21 Nov.

Use cases for Microsoft Intune Client Software vs MDM

Something that often comes up during conversations about managing Windows PCs with Intune is whether they should be managed as a PC or as a mobile device. As with most conversations, there isn’t usually a clear cut answer. In this post I will highlight some of the scenarios where one option might make more sense than the other. In the next post I will have table that compares the two options side by side. Please note that these do not cover every single scenario that you might encounter, but instead should get you started in making the right decision.

Scenarios where the client software install makes sense

  1. More complex application setup requirements – if you have setup requirements greater than an MSI file, the Intune client can address this. With support for .exe and .msi setups with additional files and folders included it offers much more flexibility. You also benefit from the peer distribution capabilities of Intune if you allow that traffic on your network
  2. Centralised anti-malware management and reporting – if you are planning on using Intune Endpoint Protection as managed through the Intune Portal, MDM doesn’t deploy/manage that.
  3. Better update management and insights – Windows 10 isn’t as heavily impacted here as 8.1, with Windows 8.1 offering finer control over what gets updated. The insight into installed and missing updates isn’t something that MDM provides.
  4. Software inventory – the PC agent provides reporting on all software it detects, as opposed to reporting on just reporting on what it manages.
  5. Support for Windows 7 through to Windows 10 – if you want a consistent Intune management experience for all supported versions of Windows, this is your best option. Once the majority of the mobile PC fleet is Windows 10 based, it might be worth reinvestigating if MDM provides the capabilities that you require.

Scenarios where MDM makes sense

These are the flip side to the above points

  1. You have single file MSI installs, or are willing to repackage
  2. You already have centralised anti-malware management and reporting
  3. You are dealing with a BYOD environment where you don’t care as much about the update status of the PC
  4. You do not want full software inventory, eg BYOD
  5. You have moved away from previous editions of Windows

Things aren’t usually this clear cut, but these are part of the conversation you will need to have around these topics. If you need details on getting started with the Intune PC client software, start with the following…

https://docs.microsoft.com/en-us/intune/deploy-use/manage-windows-pcs-with-microsoft-intune

https://docs.microsoft.com/en-us/intune/deploy-use/policies-to-protect-windows-pcs-in-microsoft-intune

 

Total Comments: Reply

Leave a Reply


%d bloggers like this: