Intune vs. JumpCloud App Deployment

Driver and impact drills are similar power tools that serve different purposes. Using the right tool for the task at hand makes it easier to get things done. You’d also make considerations like whether it’s compatible with your other hardware when it’s time to choose one. Software-as-a-Service (SaaS) tools are no different.

JumpCloud and Microsoft’s Intune provide options for app lifecycle management on many types of devices throughout your fleet. The former is an open directory platform that can deliver device management to other identity providers (IdPs), while Intune is included in Microsoft’s 365 (M365) bundles and works best with Microsoft services. Intune’s app management also has features that emphasize governance, risk, and compliance (GRC) and plugs into information protection.

In general, your requirements  determine the best tool for the job. This article breaks down each platform’s features and the business and organizational impacts of each service to help you determine which one is the right choice for your organization. Let’s start by exploring JumpCloud.

JumpCloud’s Software Management

JumpCloud provides a unified identity, device, and access management platform designed for IT simplification. App lifecycle management is an important component of healthy device posture, because keeping apps up to date is the best way to avoid vulnerabilities. The platform offers OS patching and the ability to install and manage apps from trusted sources like a private repository and app stores. It also manages apps on endpoints across multiple operating systems.

App Management

Admins can use the JumpCloud Admin Console to upload and install Android, Apple, and Windows apps from either uploads or app stores. It eliminates the need to host custom applications and purchase point solutions for app management. Android apps can be deployed on devices that are enrolled in Enterprise Mobility Management (EMM) using JumpCloud. JumpCloud’s App Repo will soon have parity between Microsoft Store app and Apple Volume Purchase Program (VPP) apps, for a patch-forward approach to app lifecycle management.

Considerations:

• MSI (Windows) and PKG (Apple) file formats are currently supported for the private repository. JumpCloud is working to add support for additional formats.
• Storage (total across the entire repository) is limited to 10GB.
• Egress (data consumed from the repository) is limited to 10GB per licensed user per month.
• Maximum allowable application size is 5GB.

Prerequisites:

• Requires Windows MDM for MSI deployments
• Requires Apple MDM for PKG deployments
• Packages must include valid, signed certifications to ensure file integrity

Approval Workflows

The ability for users to access requests to apps and an approval process is forthcoming. The feature will introduce a catalog of apps that can be requested as well as a workflow for approvals by designated managers. The goal is to enable users to obtain access to the apps they need when they need them.

Device Trust and Access Control

JumpCloud’s software repo only permits managed endpoints to increase security. Admins may enroll all corporate-owned devices (COD) and bring your own devices (BYOD). A strategy for mobile devices is especially important for remote, hybrid, or global work environments.

JumpCloud Mobile Device Trust prevents unmanaged devices (Android, iOS, iPadOS) from accessing enterprise services through browsers and native applications. It enhances mobile security through JumpCloud Go™, a phishing-resistant credential that eliminates passwords and MFA fatigue for a more seamless user experience. Device trust introduces stronger authentication factors to user portals and single sign-on (SSO) apps to protect your resources.

Intune’s Software Management and GRC

Microsoft Intune offers a comprehensive suite of features for app management. It’s not included with Azure Active Directory (AAD), now known as Entra ID, and is usually licensed through Microsoft 365 bundles. MDM must be “turned on” in AAD; Intune configures the enrollment options. Intune requires a Premium 1 AAD subscription or higher in order to work.

App Management

Intune allows you to deploy, update, and remove apps across various platforms, including iOS, Android, and Windows. Software can be distributed from private app stores and Intune can feature apps within Microsoft’s proprietary Company Portal app for end users. Devices that are joined via Active Directory (AD) are synced using the Configuration Manager connector. Intune is also used as a channel to distribute and manage Microsoft’s Office 365 apps for users.

Considerations:

• Microsoft Store for Business (licensed separately) syncs apps to Apple’s Intune; however, it is being retired in favor of Intune’s app management.
• Microsoft hosts prepackaged Win32 apps within its Enterprise App Catalog, which is another add-on for self-updating.
• Intune supports a variety of file formats.
• Apps may be sorted into categories.
• Admins may assign a code-signing certificate to distribute line-of-business apps.
• The maximum application size varies depending on the installer that’s being used. For instance, an ioS app can’t exceed 2GB but a Win32 app may be as large as 30GB.
• Intune includes 2GB of cloud storage.

Approval Workflows

Apps that are displayed in the Microsoft Store are vetted by admins. Administrative approvals may be configured for users to submit a business justification to access apps or scripts to one (or more) approvers. This workflow serves as a safeguard against a compromised admin account.

GRC Features

Intune provides tools for managing GRC, but isn’t strictly intended for that purpose. It’s often used in conjunction with other Microsoft solutions like Microsoft Purview and Azure Information Protection (AIP) to create a comprehensive GRC strategy. You have to license all of those services in order to get the most out of Intune and AAD, depending on your requirements.

App and Data Protection

App protection policies: Create policies to protect data within apps, ensuring sensitive information isn’t leaked or shared inappropriately. It works best with Microsoft Office.

Conditional access: Implement policies to control access to apps based on device compliance, location, and user risk. This requires Premium AAD subscriptions.

App configuration: Manage app settings to ensure compliance with corporate policies.

Monitoring and Reporting

App monitoring: Monitor app usage and performance to ensure they are functioning correctly.

Reporting: Generate reports on app deployment, usage, and compliance.

User and Device Management

App management on personal devices: Use Mobile Application Management (MAM) to manage apps on devices that aren’t enrolled with Intune.

Access control: Manage access to organizational resources and enforce compliance policies.

Proprietary Integrations

Intune works best when it’s used with other Microsoft products, some of which may not be optional.

AAD

Intune requires AAD. AAD is used to manage users and groups as well as to enable MDM and any access control policies related to devices. In other words, it’s a must-have integration.

Office Apps

Built-in app configuration and protection policies for Microsoft Office apps are more robust than what you can expect to see for any third-party software or services managed within Intune.

Information Protection and Microsoft Purview

AIP and Microsoft Purview aren’t needed to protect some sensitive data, but integrating those services enhances its data protection capabilities. Intune isn’t a standalone GRC suite; it plays a role within the broader Microsoft architecture.

AIP is a cloud-based solution that helps organizations classify, label, and protect sensitive data. 

Microsoft Purview is designed to help organizations govern, protect, and manage their data across their entire data estate. It combines data governance, data security, and risk and compliance management into a unified platform. However, it’s a separate product from AIP.

Open Directory Platform vs. Platform Bundling

Microsoft’s vertical product integrations and focus on GRC may make it the right tool for some organizations that have stringent compliance requirements, and are heavy users of Office apps. Its products are designed to work well together, but Microsoft could be a mismatch for organizations that want to choose best-of-breed apps beyond what’s included in M365.

Small- to medium-sized enterprises (SMEs) that value optionality and flexibility might instead opt for JumpCloud. It provides IT simplification and connects users to whatever resources they need. JumpCloud takes an interoperable approach via its open directory platform, making it possible for SMEs that use other IdPs like Okta or Google to also manage apps and devices.

Demo JumpCloud’s App Lifecycle Management

JumpCloud unites endpoint management with identity and access management (IAM). This architecture delivers strong access control while consolidating IT management tools into a single console for greater operational efficiency. 

Admins can even temporarily elevate local account permissions on a time-bound basis, execute PowerShell commands, provide remote assistance, and manage software and OS patching — all from a single pane of glass. SMEs can license for workflows versus product integrations.

Connect to whatever resources you need, including AD, Google Workspace, HRIS platforms, and more. You can try JumpCloud for free to learn whether it’s right for your organization.