Microsoft Azure AD, Intune and Defender
Independence from the on-prem network by using Azure AD for user management, Intune for device management and Defender for device protection and app security.
created on 2022-04-09
Microsoft 365 Cloud-Only Network
Drawing: Sylbek 2020
What is Azure AD
Azure Active Directory (AAD or AzureAD) is a Microsoft Cloud Version that is used to manage users, groups and their rights.. This can replace an existing local Active Directory. Employees from office or home office can log on to AzureAD using email and password.
Both Active Directories can be connected with AzureAD Connect. User data is replicated from local AD to AzureAD. This makes it possible for users and groups to continue to be managed locally. Users use the same credentials for AzureAD too.
During the installation of Windows 10 or Windows 11, it is possible to join to AzureAD. You can also connect to AzureAD at any time through:Windows desktop -> Settings -> Accounts -> Acess work or school
AzureAD is available in all Microsoft 365 or Office 365 plans. g. As soon as you login to OneDrive, Word 365 or Teams you are logged-in to AzureAD. There are 3 Versions available AzureAD: Basic, Premium P1 and Premium P2.
More information: Azure Active Directory
Device management with Endpoint Manager
With Endpoint Manager (formerly Intune) Windows, MacOS, iOS and Android devices are managed centrally. Windows 10/11 receive additionally security updates, advanced functions in firewall and virus protection.
When a Windows 10/11 device connects to AzureAD, it can be automatically rolled out in Intune or Endpoint Manager, through MDM service (Mobile Device Management). For it you need set the following:AzureAD admin center -> Mobility (MDM and MAM) -> Microsoft Intune
and select All
under MDM user scope
Endpoint Manager can also be used to protect apps for Windows 10/11, Android and iOS devices at the application level using MAM (Mobile Application Management). E.g. You can set that Outlook email data is not passed on to other uncontrollable apps e.g. on Facebook app.
An administrator can create an app collection with apps that can be installed in the background on all company devices or device groups. A company portal with software can be available to all users. This allows users to optionally install the prepared software if they are authorized to do so.
More information: Microsoft Intune
Microsoft Defender for Endpoint
Microsoft Defender for Endpoint (former Microsoft Defender Advanced Threat Protection (MDATP)) is a SaaS service that provides antivirus, firewall and other complex threat protection.
When devices are connected to Endpoint Manager, it can be set to automatically be rolled out in MDE. Defender Client, which provides virus and firewall protection, is already running on Windows 10/11 systems.
MDE also offers protection for Windows 7, 8.1, Android, iOS, macOS and Linux. With the integrated software inventory, you can check the apps installed on the devices. With it, you'll find the apps threat and vulnerability scores (CVVS), as well as recommendations for removal and updates.
More information: Microsoft Defender for Endpoint
AzureAD, Intune and Defender costAzureAD
is available in 3 versions:
AzureAD Premium P1 and Premium P2 are also available as a standalone product.
since March 2023 is available in 3 versions: Intune Plan 1
, Intune Plan 2
and Intune Suite
. Unfortunately, Plan 2 or Suite do not include Plan 1, so customers will need 2 plans to get the scope of the previous Microsoft Intune. Microsoft Intune P1 is included in Microsoft 365 Business Premium
and Mobility + Security E3
is available in 3 versions:
All 3 versions of Microsoft Defender are also available as a standalone product.
To get all 3 products (AzureAD, Intune, Defender) you would need Microsoft 365 Business Premium
or for the advanced version (P2 for AzureAD and Defender) Microsoft 365 E5
We can create a test tenant for your company with max. 20 users and a duration of 90 days. If needed please contact us.
Write to us,
you can expect an answer on the same or next working day.
Get together and talk
We would be happy for you to pick a time (right here
) and arrange a free online meeting with us via Microsoft Teams. For example, we can discuss how you can optimise your M365
licenses and reduce costs.
We are here to help you with any questions you may have about Microsoft 365 and Azure. You can count on our support at fair prices in the range of 70-90 EUR per hour. We can use your ticket system or our support Jira ServiceDesk
, see sample ticket
You will be supported by security experts who continuously update their Microsoft skills and prove them with manufacturer certificates. This is a MUST for us to keep customer support at the highest level and up to date with the latest technology.