When considering software-as-a-service for tracking, data security, or asset management, the choices may be overwhelming. If you’re currently on a Windows-based architecture or Microsoft is one of your vendors, you may know one of those options: Microsoft Intune.
As Intune is related to Prey in scope & functionality, we developed a guide to weigh up the strengths and weaknesses of both, so you can clearly visualize what’s better for you, or for your organization.
What is Microsoft Intune?
Microsoft Intune is a service working as a Mobile Device Manager (also known as MDM) and Mobile Application Management (or MAM). These two acronyms entail a lot of functionality! Mobile device management tools are very important for device administrators: they enable thorough management of computing devices of all sizes and types, including installed applications, policies, and sometimes location & tracking features.
On the other hand, MAM is a common feature of enterprise mobility management (EMM) tools, a first cousin of MDMs. The critical difference between them is the fact that MAM concerns the control of specific mobile devices -such as cellphones or tablets- on the application layer of the device. Whilst not being a complete EMM tool, MAM functionality such as app provisioning and app data protection is still present in Intune as a complement to their MDM offer.
Because of that cross-functionality, Intune is sometimes called a UEM, or unified endpoint management tool.
As an MDM with MAM functionality, Microsoft Intune is capable of key points on the security landscape:
- Deployment. Devices enrolled in Intune can be configured, managed, and their apps deployed and authenticated
- Policing. Intune can set rules and settings for enrolled devices to access specific networks and/or data inside the organization through VPN profiles. It can also rule how employees use a device and what can be accessed or changed in it
- Protection. Intune is capable of powerful data protection features, such as locking devices, encryption, data wipe, and factory resets
- Compliance. Being able to push updates, strict app management, and the use of reports for device security & health, allow TI managers to address compliance with security standards and measures.
How does Intune work?
Remember we said Intune was a service? Well, Intune works as a major component of the Endpoint Manager console. While Configuration Manager (the other big component of Microsoft Endpoint Manager) leverages its on-premise capabilities to manage PCs and servers, Intune extends its reach to the mobile world to manage and control mobile devices.
Microsoft Endpoint Manager works similarly to Prey, using a centralized control panel to enroll and manage devices. From this panel, the IT or manager can inspect the entire environment. And with the entire environment, we mean it: Intune can also enroll BYOD devices, a huge concern in certain organizations. Settings & permissions inside the manager are used to shape the access to enterprise assets, connections, software, etc.
Intune has a huge documentation page to guide configuration, device enrollment, features & integration. We’re obviously biased here, but Intune is a complex tool and it may be easy to get lost in the gist of it. If you’re looking for specific solutions to issues within Intune, we recommend you check Microsoft’s official documentation.
Are Prey and Intune the same solution?
While we share several features, Prey and Intune are not the same.
We already have described Microsoft Intune as a UEM solution comprised of device & mobile management. We slightly fall into that category. But Prey at its very core is a specialized tracking, location, and data protection solution which has management capabilities, not a full UEM or MDM.
In other words: while we share several characteristics, most of the time we don’t solve the same problems, and certainly not with the same level of effectiveness.
Another notable difference is the position of the two tools in a management or security stack. Microsoft Intune has a deep integration with Microsoft’s own operating system (Windows 10 & 11), domain, and software suite. It is tied exclusively to Active Directory & Azure Active Directory, and not exclusively to Windows & the Office 365 space.
On the opposite end of the spectrum, Prey is a standalone software-as-a-service, independent of other applications, types of directories, and operating systems. Prey can be more flexible, and be adapted to an increasing number of device security tools & configurations.
Can they work together? Of course! (more on that later). But first...
What Intune does best
Intune has been built from the ground up as an MDM solution. Therefore, it has solid features in that area, such as app management, policies, and permissions.
Solid Microsoft integrations
As we mentioned before, Intune has close ties with Active Directory and Azure AD (the cloud-based domain), and sometimes it comes bundled with end-user solutions like Office 365. In fact, professionals who use Microsoft’s stack of security and management tools would feel right at home or have an option to jump to Intune already.
Besides Intune’s great management features, it also can control what and where the users will connect their devices. While it’s not very easy to configure, a skilled manager can configure profiles for VPNs & WiFi networks. There’s also WiFi & Bluetooth Block, to limit the user’s access to connectivity in specific machines.
What Prey does best
Tracking & Location
While Intune has tracking capabilities, Prey’s stellar tracking & location are superior. Our industry-leading continuous tracking solution allows you to precisely locate devices without compromising the device’s battery. By the way: our tracking features work across all OS (including macOS, Ubuntu, iOS, Android, and older versions of Windows like 7 or 8), unlike Intune.
Ease of use
Intune’s integrations to the Microsoft stack come with a price: the Microsoft Endpoint Manager is a tough app to master and it has a steep learning curve. In stark contrast, Prey is way easier to roll out, and our user interface is intuitive, easy to learn, and doesn’t need formal training or extensive manuals to perform simple tasks.
Our flexibility and independence allow us to have competitive pricing compared to other alternatives on the market. Intune comes bundled with Office 365, a Microsoft suite that is pricier and hard to obtain for small and medium enterprises.
How can Prey & Intune work together?
By this point, there’s something you should be wondering first: Are any of those tools right for me?
Your organization may be in dire need of device-specific protection, in cases where you have a diverse fleet (laptops, mobile phones, tablets) or across operative systems. Without a doubt, Prey is your correct choice there.
But that doesn’t mean that Prey & Intune can’t work together! Prey comes forward to cover the Intune shortcomings in the field of tracking & location, for which we have already established that Microsoft has lacking alternatives within its suite. Prey can serve as a complement to an already established management environment: using Intune (and Microsoft Endpoint Manager) for app deployment & policing, and leaving tracking & location to us.