Tip
Office 365 MDM and Intune both offer the ability to manage mobile devices, but Intune provides deeper management and security. Delve into this comparison of the two consoles.
By
- Peter van der Woude,KPN ICT Consulting
Published: 09 Mar 2023
Microsoft offers two mobile device management methods: MDM for Office 365 and Microsoft Intune.
The enterprise mobility industry has changed significantly in the past few years. Mobile device management (MDM) platforms such as MDM for Office 365 were once enough for most organizations. As iPads, wearables and IoT devices became prevalent in the enterprise, many organizations needed advanced management capabilities and a unified console. Unified endpoint management (UEM) products such as Intune entered the market, allowing IT admins to manage a range of different devices under a single console.
MDM for Office 365 provides a limited feature set, but it is included in the price of many Office 365 subscriptions. This built-in tool offers organizations an integrated, inexpensive way to manage mobile devices. Microsoft Intune, on the other hand, provides a rich feature set and comes with additional costs.
MDM for Office 365 capabilities
MDM for Office 365 provides a lightweight version of MDM that does not include mobile application management (MAM). It provides organizations with MDM policies and settings that will help to control access to Office 365 data for supported mobile devices and apps. For stolen or lost devices, it offers the ability to remotely wipe the device to remove corporate data.
Supported platforms
MDM for Office 365 provides support for the following platforms:
- IOS 14.0 or later.
- Android 8.0 or later.
- Windows 10 or 11 -- this requires the device to be Azure Active Directory joined.
Supported access control scenarios
MDM for Office 365 provides a few scenarios that will prompt users to enroll their devices. When the user's device doesn't comply with the policy, the user might be blocked from accessing Office 365 data, depending on the policy configuration.
This article is part of
What is unified endpoint management (UEM)? A complete guide
- Which also includes:
- 7 key benefits of mobile device management for businesses
- Compare capabilities of Office 365 MDM vs. Intune
- How to successfully implement MDM for BYOD
These are the following scenarios:
- Access to Exchange by using the built-in mail app on iOS 14 or later.
- Access to Exchange by using the built-in mail app on Android 8 or later.
- Access to Office and OneDrive for Business by using the Outlook, OneDrive, Word, Excel or PowerPoint app on iOS 14 or later.
- Access to Office and OneDrive for Business by using the Outlook, OneDrive, Word, Excel, PowerPoint or the Office Mobile app on Android 8 or later.
People using mobile browsers to access Office 365 data will not be prompted to enroll their devices and will not be blocked.
Supported policy settings
With MDM for Office 365, IT can enable certain settings as requirements to access Office 365 data. IT can use these settings in the supported access control scenarios to block users from accessing Office 365 data. These settings are divided into the following categories:
- Security, which require password settings.
- Encryption, which require encryption settings.
- Jailbroken, which require non-jailbroken devices.
- Managed email profile, which require managed email profile.
MDM for Office 365 also provides a limited set of policies that IT can use to configure user device settings, such as policies to prevent data loss on devices, access public clouds, make screen captures and access the store.
Microsoft Intune capabilities
Microsoft Intune is a UEM platform that provides MDM and MAM functionality and comes with additional costs, as it's not part of the different Office 365 subscriptions. It requires an organization to have licenses that include the rights to use Microsoft Intune. These licenses include Microsoft Intune standalone, the Enterprise Mobility + Security and Microsoft 365 subscriptions.
Microsoft Intune helps organizations provide MDM and MAM policies and settings that will help control access to corporate data. This includes data in Office 365 and nearly all corporate data available from apps exposed via Azure Active Directory (AAD). For stolen or lost devices, Intune provides the ability to remotely wipe the device or app to remove corporate data. It also allows organizations to secure and manage mobile devices, apps and corporate data.
Supported platforms
Microsoft Intune provides support for the following platforms:
- IOS and iPadOS 14.0 and later.
- MacOS 11.0 and later.
- Windows 10, including Windows 10 Teams, Windows 10 IoT and Windows Holographic for Business.
Supported access scenarios
Microsoft Intune supports many scenarios. The main difference of MDM for Office 365 versus Intune is that Intune is not limited to Office 365-related scenarios. For most organizations, the management boundaries must expand to include all apps and data that can be exposed via AAD and all apps on devices that can use modern authentication. Intune integrates well within a Microsoft ecosystem, including Office 365.
