What’s the Difference Between MDM for Office 365 and Microsoft Intune?
Mobile Device Management (MDM) for Office 365 is a useful solution for many organizations who want to to securely manage their mobile devices (Android, iOS, and Windows devices). Luckily, many Office 365 subscriptions include MDM. In addition to MDM for Office 365, you can also use Microsoft Intune to manage your mobile devices. Unlike MDM, Intune is not a built-in feature of Office 365. It’s a paid subscription, or you can purchase it with Enterprise Mobility + Security (EMS). They both include MDM, so what is the difference between them and which one should you use? Let me give you my take on how I see these two Microsoft offerings and then I will compare the two.
MDM is a built-in feature included in Office 365, while Intune is a stand-alone platform that integrates nicely with Office 365. To better understand the difference between them, you might want to think of MDM as a subset of Microsoft Intune. Technically speaking, MDM is not related to Intune and it’s not really a subset of Intune. The only reason I said to think that way is that Intune offers everything that MDM for Office 365 offers plus more. Intune is a cloud-based mobile management platform. It’s a feature-rich solution that offers not only MDM, but also Mobility Application Management (MAM). MAM is especially useful for companies that support Bring Your Own Device (BYOD) because it lets you deploy and manage mobile apps. Here’s how I look at the two.
| MDM for Office 365 | Microsoft Intune |
| MDM | MDM + MAM + more |
Because Intune integrates in many ways with many Office 365 services, it gives you much more control over your mobile devices. It can be used to deploy business apps, Microsoft store apps, and even certificates, Wi-Fi, VPN, and email profiles. Intune also includes the Intune Managed Browser, which allows users to securely browse the Web. The following architecture shows how Microsoft Intune integrates with Microsoft Azure.
Let’s compare the features offered by MDM for Office 365 and Intune. The following table is based on information provided by Microsoft and will give you a much better idea as to which one is the right solution for you.
| Feature | MDM for Office 365 | Microsoft Intune |
| Price | Included at no additional cost with many Office 365 Enterprise and Business subscriptions | Can be purchased with EMS, or as a paid subscription |
| Device Management | Manage through Security and Compliance Center in Office 365 | Manage with Intune’s admin console if you are using Intune by itself, otherwise you can use Azure Active Directory, Microsoft 365 admin center, etc. |
| Types of Devices You Can Manage | Android, iOS, and Windows | Android, iOS, Windows 8.1 (phone and PC), Mac OS X, Windows 10 |
| Key Functionalities | Restrict users from accessing company email and documents only from phones and tablets that are managed by your company and comply with your policies.
Manage security policies (e.g. jailbreak detection, device level pin lock, encryption) to prevent unauthorized access to company data if a device is lost or stolen. Remotely wipe out company data from an employee’s device, while leaving employee’s personal data in place. Visit Capabilities of Built-in Mobile Device Management for Office 365 for more specific information, including the device versions that are supported. |
All features included with MDM for Office 365, plus the following:
Deploy internal business apps and Microsoft store apps. Enroll and manage company devices in groups to better organize and simplify policy and app deployment. Provide secure access to business resources by deploying certificates, Wi-Fi, VPN, and email policies for users. Enhance security by restricting users’ actions like copy, cut, paste, and save as, to only those apps that are managed by Intune. Enable secure Web browsing for users through Intune Managed Browser app. Setup MAM policies through Azure portal, even if employees devices are not enrolled in Intune. Visit Protect app data using MAM policies for more information. |
For licensing or other reasons, you may be interested in taking advantage of both MDM for Office 365 and Microsoft Intune. Because they don’t step over each other, you can manage some devices with MDM for Office 365 and others with Microsoft Intune.
Helpful Resources
Here are some links that you may find useful.
- Microsoft Intune Documentation
- High-Level Architecture for Microsoft Intune
- What is Microsoft Intune App Management?
- Capabilities of Built-in Mobile Device Management for Office 365
| Thanks for reading my article. If you are interested in IT training & consulting services, please reach out to me. Visit ZubairAlexander.com for information on my professional background. |
Copyright © 2019 SeattlePro Enterprises, LLC. All rights reserved.
Great article!
Clearly explained.
This totally helps clear up a confusing topic. One thing to add is that MDM has a great API (Graph) which allows you do things like map your device locations on floor plans.
Nice post. Thank you for sharing this information.