How does EMS / InTune stack up against the other EMMs?


I’m in the process of reviewing a lot of information about whether we should consider EMS (InTune) to manage our end points. We have a lot of iOS and Android devices ,as well as an interest to support some Windows 10 tablets

Considering how little content there is on this site for InTune - I’m curious if people think it is in the same league as the likes of MobileIron, AirWatch ?

MS Intune should be fine as a base MDM server. It lacks some advanced EMM features, however it can be really powerful once its integrated with XenMobile Essentials for EMS on Azure. The Airwatch or MobileIron does not have a similar offer.

If you need however a single product, than I would recommend Citrix XenMobile, because it provides advanced security and productivity features above and beyond what Intune can offer on its own.

I’d suggest to also to look at the latest Gartner 2017 EMM MQ report too which compares MaaS360, Airwatch, Mobileiron to Intune too.

Thanks - What are your thoughts on ensuring an EMM uses more open standards/approaches such as ? It seems InTune does not ?

Open is always best and always wins long term. The eco system is everything. Without the right apps and having the choice of the right apps it is all a bit irrelevant IMO. Although Microsoft does not support they are starting to open up with their Graph API where other EMM providers can now configure MS apps. I have seen many a company head down the SDK, Wrapping and proprietary path and none of them are happy long term. Any of the leaders will likely deliver what you need but the following may help guide you.
On Prem or Cloud?
On Prem - I like MobileIron. The appliance architecture is a really strong point.
Cloud - I like AirWatch. Best in class leader.
Linux or Windows?
Can you / do you support Windows servers in your DMZ. Some highly security conscience companies do not. This rules out AirWatch in some circumstances. MobileIron (Sentry) and Citrix (Netscaler) stand up well.
Android and iOS
Is Android Enterprise support / functionality important to you? This might rule out Intune as they dont really support it right now. (might change over time).
Existing relatoinships
Are you a Citrix, Microsoft, IBM or VMware shop already? This may help with commercials although they are all similar at the end of the day when you go up the value chain.
Complex SSO and Certificates
Maintaining simplicity is complex.

I could go on and on but the real answer is… what are your requirements from a user, from a device OS, from apps, from IT and so on. From there mapping the correct technical solution is much easier.

Thanks @randall_cameron some great points

Cloud would be the desired state but we do have a lot if stuff still on-prem such as email, which the are very protective about - QQ - why would that rule Airwatch out ?

We also are starting to move to G-Suite so that is a consideration to - so it would ideally need to support that experience on all devices (including native PIM on iOS)

Android for Work yes, that’s needed too as we want to support that experience. QQ : where do you see MS/InTune lacking in that space - I assumed that should be straight forward for them to support ?

And as for SSO we heavily use Certs for authentication / SSL today and we gave our own internal directory service.

How do those things play into your thinking ?

Hi - I would welcome your comments on my earlier questions.

As I dig into this - It’s interesting to see the gaps that exist with InTune and the market leader EMMs, for example it seems there is a desire here to have the ability to have two managed mail profiles (ActiveSync/PiM) and they also want to use gmail/G-suite in a way that we can obfuscate the password so that the user never knows it. - Mobileiron seems to support those two.

In my point of view having G-Suite along with InTune is not a good move as both are direct competitors. There will not be the same integration with g-suite that you can have with other EMM leaders.

Both Airwatch and MobileIron integrate Google API to provision accounts provide security on G-Suite.

From a Cloud only strategy Airwatch is good one, MobileIron Cloud gained in maturity and is now a good product.
I think the best is to start a PoC comparing both products.


Android Term Glossary

Microsoft InTune supports Android Enterprise but has a very big limitation for Zero Touch (automated company owned device device enrolment program like Apple)

InTune only supports Kiosk mode (COSU – corporate owned single use) when automatically enrolled through Google/Android Zero Touch and the token required from InTune if you want Kiosk mode through ZeroTouch registration only lasts a maximum of 90 days! (Then you have to annoyingly renew it)

This isn’t good because a corporate device we want to have the device managed in other different states:

  • COBO (corporate owned business only) fully managed device – device owner mode, works like normal device but only business pushed apps to “managed” Google Play Store are available to install

  • COPE (corporate owned personal enabled) fully managed device – device owner mode, works like normal device but a work profile “container” is created so the user can still use the device for personal use so the user can install personal apps from Google Play Store; business configs are put into work profile and pushed apps from “managed” Google Play Store are available to install in the work profile “container”