October 31, 2022
min read
Kas Nowicka
Kas has spent the last decade working with Microsoft’s cloud solutions and sharing governance, adoption, and productivity best practices with the MVP community.
Young workers using digital devices

As a concept, device management involves strategies for managing and maintaining work devices, often including physical computers, laptops, mobile devices, virtual machines, and internet-of-things (IoT) devices. As digital transformations become the norm and more companies shift to hybrid and remote workforces, device management will become a vital tool for security and efficiency. 

A structured mobile device management (MDM) policy ensures that all devices stay up-to-date, properly secured, and compliant with relevant regulatory policies. It’s not a new tactic by any means—the market value of the MDM industry is expected to reach an impressive $21.3B by 2029. But it is an important one for users who want to stay productive without needing to worry about staying on top of end-user security. 

Why Is Device Management in Microsoft 365 So Important? 

MDM policies are designed for work devices that aren’t permanently connected to a corporate network. Although remote workstations, bring-your-own-device (BYOD), and IoT integration have been gaining ground over the past decade, the COVID pandemic accelerated these advancements beyond industry-predicted timelines. 

And while some offices have resumed traditional in-office operations, many more are committing to a new work paradigm where remote and hybrid teams are the norm. Research suggests that 67% of employees use their personal devices for work in some capacity. 

Naturally, this acceleration has brought a host of security and compliance challenges to the table. Companies—many of whom had to adapt to remote work policies on the fly—have struggled to provide adequate security for the Microsoft 365 ecosystem

Across unsecured devices, a failure to maintain compliance, and an increased risk of cyberattacks across endpoints, businesses have a lot of ground to cover with their device policies. Hence, MDM has become a vital part of maintaining a business’s security profile. 

Although MDM is built into mobile device software out of the box, users will need an MDM service to access and control this client. When it comes to device management in Microsoft 365, users have two options:

  • Basic Mobility and Security 
  • Microsoft Intune 

What Is Basic Mobility and Security? 

Basic Mobility and Security are included in most Microsoft 365 plans as a primary way to manage user devices. (The only Microsoft licenses that do not include this platform are Microsoft Intune, Enterprise Mobility & Security E3, and Enterprise Mobility & Security E5.)  

This platform allows users to create and manage device policies, view in-depth device reports, and remotely wipe devices. Although it takes some configuration to set up, Basic Mobility and Security is a great way to handle basic device management across the most common OS platforms. 

What Is Microsoft Intune? 

Microsoft Intune is a cloud-based endpoint management solution for both mobile devices and applications. Intune is a standalone product included in some M365 plans, representing the strongest, most feature-rich solution for device management.

  • This platform goes well beyond Basic Mobility and Security to include
  • Device compliance features (and conditional access based on compliance)
  • Complete configuration options
  • Native VPNs
  • Application management and protection features
  • Zero-touch enrollment

It’s a powerful way to support organization wide security and improve Microsoft 365 efficiency across all devices. 

Which Device Management Solution Should I Choose? 

The choice comes down to your device and application management needs. 

Many Microsoft 365 users will already be familiar with the built-in Basic Mobility and Security platform. As the name suggests, this is a basic solution with a smaller feature set than Intune, and some companies might feel limited by the lack of options. Basic Mobility and Security are great as the first line of defense within a broader MDM framework, but for most enterprises, basic access controls and reporting won’t be enough. 

Intune goes beyond the basics to offer more in-depth MDM and mobile application management (MAM) features. Administrators can restrict access to certain devices entirely or limit access based on specific application usage. Most enterprises will leverage both in tandem as part of their broader device management strategy. 

One important distinction to note is that only Intune offers compliance and reporting features that support Zero Trust security. Intune gives users complete control over policy management and even includes automated features to deploy new applications or device policies at speed. Additionally, Intune integrates easily with security apps such as Microsoft Defender for Endpoint as well as other key applications in the Microsoft family. 

Going Beyond the Basic in Microsoft 365 Device Management 

It’s clear that Intune offers the strongest path forward for device management. But regardless of which controls are applied, companies need a way to ensure that their devices are monitored and always secured. 

In other words, it’s not enough to just set up a policy. For a truly secure IT architecture, companies will need to go beyond native admin tools and explore solutions that provide fully automated monitoring and response capabilities. 

Microsoft 365 management solutions like ours at CoreView offer a complete insight into, and control over, your M365 implementation. Our platform gives IT teams the power to manage all M365 administrative functions from a single dashboard, including licensing usage, security monitoring, and endpoint management across on-prem and cloud platforms.  

Contact us to learn more about our platform and request a demo!

Get a personalized demo today

Created by M365 experts, for M365 experts.