Microsoft Defender for Endpoint and Microsoft Intune serve different purposes. The first protects endpoints from cyber threats like viruses, malware, ransomware, and phishing attacks, and the second is a management console that helps you control and configure your devices.
To summarize, both are Microsoft products and offer seamless integration with other Microsoft tools. Microsoft Defender for Endpoint helps secure your devices from cyber threats and Microsoft Intune helps manage and configure various devices within your organization.
"Defender is stable, I haven't had any problems with viruses when using it, and it's easy to update."
"Its real-time security is the most valuable."
"It's great for investigating what's happening on a machine. They show a whole bunch of machine timeline events that are related to a security incident. They have quite good details on the things related to threat and vulnerability management, such as any weakness that has been disclosed publicly, assets that are exposed, and if there is an exploit active in the wild for that vulnerability. It can provide you with all such information, which is cool."
"It's free. There is no additional cost. It's part of Windows."
"The protection that it provides is quite good."
"The best thing I like about it is its interaction with the other Defender products. It provides the ability to push telemetry up. It gives me endpoint visibility and allows me to take automated actions."
"The biggest benefit to Windows Defender is that it is built-in to the operating system by Microsoft."
"We are a Microsoft shop, and Defender is a Microsoft solution that provides some security at a reasonable cost."
"There are so many features, but Windows Autopilot is one of the features that are very valuable for most customers."
"Autopilot is the most valuable feature."
"The most valuable feature for us is the security, including risk analysis and patch management."
"While I don't think you can ever have full visibility and control, Intune certainly allows us to see the applications being used and tells us if things like Windows patches aren't applied to machines. It does a good job. That visibility makes life a little easier."
"It supports end-users who tend to lock their devices quite frequently. Its conditional access policy helps us keep the users logged into their devices."
"The solution is scalable. We currently have tens of thousands of users within our organization using the solution."
"The ability to (somewhat) manage full Windows 10 computers including EXE-based or MSI-based application deployments using Azure Active Directory as Identity."
"Great for software update needs, operating system version updates, and security policy enforcement."
"In India at least, it seems to be a bit more expensive than other options."
"There are some areas in the proactive threats that are just overwhelming the SOC, so we've had to turn those off until we can figure out how to filter out the false positives."
"I would like MDE to have the ability to isolate a certain amount of time on the timeline."
"I think Microsoft needs to improve some of the security aspects of Defender. The email part, in particular, needs to be improved in terms of security effectiveness."
"The solution could be more friendly for end-users, with different type of scans or scheduled scans for it."
"There's scanning going on that occasionally topples the memory, causing everything to freeze. This should be fixed."
"The file scanning has room for improvement. Many people use macros within their files, so there should be a mechanism that helps us to scan them for malicious payloads."
"The central management console should be improved because it provides limited options to configure Windows Defender."
"One area for improvement is app deployment. Another is the Windows update rollout. If you're rolling out an object to a device that's offline, Intune stops trying to reach this device after it sits idle for a bit. We are forced to find a workaround that could help manage that."
"Once it's configured it is unobtrusive, but it does take some hands-on to configure and deploy it properly."
"It would be beneficial to have a more straightforward understanding of Intune's capabilities, presented in a simplified manner."
"Microsoft Intune's support for Mac devices is lacking and could be improved."
"It would be great if Intune offered better data protection controls for BYOD Windows PCs."
"In the next release, I would like a feature to be able to properly lock down the device. For example, if an attacker or somebody steals the phone, you can be sure that the pin cannot be broken."
"They can improve their MAM policies a little bit more and make them more granular. They should include more granular group policies. They are there, but they need to be more granular. Its stability should also be improved. It is not very stable. Sometimes, it shows some inconsistencies across tenants."
"The solution could improve its flexibility."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 5th in Microsoft Security Suite with 182 reviews while Microsoft Intune is ranked 3rd in Microsoft Security Suite with 164 reviews. Microsoft Defender for Endpoint is rated 8.0, while Microsoft Intune is rated 8.0. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of Microsoft Intune writes "We can manage all aspects of our devices from a single console, easy to scale, and quick to deploy". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, CrowdStrike Falcon, SentinelOne Singularity Complete and Fortinet FortiClient, whereas Microsoft Intune is most compared with Jamf Pro, VMware Workspace ONE, ManageEngine Endpoint Central, SOTI MobiControl and AWS Systems Manager. See our Microsoft Defender for Endpoint vs. Microsoft Intune report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
In recent years Microsoft has really upped its game with Defender and Intune. As core cyber-security for an SME, keeping just to Microsoft is now a real option. The challenge is understanding the gaps / cyber security service weaknesses (if they exist) in comparison with other vendors such as ESET, Malwarebytes, Trend Micro, etc.
Azure AD Services, Defender for Endpoint, and Intune are all Microsoft products, but it is important to understand how each product works as they may not be compatible and there may be some limitations.
Devices managed through Intune may not have all of the Defender for Endpoint features. Some advanced features such as automated investigation and remediation may only be available for devices that are enrolled in Defender for Endpoint standalone.
In addition, Azure AD and Intune have different requirements for device enrollment and management. Intune requires devices to be enrolled and managed through an MDM solution, while Azure AD provides basic device management capabilities but may not support all of the features available in Intune.
Lastly, there may be limitations to how user identities and access are managed between Azure AD and Intune. Some features that are available in Azure AD, such as conditional access policies, may not suit Intune, and additional configuration may be required to ensure that user identities and access are properly managed across both services.
If anyone out there has other experiences, please let me know!
It depends on your company's infrastructure. Check with your cyber team whether you can sync your endpoints to Cloud using Azure AD as Azure Registered/ Azure Hybrid AD join/ Azure AD join, etc.
1. So, if the ask is only to enroll them in Intune to leverage defender/BitLocker services - go directly to Azure AD's join approach.
2. If you still want to manage patch management/mcm BitLocker but Defender via cloud, the approach should be Azure Hybrid AD join.
3. You can still use autopilot using both of these approaches.
I believe it is a good first step, and I would say even a requirement, but in no way is it a comprehensive security solution, even for endpoints.
There are many things that need to be addressed for security. In addition to this, there is XDR, MDR, more comprehensive AV for endpoints & Servers that stop attacks, Threat Hunting, Mitigation, PEN Testing, Security Training for end users, Multi-Factor Authentication (Microsoft's MFA is good but only for Microsoft products), Patch Management for Endpoints, Servers and Cloud Workloads, Network Access Control, Firewalls for On-Premise and Cloud server workloads, Network Segmentation, Password Management, Data Backups (3-2-1-1 Rule) with Immutable Backups, Power Backups, Physical Security, Monitoring, NOC/SOC services, and working towards a Zero Trust architecture...
But there are no single-point solutions that will make you secure, so don't get complacent. And you can outspend your profits if you do everything. Just remember it's best to have a layered approach that works together and looks at everything from a security perspective and how it integrates with your overall security plans and objectives to help identify holes and possible mitigations.
Healthcare must do Risk Assessments by law, but I recommend that all companies of all sizes do at least annual risk assessments since there is so such thing as being too small or inconspicuous to be hit with malware or have a cyber security attack since much of the delivery is automated and not just by the script-kiddies of years gone by... Nation States are actively engaging in cyber warfare daily, along with terrorists, and opportunists looking to make big money from you...