Sylbek Cloud Support >> Home    Cloud Support: Deutsch Cloud Support: English

Microsoft Azure AD, Intune and Defender

Independence from the on-prem network by using Azure AD for user management, Intune for device management and Defender for device protection and app security.


Author: created on 2022-04-09



Microsoft 365 Cloud-Only Network

Microsoft Azure AD, Intune and Defender
Drawing: Sylbek 2020


What is Azure AD

Azure Active Directory (AAD or AzureAD) is a Microsoft Cloud Version that is used to manage users, groups and their rights.. This can replace an existing local Active Directory. Employees from office or home office can log on to AzureAD using email and password.

Both Active Directories can be connected with AzureAD Connect. User data is replicated from local AD to AzureAD. This makes it possible for users and groups to continue to be managed locally. Users use the same credentials for AzureAD too.

During the installation of Windows 10 or Windows 11, it is possible to join to AzureAD. You can also connect to AzureAD at any time through:
Windows desktop -> Settings -> Accounts -> Acess work or school.

AzureAD is available in all Microsoft 365 or Office 365 plans. g. As soon as you login to OneDrive, Word 365 or Teams you are logged-in to AzureAD. There are 3 Versions available AzureAD: Basic, Premium P1 and Premium P2.
More information: Azure Active Directory.

Device management with Endpoint Manager

With Endpoint Manager (formerly Intune) Windows, MacOS, iOS and Android devices are managed centrally. Windows 10/11 receive additionally security updates, advanced functions in firewall and virus protection.

When a Windows 10/11 device connects to AzureAD, it can be automatically rolled out in Intune or Endpoint Manager, through MDM service (Mobile Device Management). For it you need set the following:
AzureAD admin center -> Mobility (MDM and MAM) -> Microsoft Intune and select All under MDM user scope.

Endpoint Manager can also be used to protect apps for Windows 10/11, Android and iOS devices at the application level using MAM (Mobile Application Management). E.g. You can set that Outlook email data is not passed on to other uncontrollable apps e.g. on Facebook app.


Intune company portal
Source: support.microsoft.com


An administrator can create an app collection with apps that can be installed in the background on all company devices or device groups. A company portal with software can be available to all users. This allows users to optionally install the prepared software if they are authorized to do so.

More information: Microsoft Intune.

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint (former Microsoft Defender Advanced Threat Protection (MDATP)) is a SaaS service that provides antivirus, firewall and other complex threat protection.

When devices are connected to Endpoint Manager, it can be set to automatically be rolled out in MDE. Defender Client, which provides virus and firewall protection, is already running on Windows 10/11 systems.
MDE also offers protection for Windows 7, 8.1, Android, iOS, macOS and Linux. With the integrated software inventory, you can check the apps installed on the devices. With it, you'll find the apps threat and vulnerability scores (CVVS), as well as recommendations for removal and updates.

Endpoint software inventory
Source: support.microsoft.com
More information: Microsoft Defender for Endpoint.

AzureAD, Intune and Defender cost

AzureAD is available in 3 versions:AzureAD Premium P1 and Premium P2 are also available as a standalone product.

Microsoft Intune since March 2023 is available in 3 versions: Intune Plan 1, Intune Plan 2 and Intune Suite. Unfortunately, Plan 2 or Suite do not include Plan 1, so customers will need 2 plans to get the scope of the previous Microsoft Intune. Microsoft Intune P1 is included in Microsoft 365 Business Premium and Mobility + Security E3.

Microsoft Defender is available in 3 versions:
All 3 versions of Microsoft Defender are also available as a standalone product.

To get all 3 products (AzureAD, Intune, Defender) you would need Microsoft 365 Business Premium or for the advanced version (P2 for AzureAD and Defender) Microsoft 365 E5 is needed.

We can create a test tenant for your company with max. 20 users and a duration of 90 days. If needed please contact us.




Contact and Support
☏ +49 721 66980 610


Write to us,
you can expect an answer on the same or next working day.



Your message





Get together and talk
We would be happy if you pick a time (right here) and arrange a free online meeting with us via Microsoft Teams. For example, we could talk about whether you can optimise your M365 licenses and reduce costs.

Customer support
We are here to help you with any questions you may have about Microsoft 365 and Azure. You can count on our support at fair prices in the range of 70-90 EUR per hour. We can use your ticket system or our support Jira ServiceDesk, see sample ticket.

You will be supported by security experts who continuously update their Microsoft skills and prove them with manufacturer certificates. This is a MUST for us to keep customer support at the highest level and up to date with the latest technology.


Copyright Copyright 2003 - 2024  Sylbek Cloud Support
Your IP 13.59.205.182, your resolution , our time