Admins understand the need for mobile device management (MDM) to manage access for Android and iOS devices. Cloud services, including Microsoft’s Intune have grown popular to support modern, heterogeneous environments with those devices, but it’s not uncommon for System Center Configuration Manager (SCCM) to remain in place to manage Windows endpoints. The problem is that Microsoft’s on-premise tools leave IT management gaps.
SCCM has been folded into Microsoft Endpoint Configuration Manager to address those concerns. This change could obligate admins to adopt cloud solutions like Entra ID and Intune to use all of its features. Intune doesn’t provide the same management capabilities as SCCM, and it may seem necessary to consider setting up co-management between those technologies. Configuration Manager is frequently integrated with Intune to manage non-Windows devices.
Microsoft is, in effect, locking customers into a vertically integrated portfolio of cloud-based tools and services. Fortunately, Microsoft shops have other options available to modernize IT for secure single sign-on (SSO) and cross-OS device management. Have you been wondering about the relationship between Intune and Configuration Manager? Are you looking for another MDM platform? In this article, we’ll dive into the relationship between Intune and Configuration Manager. We’ll also compare JumpCloud against Microsoft’s prescribed hybrid cloud platform.
Read The Beginner’s Guide to Mobile Device Management (MDM).
Configuration Manager vs. Intune: Features and Capabilities
Overview of Configuration Manager
Configuration Manager is Microsoft’s on-prem system management solution. Admins generally pair Configuration Manager with Active Directory to manage fleets of on-prem Windows devices.
With Configuration Manager, admins can manage the deployment, configuration, and level of security enforced over an enterprise’s devices. Intune is needed for non-Windows devices.
Configuration Manager Benefits
Configuration Manager also allows admins to protect endpoints with Windows Security, which includes Windows Defender Antivirus, as well as Microsoft Defender for Endpoints.
Other features include:
- Resource access management
- Compliance settings
- OS deployment
- Software update management
- Software deployment
- Legacy support
- Device management and remediations
- Advanced endpoint analytics require Microsoft’s cloud services
On its own, Configuration Manager works best for entirely on-prem infrastructures.
Configuration Manager Disadvantages
Implementing, configuring, and maintaining Configuration Manager is a complex process. Without the proper skills or experience, Configuration Manager can be more trouble to work with than it’s potentially worth. Prerequisites include needing SQL Server for a change management database, SQL Server Reporting Services (SSRS), and a server to run Internet Information Services (IIS). Even Microsoft acknowledges, “To be successful with Configuration Manager in a production environment, thoroughly plan and test the management features.”
Configuration Manager also fails to support a Zero Trust security strategy by leaving management gaps and lacking condition access policies for privileged identity management. These gaps may also contribute to IT tool sprawl if point solutions are set up as workarounds.
Some important features will require IT admins to integrate it with Microsoft cloud services.
Overview of Intune
Intune is Microsoft’s cloud-based mobile device management (MDM) solution for Windows, Linux, iOS, and Android devices as well as a mobile application management (MAM) solution. Microsoft sells add-ons that extend its capabilities and integrate Intune with security products.
In recent years, Microsoft has bundled Intune with its user management platform, Entra AD. One of the reasons many admins consider Intune is its ability to check devices for compliance prior to them gaining access to Azure-related services such as Office 365. Combining Intune and Entra ID adds identity management capabilities to assign policies and roles to users.
Intune Benefits
Intune provides centralized endpoint management and application management. It also integrates with Microsoft’s provisioning, data protection, and security products. Entra ID is mandatory to access these services and control access to resources, using Zero Trust security.
Intune Disadvantages
It’s not a complete replacement for the system management capabilities many have come to know and depend on with Active Directory and/or the Microsoft Endpoint Manager. Adopting the cloud-based Endpoint Manager suite extends what it can do, but that creates an extended commitment to use Microsoft products. Entra and Intune are components of a much broader reference architecture of tools and services that small and medium-sized enterprises (SMEs) may not be able to deploy without a dedicated external resource. Microsoft suggests using partners to manage its complexity.
Customers have called out faults with Intune’s performance, complexity, and licensing. Modern provisioning and remote actions aren’t available unless you’re using Intune.
Co-Management
Organizations may aspire to migrate to a serverless environment, but the reality is that many line of business apps are dependent on legacy Microsoft infrastructure. Configuration Manager also provides a level of management granularity that Intune can’t match at this time. Those are the underlying reasons why co-management exists, but Microsoft has also sweetened the pot by requiring it to access foundational Zero Trust security capabilities such as conditional access. You can concurrently manage Windows 10+ endpoints when these services are combined. Workloads are balanced between the two systems and either remain on premise or migrate.
Management grows even more complex when Configuration Manager coexists with other MDM solutions such as workloads being automatically deactivated by Microsoft.
JumpCloud: An Alternative to Intune and Configuration Manager
JumpCloud is an open directory platform with heterogeneous MDM, IAM, and SSO capabilities. Think of JumpCloud as a consolidated alternative to Entra AD, Intune, and Active Directory. The platform provides SSO to your resources with environment-wide multi-factor authentication (MFA) and phishing-resistant authentication. Its password manager can be used to control access to systems that don’t support SSO. Integrated IAM improves IT efficiency through dynamic groups and HRIS integrations, all through a single console. Conditional access is also available as an option.
Note: JumpCloud federates or syncs with other identity providers (IdPs), offering you more choice.
The platform offers unified endpoint management with GPO-like policies for Android, Windows, Linux, and macOS platforms so admins can create policies that remotely disable virtual assistants, enforce full-disk encryption (FDE), configure system updates, and more. JumpCloud also includes an app repository to assist with software deployments. Remote Access tools are available for remote assistance and background troubleshooting; commands can be executed against devices for remediations. Cross-OS and browser patch management is also optional.
