Part II: Choosing between MobileIron and Microsoft Intune for Unified Endpoint Management (UEM)
Ojas Rege | May 02, 2018
Mobility is a Tier 1 service that requires Tier 1 security and reliability. If mobile goes down, your CEO knows right away. MobileIron is a best-in-class security and enablement platform for modern work. We establish a zone of trust around endpoints and clouds so everyone can work easily and effectively from anywhere. MobileIron integrates with Microsoft Intune App Protection to set additional security controls for Microsoft Office 365 apps. Intune is a complement, but not a security substitute, for MobileIron.
This three-part blog is my perspective on how MobileIron and Microsoft are better together, including our integration with Microsoft Intune. My opinions are based on publicly available and third-party data, customer and partner feedback, and ongoing analysis of Microsoft’s actions. Part I of this blog discusses how MobileIron and Microsoft Intune App Protection work together to secure Office 365 apps. Part II discusses the advantages of MobileIron over Intune as a unified endpoint management (UEM) solution. Part III describes the role of MobileIron and Microsoft in a broader enterprise strategy.
Can Intune do what MobileIron does for endpoint security?
No. Intune plays an important role for Microsoft app policy control, but it has functional gaps for security compared to MobileIron.
But isn’t Intune “free?” Won’t it save me money over MobileIron?
“Free” security is rarely great security, and weak security can be very expensive. Mobility is a Tier 1 service and requires Tier 1 security. When mobile services go down or are compromised, your CEO is impacted. MobileIron works. MobileIron is a proven, highly scalable, multi-OS and multi-cloud solution with strong security credentials. While Intune has an important role in the Microsoft ecosystem, it is not a best-in-class security solution.
Won’t Intune catch up on functionality over time?
Mobile moves fast, and security can’t wait. UEM is expensive to maintain because Android and iOS are constantly changing. I expect Intune to be a Windows-first solution. I believe Microsoft is unlikely to put the interests of Apple or Google before its own, and that Intune’s modern management roadmap will be weighted toward Windows. The Windows footprint is under pressure from Apple and Google, and Windows is central to the Microsoft Modern Workplace strategy.
What is MobileIron’s advantage over Intune?
MobileIron is superior to Intune for security. We have a consistent solution across operating systems and cloud services. Intune does not focus on high security for Android or iOS. MobileIron will protect your data and let you scale reliably to new devices and new services. A future-proof UEM solution must be OS-neutral.
When comparing UEM solutions, check:
- Does the solution have security certifications (FIPS 140-2, FedRAMP, Common Criteria MDM Protection Profile)? See Gartner report here.
- Can you secure Android enterprise? Can you block untrusted app stores, force firmware upgrades, secure SD cards, and do bulk enrollment?
- Can you secure macOS devices? Can you manage applications, support Apple’s Device Enrollment Program (DEP), and unify policies with iOS?
- Can you automatically delete all business data and apps from a compromised device?
- Can you stop unauthorized devices and apps from accessing both Microsoft and non-Microsoft cloud services?
- Can you detect device and network exploits and take automatic device remediation actions?
- Can you tunnel business traffic through an integrated per-app VPN without tunneling personal traffic?
- Can you leverage your security ecosystem through a broad set of integrations? MobileIron has more than 300 integrations with ISVs. Can you support both cloud and on-premises deployment?
- Can you support both cloud and on-premises deployment?
Test these use cases:
- App trust: Download the Salesforce1 app from the Apple App Store to a managed iOS device. The app itself is unmanaged because it was not downloaded from an enterprise app store. Use your credentials to log in. Is your login blocked? If not, your data is now unprotected on the device. You have a major compliance issue because you cannot delete that unprotected data or stop it from being shared with consumer apps.
- Device trust: Root an Android device. Is all your business data automatically deleted from the device? If not, then all your data and credentials are at risk.
- Tiered compliance: Apple releases a new version of iOS with important security improvements. Can you send a notification to users that don’t upgrade and then automatically quarantine their devices if they still haven’t upgraded 24 hours later? If not, then you have a lot of manual work ahead of you.
What is Intune’s advantage over MobileIron?
- Customers often perceive Intune to be “free” because it’s part of a larger bundle bought from Microsoft.
- Intune may have proprietary integrations with Microsoft services that Microsoft doesn’t make available immediately to the ecosystem.
Will Intune be a strong solution for Windows?
Yes. I expect Intune to be a best-in-class modern management solution for Windows, unlike for Android, Chrome OS, iOS, or macOS. It is logical for Intune to be Windows-First. However, even on Windows, Microsoft might have conflicts of interest that inhibit integration with non-Microsoft services like McAfee ePolicy Orchestrator (ePO).
Some customers will want one solution that covers every endpoint. Other customers will be fine with two solutions. In either case, MobileIron would still leverage Intune behind-the-scenes as a policy API for Microsoft apps. Some enterprises might consider Intune as a UEM solution across all their endpoints, but I believe this is a risky path because securing operating systems from Apple and Google is unlikely to be a priority for Microsoft.
Mobility is a Tier 1 service. Your UEM solution has to be reliable and future-proof. In 2017, MobileIron was a Leader in the Gartner Magic Quadrant, Forrester Wave, and IDC MarketScape for EMM. Intune was not.
Together, MobileIron and Intune offer best-in-class UEM and best-in-class Azure policy.
Do it right. Or do it twice.
Any information concerning products and services other than MobileIron’s comes from public and third-party sources. Although we believe it to be accurate, we have not independently verified it and we cannot guarantee its accuracy.