Choose a device management solution

Microsoft offers different solutions for managing PCs, servers, and devices. These solutions are available on-premises, cloud-based, or a combination of both. Choose the solution that's right for the business requirements of your organization. Base your decision on the device platforms you need to manage and the management functionality you need.

Overview

There are several Microsoft solutions that might work best for you in different scenarios. You don't need to choose just one.

  • For a small organization, a tool like the Windows administration center may be a great fit.
  • Approximately 75% of IT organizations use Configuration Manager to manage their devices.
  • Microsoft Azure provides various solutions from the cloud or on-premises with Azure Arc and Azure Stack that primarily target server management.
  • Microsoft Intune provides cloud management of clients.
  • You can combine Configuration Manager and Intune with co-management.
  • You can use Security Management for Microsoft Defender for Endpoint (MDE) to manage security settings for devices utilizing Microsoft Defender for Endpoint.

Use the following table to help compare these management technologies:

Cloud-only Cloud-attached On-premises Disconnected
Hyper-V host Not applicable - Azure Stack
- Windows Admin Center
- Security Management for MDE
- Virtual Machine Manager
- Azure Stack
- Windows Admin Center
- Virtual Machine Manager
- Azure Stack
- Windows Admin Center
- Virtual Machine Manager
Windows Server - Azure Arc
- Configuration Manager
- Security Management for MDE
- Azure Arc
- Configuration Manager
- Security Management for MDE
- Azure Arc
- Configuration Manager
Configuration Manager
Linux Server Azure Arc Azure Arc Azure Arc
Windows 10/11 - Intune
- Configuration Manager
- Security Management for MDE
- Intune
- Configuration Manager
- Security Management for MDE
- Intune
- Configuration Manager
- Security Management for MDE
Configuration Manager
Windows 7 or 8.1 Configuration Manager Configuration Manager Configuration Manager Configuration Manager
Azure Virtual Desktop Configuration Manager Not applicable Not applicable Not applicable

For more information, see the following articles:

For more information on the Configuration Manager and Intune solutions, continue to the next section.

Client management

This section compares the following four client management solutions:

You can use these solutions by themselves or in combination with each other. For example, use the client-based management approach to manage the computers and servers in your organization, and also use co-management to manage internet-based laptops. By combining approaches this way, you can cover all of your device management needs.

There are also two tables that compare the management solutions by the following factors:

Configuration Manager client

This option requires installation of the Configuration Manager client on devices. It provides the most features for managing PCs, servers, and other devices in your environment.

For more information, see Client installation methods.

Security Management for Microsoft Defender for Endpoint

This options requires utilizing Microsoft Defender for Endpoint on your devices and is intended to provide security management capability in circumstances where Microsoft Intune or Microsoft Configuration Manager are not present. This uses the Microsoft Defender for Endpoint client to communicate directly with Intune and apply security management policy.

For more information, see Security Management for Microsoft Defender for Endpoint (MDE).

Co-management with Microsoft Intune

Co-management is one of the primary ways to attach your existing Configuration Manager deployment to the Microsoft 365 cloud. It enables you to concurrently manage Windows devices by using both Configuration Manager and Microsoft Intune. Co-management lets you cloud-attach your existing investment in Configuration Manager by adding new functionality.

For more information, see What is co-management?.

Microsoft Exchange

This option uses the Exchange Server connector to connect multiple Exchange servers to Configuration Manager. It centralizes management of devices that can connect to Exchange ActiveSync. You can configure Exchange mobile device management features from the Configuration Manager console. Example features include remote device wipe and the settings control for multiple Exchange servers.

For more information, see Manage mobile devices with Configuration Manager and Exchange.

Compare solutions by supported platforms

Platform Configuration Manager client On-premises MDM Configuration Manager with Exchange Intune
Android Yes Yes
iOS Yes Yes
macOS X Yes Yes Yes
Windows 10/11 Yes Yes Yes Yes
Windows 10 Mobile Yes Yes Yes
Windows (previous versions) Yes Yes
Windows Server Yes Yes
Windows Embedded Yes

For a complete list of supported platforms, see the following articles:

Microsoft recommends using Intune to manage Android, iOS, and Windows 10/11 mobile devices. For more information, see What is Microsoft Intune?.

Compare solutions by management functionality

Management functionality Configuration Manager client On-premises MDM Configuration Manager with Exchange
Certificate-based mutual authentication Yes Yes
Client installation Yes
Support over the internet Yes
Discovery Yes Yes
Hardware inventory Yes Yes Yes
Software inventory Yes Yes
Settings Yes Yes Yes
Software deployment Yes Yes
Software update management Yes
OS deployment Yes
Block from Configuration Manager Yes Yes
Quarantine and block from Exchange Server (and Configuration Manager) Yes
Remote wipe Yes Yes