We compared Microsoft Intune and Microsoft Entra ID based on our user's reviews in several parameters.
Microsoft Intune and Microsoft Entra ID both offer valuable features such as efficient device management and seamless authentication processes. Intune focuses on security measures and integration with enterprise systems, while Entra ID emphasizes user-friendly interfaces and platform integration. Users praise Intune for its prompt customer service and cost-effectiveness, while Entra ID users appreciate its affordability and efficiency. However, Intune users suggest improvements in user interface and performance, while Entra ID users seek enhancements in UI design and customization options.
Features: Microsoft Intune and Microsoft Entra ID have different valuable features. Intune offers data wipe and device reset, integration with enterprise systems, and control over user access. Entra ID focuses on user-friendly interface, efficient authentication, and seamless integration with platforms.
Pricing and ROI: The setup cost for Microsoft Intune is praised for its reasonable pricing and cost-effectiveness. Users find the licensing options to be flexible and accommodating. On the other hand, users have expressed a positive sentiment towards Microsoft Entra ID's pricing, setup cost, and licensing. They appreciate the affordability, competitive pricing, and user-friendly setup process. The licensing options are also seen as flexible and suitable for various needs and budgets., The ROI from Microsoft Intune demonstrated effective cost management, increased productivity, secure device management, streamlined workflows, seamless integration, time savings, enhanced user experience, and improved security measures. On the other hand, Microsoft Entra ID offers significant cost savings, improved efficiency, streamlined business processes, and increased productivity.
Room for Improvement: Microsoft Intune could improve its user interface, speed, customization options, and troubleshooting features. On the other hand, Microsoft Entra ID needs enhancements in its user interface, optimization for different devices, usability, sign-up process, customization options, and security features.
Deployment and customer support: The users' reviews for Microsoft Intune indicate that the duration to establish the tech solution can vary, with some users reporting separate phases of deployment and setup, while others consider both terms to refer to the same period. On the other hand, Microsoft Entra ID user reviews also show variability in the duration required, with some users reporting distinct deployment and setup phases, and others considering them as one., The customer service provided by Microsoft Intune is highly praised for its prompt assistance and knowledgeable support staff. Customers value feeling supported throughout their interactions. In comparison, Microsoft Entra ID's customer service is highlighted for its exceptional efficiency, reliability, and helpfulness. The support team is praised for their friendliness, professionalism, and effective communication, ensuring seamless problem resolution.
The summary above is based on 193 interviews we conducted recently with Microsoft Intune and Microsoft Entra ID users. To access the review's full transcripts, download our report.
"Let's say we decide that our users need to have MFA, multi-factor authentication. It is very easy to implement that with Azure Active Directory."
"The solution has some great features, such as identity governance, and user self-service. The Outlook application is very good and is used by a lot of people even if they are using Google services."
"User and device management is the most valuable feature."
"The cloud security part is very valuable. Security is the most important thing in today's world. With Azure Active Directory, there are some features that tell you how you need to improve your security level. It informs you if you set up certain policies, e.g., this is where my users sign in. It tends to let you know if your organization has been breached with this security set up. Therefore, it is easier to know when you have been breached, especially if you set up a Conditional Access policy for your organization."
"Privileged Identity Management and Privileged Identity Management make controlling access considerably easier and ensure that authorized access is achieved."
"It is a really nice tool and we have a license for the more complex model."
"We use Verified ID to select and deselect users. During the pandemic, we had many users who left our organization or were no longer involved in certain projects but had their user credentials with them. To prevent data loss and data piracy, we deselected those remote users from Active Directory, and it was a very quick process."
"Its ability to provide secure connections to people at all locations is the most valuable. It is mostly used by enterprises."
"We can manage and standardize security across your environment, identify problems, receive alerts, and so on. That's its purpose, and that's also why it's so good."
"The features I found most valuable in Intune are its user visibility and troubleshooting options."
"The most valuable feature is the policy CSPs."
"It's easy to deploy a configuration or policy to a system, especially when you don't have Azure AD. Now we are talking to all these small and medium-sized customers who don't necessarily have an on-premise Windows Active Directory. If they have invested in Office 365 Premium, this functionality becomes available to them."
"The biggest thing for us is enforcing logins only from devices that are managed by Intune."
"We have a BYOD policy, and this solution helps us manage our devices."
"Its security is most valuable. It gives us a way to secure devices, not only those that are steady. We do have a few tablets and other devices, and it is a way for us to secure these devices and manage them. We know they're out there and what's their status. We can manage their life cycle and verify that they're updated properly."
"Remote Wipe and Autopilot is one of the best features."
"Though the installation was seamless, it took longer than expected to be completed."
"I want better integration between Azure AD and the on-prem environment because there are currently limitations that can hamper employee experience. We use a feature called password writeback, that can be challenging to implement in a hybrid environment. Employees can change their passwords using a self-service password reset (SSPR) feature, which reflects from the cloud to the on-prem identity, but not the other way around. Currently, there is no way to reflect passwords from on-prem identities to the cloud."
"If somebody is using an IdP or an identity solution other than Active Directory, that's where you have to start jumping through some hoops... I don't think the solution is quite as third-party-centric as Okta or Auth0."
"It would be good to have more clarity around licensing."
