What’s the best way to manage access to our iOS and Android devices?
It’s a common question, especially with the recent emergence of BYOD security and remote work policies in many organizations. Choosing a mobile device management (MDM) solution for a modern, heterogeneous environment can be daunting.
In recent years, Microsoft has made strides to provide more cloud-friendly software solutions. Among these products is their MDM platform Intune. Though the product allows organizations to operate entirely in the cloud, there are some limitations. As of now, Intune does not provide the same management capabilities as System Center Configuration Manager (SCCM)
Have you been wondering about the relationship between Intune and SCCM replacement? Are you looking for a new MDM platform? In this article, we’ll dive into the differences between Intune and SCCM. We’ll also compare a couple of popular MDM options among IT admins, MSPs, and CISOs: Azure AD vs. JumpCloud.
SCCM vs Intune: Features and Capabilities
Overview of SCCM
SCCM, formerly called SMS, is Microsoft’s on-prem system management solution. Admins generally pair SCCM with Active Directory to manage fleets of on-prem Windows devices.
Over time, SCCM’s capabilities have expanded to include mobile devices and non-Windows operating systems. With SCCM, admins can manage the deployment, configuration, and level of security enforced over an enterprise’s devices.
SCCM also allows admins to protect endpoints by managing the Windows Defender® suite (antivirus and firewall functionality mainly). Other features include:
- Resource access management
- Compliance settings
- OS deployment
- Software update management
- Software deployment
- Legacy support
On its own, SCCM works best for entirely on-prem infrastructures.
Implementing, configuring, and maintaining SCCM is a complex process. Without the proper skills or experience, SCCM can be more trouble to work with than its potentially worth.
Overview of Intune
In recent years, Microsoft bundled Intune with their user management platform, Azure Active Directory. One of the reasons many admins consider Intune is its ability to check devices for compliance prior to them gaining access to Azure-related services such as Office 365.
As part of the Microsoft Enterprise Mobility + Security (EMS) suite, Intune integrates with Azure AD to control access to different types of resources on a corporate network. It also integrates with Azure Information Protection for data protection.
The challenge is that it’s not a complete replacement for the system management capabilities many have come to know and depend on with Active Directory and/or the Microsoft Endpoint Manager. Furthermore, the types of laptop and desktop systems Intune can support are often too narrow for the cross-platform IT environments found in most modern organizations. For this reason, many IT admins are in search of an Intune alternative. Other common comparisons include Intune vs. MobileIron, Intune vs. AirWatch, Intune vs. Jamf, and more.
JumpCloud: An Alternative to Intune and SCCM
The platform offers GPO-like policies for Windows, Linux, and macOS platforms so admins can remotely disable virtual assistants, enforce full-disk encryption (FDE), and configure system updates all with a few clicks.
Essentially, JumpCloud helps admins follow MDM best practices for heterogeneous device environments more effectively. When a prescribed policy isn’t going to get the job done, JumpCloud also enables IT admins to create and execute their own commands and scripts on all three platforms.
JumpCloud vs. Azure AD with Intune: 5 Factors to Consider
Deciding between JumpCloud and Azure AD with Intune boils down to your particular identity and device management needs, your existing departmental tools in action, and your budget. As you evaluate your options, here are some key factors to consider:
1. Current and Future Platform Plans
Are you locked into Microsoft solutions for the foreseeable future? Are the majority of devices under your care corporate-owned iOS and Android mobile devices? If so, Azure paired with Intune may be the best fit.
However, if you see yourself transitioning toward a Zero Trust Security framework or cloud-based infrastructure in the near future, the JumpCloud open directory platform is the more flexible and affordable option. When buying any piece of software it’s essential to consider the long-term goals of every department and the company as a whole.
Considering the prevalence of remote work and BYOD policies, cloud-based directories and multi-functional IT toolkits are quickly becoming the more convenient choice.
2. Tool Sprawl
As mentioned earlier, JumpCloud centralizes user access and network management across all major operating systems. It provides GPO-like capabilities to manage fleets of systems via policies, including local admin system controls, full-disk encryption with FileVault 2 and Bitlocker, screen lock regulations, and more. It also has Apple MDM capabilities available for macOS machines to handle security functions and configuration profile distribution.
Most of the admin and MSPs we know are big fans of toolkit consolidation. Why? Using less tools to achieve the same (or better) results means less costs, less errors, and more time saved. If unifying your stack is important to you, for whatever reason, strongly consider a provider like JumpCloud. It even pairs nicely with Active Directory for IT managers who want to stay on-prem.
Alternatively, if tool sprawl isn’t a concern, you can navigate between three separate platforms: Active Directory, Azure AD and Intune to oversee network security. It’s worth emphasizing that Intune does extend to macOS and Linux. However, some functionalities are limited in comparison to its more Apple-friendly competitors, such as Apple Business Essentials.
3. Microsoft 365 and Google Workspace Usage
Does your organization rely on Microsoft 365 or G Suite? Alternatively, have you struggled to choose one option over the other? While this may have been a major decision in the past, you can change providers down the line without having to tear everything down and rebuild.
Both Azure AD with Intune and the JumpCloud open directory platform provide integrations for these popular platforms. That means end users can access either productivity platform with one set of credentials. Admins can either manage user permissions from the Azure portal or the JumpCloud portal with ease.
Read: Manage Google Workspace & Microsoft 365 Identities in Minutes from a Single Cloud Directory to learn more about JumpCloud integration.
4. Non-System Needs
When evaluating which identity management provider is right for you, consider your non-system needs. For instance, if you’re interested in LDAP, RADIUS, Samba, SSH, and other protocol support, JumpCloud’s protocol level hosted services will make life easier.
JumpCloud’s multi-protocol approach unifies the management of identities so that each user has a single set of credentials instantly mapped to the many things an employee needs. It also streamlines the offboarding process as admins can instantly extract user access to a myriad of different resources with the click of a button.
5. Vendor Lock-In
Another relevant issue IT leaders face is vendor lock-in. Though Microsoft continues to promote tech diversity, the brand is financially motivated to keep customers on the Windows and Azure platform track.
Unfortunately, this becomes problematic when admins later realize they need additional tools to accomplish increasingly ambitious security goals.
Most organizations with Azure AD eventually end up adopting AAD Connect, AAD DS, and other Microsoft-owned tools to drive a Zero Trust Security approach. If Microsoft is your “ride or die,” it’s no big deal. But if another vendor offers an eye-catching user experience or capability that would be a game-changer, tool incompatibility becomes a very big deal.
IT Infrastructure Consolidation
Both JumpCloud and Azure AD with Intune provide immense benefits to organizations wanting to enhance MDM. For cloud-forward and cross-platform organizations, JumpCloud is the superior choice. For on-prem and mostly Windows-based companies, Azure AD device management may make sense.
In either case, we encourage you to give serious consideration to how many disparate tools you’re using in your IT stack. The best way to relieve stress as an IT manager, without diminishing productivity, is to do more with less. The JumpCloud open directory platform consolidates several common IT tools into one platform — MDM, IAM, SSO, and directory management — while reducing Total Cost of Ownership. Rather than purchase multiple solutions with Azure AD (e.g. Intune, AD, Azure AD DS, Azure AD Connect, Azure MFA, Azure VPN, etc.), we invite you to try JumpCloud for free.