Reporting is built into JumpCloud for System Insights and more.
JumpCloud has also streamlined how Windows devices that are already in the field are provisioned. It’s working to enable return-to-service workflows to enroll Windows endpoints through Provisioning Packages (PPKG) created with Windows Configuration Designer (WICD). Packages can be deployed using USB drives or network shares. Admins may also opt to partner with their OEM or contact JumpCloud partners like GroWrk and Hofy to equip remote workers with the devices.
JumpCloud helps admins follow MDM best practices for heterogeneous device environments more effectively. When a prescribed policy isn’t going to get the job done, JumpCloud also enables IT admins to create and execute their own commands and scripts. It can also coexist with and be used to modernize Active Directory while keeping Configuration Manager running.
Active Directory Modernization
With JumpCloud, you have the freedom to replace AD altogether or integrate it seamlessly with your AD instance to get exactly the functionality you need. The platform includes Active Directory Integration (ADI), which has multiple deployment models to meet your company’s needs and objectives. ADI has a scalable deployment model that uses member servers to configure syncing with AD. It’s even possible to sync multiple domains to JumpCloud. This approach to cross-OS systems management provides greater time to value and ease of use.
JumpCloud vs. Entra AD with Intune: 5 Factors to Consider
Deciding between JumpCloud and Entra AD with Intune AD boils down to your particular identity and device management needs, your existing departmental tools in action, and your budget. As you evaluate your options, here are some key factors to consider:
1. Current and Future Platform Plans
Are you locked into Microsoft solutions for the foreseeable future? If so, Azure AD paired with Intune may be a good fit. Also consider JumpCloud, because it integrates with the Microsoft stack. Both approaches will meet the criteria outlined in Microsoft’s rapid modernization plan where assets are managed and conditional access rules can help evaluate security posture.
2. Tool Sprawl
JumpCloud centralizes user access and network management across all major operating systems. Microsoft permits this if you integrate Configuration Manager with Intune and other bundled services. The availability of services is dependent upon which licenses you have.
Admin and MSPs benefit from toolkit consolidation. Why? Using less tools to achieve the same (or better) results means less costs, less errors, and more time saved. If unifying your stack is important to you, for whatever reason, strongly consider a provider like JumpCloud. It even pairs nicely with Active Directory for IT managers who want some workflows to stay on-prem.
3. Microsoft 365 and Google Workspace Usage
Does your organization rely on Microsoft 365 or Google Workspace? Alternatively, have you struggled to choose one option over the other? While this may have been a major decision in the past, you can change providers down the line without having to tear everything down and rebuild. JumpCloud is a Google partner for secure and consistent integrations.
Entra AD with Intune and the JumpCloud platform provide integrations for these popular platforms. That means end users can access either productivity platform with one set of credentials. Admins can either manage user permissions from the Azure portal or the JumpCloud portal.
Read: Manage Google Workspace and Microsoft 365 Identities in Minutes from a Single Cloud Directory to learn more about JumpCloud integration.
4. Non-System Needs
When evaluating which identity management provider is right for you, consider your non-system needs. For instance, if you’re interested in LDAP, RADIUS, Samba, SSH, and other protocol support, JumpCloud’s protocol level hosted services will make life easier.
JumpCloud’s multi-protocol approach unifies the management of identities so that each user has a single set of credentials instantly mapped to the many things an employee needs. It also streamlines the offboarding process as admins can instantly extract user access to a myriad of different resources with the click of a button.
5. Vendor Lock-In
Another relevant issue IT leaders face is vendor lock-in. Though Microsoft continues to promote tech diversity, the brand is financially motivated to keep customers on the Windows and Azure platform track. Microsoft integrates with other technologies, but as noted with the example of MDM providers clashing with Configuration Manager outlined above, it’s not always so easy.
Unfortunately, this becomes problematic when admins later realize they need additional tools to accomplish increasingly ambitious security goals. For example, Microsoft made significant licensing changes to Entra ID by moving privileged access management and other identity governance features out of Entra. It’s now requiring an additional license on top of it.
Most organizations with Entra AD eventually end up adopting AAD Connect, AAD DS, and other Microsoft-owned tools to drive a Zero Trust security approach. If Microsoft is your “ride or die,” it’s no big deal. But if another vendor offers an eye-catching user experience or capability that would be a game-changer, tool incompatibility becomes a very big deal.
The JumpCloud open directory platform is a more flexible and affordable option if you’re considering the long-term goals of every department and the company as a whole to utilize best-of-breed solutions. IT can spend less time integrating a complex suite of tools and services and more time being focused on its mission while avoiding software monoculture.
Learn more about Intune pricing vs JumpCloud.
IT Infrastructure Unification
Both JumpCloud and Entra AD with Intune provide immense benefits to organizations wanting to enhance MDM. For cloud-forward and cross-platform organizations that wish to use best-of-breed technologies, JumpCloud is the superior choice. Endpoint Manager may make sense for on-prem and mostly Windows-based companies that have resources to throw at its integrations.
In either case, we encourage you to give serious consideration to how many disparate tools you’re using in your IT stack. The best way to relieve stress as an IT manager, without diminishing productivity, is to do more with less.
The JumpCloud open directory platform consolidates several common IT tools into one platform — Enterprise Mobility Management (EMM), MDM, IAM, SSO, and directory management — while reducing Total Cost of Ownership. Rather than purchase multiple solutions with Entra AD (e.g., Intune, AD, Entra AD DS, Entra AD Connect, etc.), we invite you to get started with JumpCloud.