"The synchronization between my AD and Azure AD needs improvement."
"When you start to deal with legacy applications, provisioning is not as intuitive."
"They can improve how people manage their accounts. They can simplify and provide more information about adding or updating a phone number or email id in the MSA account. A lot of time users do get confused about where to go. For example, if I've changed my mobile number, where do I go and change my mobile number in the MSA account? A lot of time, employees think if they change the phone number in the HR database, it'll automatically get changed on the MSA account, which is not the case. Microsoft can simplify that and add these questions in the FAQ documents as well."
"We previously used Microsoft's technical support, which was excellent; they were very responsive. Now, we use a CSP, and their support is lacking, so I rate them five out of ten."
"In the past, I raised some tickets for the enhancement feature, which was missing in Intune."
"Microsoft Intune needs to improve the initial login process."
"They can improve their MAM policies a little bit more and make them more granular. They should include more granular group policies. They are there, but they need to be more granular. Its stability should also be improved. It is not very stable. Sometimes, it shows some inconsistencies across tenants."
"Some enrollment features could be improved."
"The installation is very easy. However, to be able to configure it you will need special knowledge, such as training or self-studies to have a proper level of security. There are many settings one has to understand before being able to implement Microsoft Intune."
"Lacking in features such as Wi-Fi and network security."
"It needs certificate provisioning for S/MIME purposes."
"In an upcoming release, I would like to see some kind of analytics report."
Microsoft Entra ID is ranked 4th in Microsoft Security Suite with 190 reviews while Microsoft Intune is ranked 3rd in Microsoft Security Suite with 164 reviews. Microsoft Entra ID is rated 8.6, while Microsoft Intune is rated 8.0. The top reviewer of Microsoft Entra ID writes "Allows users to authenticate from home and has excellent integrations in a simple, stable solution". On the other hand, the top reviewer of Microsoft Intune writes "We can manage all aspects of our devices from a single console, easy to scale, and quick to deploy". Microsoft Entra ID is most compared with Google Cloud Identity, CyberArk Privileged Access Manager, Cisco Duo, Okta Workforce Identity and Yubico YubiKey, whereas Microsoft Intune is most compared with Jamf Pro, VMware Workspace ONE, ManageEngine Endpoint Central, SOTI MobiControl and IBM MaaS360. See our Microsoft Entra ID vs. Microsoft Intune report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
In recent years Microsoft has really upped its game with Defender and Intune. As core cyber-security for an SME, keeping just to Microsoft is now a real option. The challenge is understanding the gaps / cyber security service weaknesses (if they exist) in comparison with other vendors such as ESET, Malwarebytes, Trend Micro, etc.
Azure AD Services, Defender for Endpoint, and Intune are all Microsoft products, but it is important to understand how each product works as they may not be compatible and there may be some limitations.
Devices managed through Intune may not have all of the Defender for Endpoint features. Some advanced features such as automated investigation and remediation may only be available for devices that are enrolled in Defender for Endpoint standalone.
In addition, Azure AD and Intune have different requirements for device enrollment and management. Intune requires devices to be enrolled and managed through an MDM solution, while Azure AD provides basic device management capabilities but may not support all of the features available in Intune.
Lastly, there may be limitations to how user identities and access are managed between Azure AD and Intune. Some features that are available in Azure AD, such as conditional access policies, may not suit Intune, and additional configuration may be required to ensure that user identities and access are properly managed across both services.
If anyone out there has other experiences, please let me know!
It depends on your company's infrastructure. Check with your cyber team whether you can sync your endpoints to Cloud using Azure AD as Azure Registered/ Azure Hybrid AD join/ Azure AD join, etc.
1. So, if the ask is only to enroll them in Intune to leverage defender/BitLocker services - go directly to Azure AD's join approach.
2. If you still want to manage patch management/mcm BitLocker but Defender via cloud, the approach should be Azure Hybrid AD join.
3. You can still use autopilot using both of these approaches.
I believe it is a good first step, and I would say even a requirement, but in no way is it a comprehensive security solution, even for endpoints.
There are many things that need to be addressed for security. In addition to this, there is XDR, MDR, more comprehensive AV for endpoints & Servers that stop attacks, Threat Hunting, Mitigation, PEN Testing, Security Training for end users, Multi-Factor Authentication (Microsoft's MFA is good but only for Microsoft products), Patch Management for Endpoints, Servers and Cloud Workloads, Network Access Control, Firewalls for On-Premise and Cloud server workloads, Network Segmentation, Password Management, Data Backups (3-2-1-1 Rule) with Immutable Backups, Power Backups, Physical Security, Monitoring, NOC/SOC services, and working towards a Zero Trust architecture...
But there are no single-point solutions that will make you secure, so don't get complacent. And you can outspend your profits if you do everything. Just remember it's best to have a layered approach that works together and looks at everything from a security perspective and how it integrates with your overall security plans and objectives to help identify holes and possible mitigations.
Healthcare must do Risk Assessments by law, but I recommend that all companies of all sizes do at least annual risk assessments since there is so such thing as being too small or inconspicuous to be hit with malware or have a cyber security attack since much of the delivery is automated and not just by the script-kiddies of years gone by... Nation States are actively engaging in cyber warfare daily, along with terrorists, and opportunists looking to make big money from you...