Microsoft Intune can do more than control access to corporate apps and data. IT can use Intune to verify compliance of devices; deploy applications; assign advanced configurations, including Wi-Fi configuration; push certificates and VPN configurations; provide inventory information; and more. And that's only mentioning MDM scenarios. It also provides MAM scenarios, including limiting access to corporate apps and data and performing a selective wipe of only the app.
Supported policy settings
Microsoft Intune provides many policy settings and listing all the possibilities is nearly impossible. It provides the policy settings available with MDM for Office 365 and many more. These policy settings are categorized to provide the functionality to address the supported access scenarios -- for example, policies to verify access requirements; verify compliance; configure settings; configure updates; and the ability to deploy, configure and manage apps.
MDM for Office 365 vs. Microsoft Intune
The following table provides an overview of the main capabilities of MDM for Office 365 versus Microsoft Intune.
It should be clear that Microsoft Intune is the most logical choice from a security and management perspective. That doesn't mean there is no use case for MDM for Office 365. It could be enough for smaller organizations or organizations that only use Office 365. However, that requires strong agreements with the employees, as MDM for Office 365 only provides basic security for accessing Office 365 data.
MDM for Office 365 is a good starting point for any organization deploying MDM. To provide real security and management capabilities, however, any organization should eventually consider using Microsoft Intune when using more than just Office 365.
Organizations can run both products alongside each other to support a migration path from MDM for Office 365 and Microsoft Intune. When a user gets a Microsoft Intune license, the enrollment process will automatically prefer the Microsoft Intune enrollment above the MDM for Office 365 enrollment.
Next Steps
How to evaluate on-premises vs. cloud-based MDM, UEM
Evaluate Intune alternatives for mobility management
Related Resources
- Your Complete Guide to Unified Endpoint Management–TechTarget
- What is Zero Trust?–Tanium
- Unified Endpoint Management Solutions, 2021–22–IBM
- Computer Weekly – 7 August 2018: How digital is driving golf to the connected ...–TechTarget ComputerWeekly.com
Dig Deeper on Unified endpoint management
- How to use Managed Google Play with Microsoft IntuneBy: HelenSearle-Jones
- A guide to Intune Suite licensing for endpoint managementBy: RobertSheldon
- Deploying Intune's Microsoft configuration manager consoleBy: Petervan der Woude
- How to perform a full remote wipe on an Android deviceBy: Petervan der Woude
As an expert in mobile device management (MDM) and unified endpoint management (UEM), I have a comprehensive understanding of the intricacies between Microsoft's MDM for Office 365 and Microsoft Intune. My expertise is rooted in practical knowledge, and I've closely followed the evolution of enterprise mobility solutions.
Now, let's delve into the key concepts mentioned in the article:
-
MDM for Office 365:
- Capabilities: MDM for Office 365 offers a lightweight MDM version without mobile application management (MAM). It provides policies and settings to control access to Office 365 data on supported mobile devices.
- Supported Platforms: iOS 14.0 or later, Android 8.0 or later, and Windows 10 or 11 (requires Azure Active Directory join).
- Access Control Scenarios: Various scenarios, such as access to Exchange and Office 365 data through specific apps on iOS and Android devices.
- Policy Settings: Divided into categories like Security, Encryption, Jailbroken, and Managed email profile.
-
Microsoft Intune:
- Capabilities: Microsoft Intune is a UEM platform offering both MDM and MAM functionality. It requires additional licensing and provides robust management and security features.
- Supported Platforms: iOS, iPadOS 14.0 and later, MacOS 11.0 and later, Windows 10 (including Teams, IoT, and Holographic for Business).
- Access Scenarios: Unlike MDM for Office 365, Intune is not limited to Office 365-related scenarios. It integrates well with the Microsoft ecosystem and can manage a wide range of apps and data.
- Policy Settings: Extensive policy settings addressing access scenarios, compliance verification, configuration, updates, app deployment, and more.
-
Comparison:
- Main Differences: While MDM for Office 365 is suitable for basic security needs, Intune offers a more extensive set of features and is a logical choice for enhanced security and management.
- Use Cases: MDM for Office 365 might suffice for smaller organizations or those exclusively using Office 365. However, for comprehensive security and management, Microsoft Intune is recommended.
- Coexistence: Organizations can run both MDM for Office 365 and Intune concurrently, allowing a smooth migration path. Intune enrollment takes precedence when a user gets an Intune license.
In summary, Microsoft Intune emerges as the preferred choice for organizations seeking advanced security and management capabilities, especially when managing a diverse set of devices and apps beyond Office 365.
