Suite with 182 reviews while Microsoft Intune is ranked 3rd in Microsoft Security Suite with 164 reviews. Microsoft Defender for Endpoint is rated 8.0, while Microsoft Intune is rated 8.0. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of Microsoft Intune writes "We can manage all aspects of our devices from a single console, easy to scale, and quick to deploy". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, CrowdStrike Falcon and Fortinet FortiClient, whereas Microsoft Intune is most compared with Jamf Pro, VMware Workspace ONE, ManageEngine Endpoint Central, SOTI MobiControl and AWS Systems Manager. See our Microsoft Defender for Endpoint vs. Microsoft Intune report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
In recent years Microsoft has really upped its game with Defender and Intune. As core cyber-security for an SME, keeping just to Microsoft is now a real option. The challenge is understanding the gaps / cyber security service weaknesses (if they exist) in comparison with other vendors such as ESET, Malwarebytes, Trend Micro, etc.
Azure AD Services, Defender for Endpoint, and Intune are all Microsoft products, but it is important to understand how each product works as they may not be compatible and there may be some limitations.
Devices managed through Intune may not have all of the Defender for Endpoint features. Some advanced features such as automated investigation and remediation may only be available for devices that are enrolled in Defender for Endpoint standalone.
In addition, Azure AD and Intune have different requirements for device enrollment and management. Intune requires devices to be enrolled and managed through an MDM solution, while Azure AD provides basic device management capabilities but may not support all of the features available in Intune.
Lastly, there may be limitations to how user identities and access are managed between Azure AD and Intune. Some features that are available in Azure AD, such as conditional access policies, may not suit Intune, and additional configuration may be required to ensure that user identities and access are properly managed across both services.
If anyone out there has other experiences, please let me know!
It depends on your company's infrastructure. Check with your cyber team whether you can sync your endpoints to Cloud using Azure AD as Azure Registered/ Azure Hybrid AD join/ Azure AD join, etc.
1. So, if the ask is only to enroll them in Intune to leverage defender/BitLocker services - go directly to Azure AD's join approach.
2. If you still want to manage patch management/mcm BitLocker but Defender via cloud, the approach should be Azure Hybrid AD join.
3. You can still use autopilot using both of these approaches.
I believe it is a good first step, and I would say even a requirement, but in no way is it a comprehensive security solution, even for endpoints.
There are many things that need to be addressed for security. In addition to this, there is XDR, MDR, more comprehensive AV for endpoints & Servers that stop attacks, Threat Hunting, Mitigation, PEN Testing, Security Training for end users, Multi-Factor Authentication (Microsoft's MFA is good but only for Microsoft products), Patch Management for Endpoints, Servers and Cloud Workloads, Network Access Control, Firewalls for On-Premise and Cloud server workloads, Network Segmentation, Password Management, Data Backups (3-2-1-1 Rule) with Immutable Backups, Power Backups, Physical Security, Monitoring, NOC/SOC services, and working towards a Zero Trust architecture...
But there are no single-point solutions that will make you secure, so don't get complacent. And you can outspend your profits if you do everything. Just remember it's best to have a layered approach that works together and looks at everything from a security perspective and how it integrates with your overall security plans and objectives to help identify holes and possible mitigations.
Healthcare must do Risk Assessments by law, but I recommend that all companies of all sizes do at least annual risk assessments since there is so such thing as being too small or inconspicuous to be hit with malware or have a cyber security attack since much of the delivery is automated and not just by the script-kiddies of years gone by... Nation States are actively engaging in cyber warfare daily, along with terrorists, and opportunists looking to make big money from you...