The world we live in is changing at an amazing pace.

The innovation enabled by the rapid growth and worldwide adoption of the internet has been absolutely incredible. Surely that’s no surprise to anyone connected today, but let’s take a moment to put it into perspective the jaw-dropping scope of the number of connected devices.

One of the trendiest buzzwords to hit the market today is the IoT (Internet of things). The IoT is exactly what it sounds like; a collection of devices that connect to the internet.

Map of the IOT landscape across the globe.
The Internet of Things

This could be anything from your Nest thermostat, that Tesla roadster parked in your garage, or the far more common smartphone sitting in your back pocket. Sounds like that could be a lot of connected ‘things’, right? Well, as of 2018, the IoT was a $151B market with 7B connected devices and is expected to reach 10B by 2020.

What exactly does this have to do with MobileIron or Intune? Well, as the number of connected devices skyrockets, organizations are scrambling to protect their data that could invariably find their way to those devices.

Traditionally, a business would view their datacenter as the security boundary. But as we dive into a more cloud-first, a mobile-first world that simply is no longer true. We need to ensure that data is protected, regardless of which ‘thing’ it ends up on. In order to accomplish that, businesses are transitioning to unified endpoint management (UEM) solutions like Intune and MobileIron.

Let’s dive into this Microsoft Intune review.

Application Management

In the past, companies would use device management solutions to enforce strict control over devices before granting them access. Sounds good, right? Well, what about situations where end-users bring their own devices or try to access your data from a device not owned by your company?

Sure, you could choose to block those devices but that means you’ll need to provide those users with devices to work with remotely. Even in that scenario, most individuals would prefer not to carry a personal device and a work device.

Modern management solutions take that struggle into account and allow application-level control of your data, regardless of what devices it ends up on. This is where solutions like Intune or MobileIron shine. They allow you to ensure that data you’re putting on a specific device stays on that device.

Mobile Device Management - MDM - separates and secures corporate data from personal data.
Mobile Device Management allows you to separate and secure corporate data from personal data.

You’re able to enforce data encryption. You’re able to ensure the data can’t be moved to an unmanaged location. As an administrator, you are able to effectively remove your data from that device when necessary.

Comparing Intune versus MobileIron in Managing Your Data

Now let’s take a minute to compare both Intune and MobileIron when it comes to managing your data on end-user owned devices (BYOD). Both solutions offer great functionality here; they grant you the ability to ensure that your data doesn’t leave the application that it started in. No copy/paste, no save to the device, no save to unsupported cloud locations, enforce encryption, etc.

The problem is that both solutions require you to use their client (Outlook, OneDrive, Apps, Docs, or Mail+). Things like the default applications in iOS and Android are out of the question due to a lack of SDK (Software Development Kit) support.

MobileIron struggles here because typically, in order for you to actually get the required app, you need to enroll the device and enforce a wider area of control. More control than some individuals are comfortable granting to their employer over their personal devices.

Intune’s MAM

Microsoft’s Intune allows for application management (MAM) without enrollment. Simply use the Outlook app (or OneDrive, SharePoint, Box, Dropbox, etc.) and sign-in from any device as you normally would to access your data. At that point, policies created by the administrator are enforced on the application itself and not on the device. Again, the goal here is to prevent someone from taking sensitive information and copying directly to their iOS mail app and forwarding it outside of your scope of influence.

Intune MAM illustration
Intune MAM separates and protects your personal from corporate data.

Consider that the Enterprise Mobility and Security license required for Intune also includes Azure AD Premium for auditing and reporting in Azure as well as Conditional Access to restrict access or require multifactor and it’s a pretty compelling argument for Intune.

The official graphic from Microsoft for Azure Active Directory Premium.

 Device Management

Management of the device as a whole is a little easier to accomplish and has been an industry mainstay for a decade. Both Intune and MobileIron are excellent options if you’re going to require all devices to be enrolled and managed centrally.

In fact, MobileIron was selected as the industry leader by Gartner in 2017. The problem of needing specific applications on the device to access the data is easily overcome by simply pushing the required application to the device in question.

Of course there’s more to working remotely than just using applications; you’re also able to push configuration like WiFi profiles to allow them to automatically connect to the office WiFi or deploying certificates to the device to allow a more secure, seamless sign in experience when they open up their work apps.

Requiring enrollment is the big gotcha here. It’s difficult to require an end-user to enroll their device; after all, it is theirs. And what happens when one of those 10B other connected devices is able to be integrated in the near future (here’s looking at you Alexa, Cortona, and Ford)?

Trending Forward

This is a 3D graphic illustrating how enterprise data is integrated securely, from the company's server to a mobile device information provider using MobileIron.

While MobileIron may be a great option for mobile device management today, there are some glaring limitations that they need to address. Today, MobileIron is truly only an MDM/MAM solution with Android and iOS in mind. It struggles with cloud integration for the directory which means that the future is a little murky when there may no longer be an on-premises ‘identity’ for your users.

It also doesn’t have a way to integrate Windows devices (or platforms that may operate as ‘dumb’ devices, like Alexa); which will be a key differentiator in the future as more and more of that IoT make their way into the business landscape.

Intune is already built with Azure Active Directory as it’s backbone to provide conditional access, multifactor authentication, and all the analytics and telemetry you need to find out who signed in, how many times, and from where.

Microsoft has positioned Intune as the clear replacement of System Center Configuration Manager (SCCM) for modern endpoint management, all while allowing for device co-management with SCCM still in the picture to handle legacy endpoints.

Intune Takes the Lead

Not only has Microsoft built a solution in Intune that disrupted the enterprise mobility market, they immediately doubled down by partnering with other major players to ensure that as industry evolves, they’ll not be left out.

Now all this isn’t to say that MobileIron (or any of the other current solutions) isn’t an excellent answer to the problem of securing your data on mobile devices. MobileIron scales incredibly well with numerous deployments exceeding 100,000k devices and there’s an on-premises offering for organizations that are entirely cloud adverse.

But the question really is; why would I choose MobileIron over Intune and considering the way that Microsoft has positioned themselves to take advantage of connected devices in the future with Azure, MobileIron has a tough time standing up.