Patching is a huge concern within IT environments since the attacks on unpatched vulnerabilities make up 95% of all cyberattacks. IT teams want to ensure that the IT management tools they choose are capable of delivering reliable patch management.
Microsoft has a family of products called the Intune product family. Its focus is on endpoint management in the cloud (whereas Microsoft Configuration Manager is used for on-prem management). Intune is Microsoft’s MDM and modern management solution.
Does Microsoft Intune have patch management?
Microsoft Intune does have patch management capabilities. But to help you better understand the product, let’s break down other Microsoft patch management products, like WSUS and Microsoft Endpoint Manager, so you can understand where Intune fits into all this.
What is WSUS
WSUS, which stands for Windows Server Update Services, is a free default role that enables you to distribute and deploy patches using push-style patching. It can be used on the cloud with Microsoft Azure.
What is SCCM
SCCM, short for System Center Configuration Manager (and now part of Microsoft Endpoint Manager), is an endpoint management tool for on-prem management of devices. It can also be cloud-hosted through Microsoft Azure, but it is not used for patch management of endpoints. WSUS fills that responsibility.
What is Intune
Microsoft Intune is an endpoint management tool that works in the cloud and was designed for endpoint bring-your-own-device (BYOD) and mobile device management (MDM). In a roundabout way, it provides patch management using policies and configurations. Unlike WSUS, it operates through the cloud and doesn’t require an on-prem infrastructure, and it does not offer any direct form of patching. It also differs from SCCM because it is designed for mobile devices, not other endpoint devices.
The product enables you to configure an endpoint, whether it’s a server or mobile device, and essentially give it directions on how to update itself. This is accomplished using Windows Update for Business. Instead of keeping track of individual updates, you would just configure update settings on devices and assign update policy assignments to software. The product does not, however, give you granular control over patching. It would need to be integrated with WSUS and SCCM in order for robust patch management to happen.
Additionally, Intune focuses a lot on device enrollment and further user management and control of each device. Though this isn’t related to patching, it is another way to ensure the safety and security of endpoint devices.
Who should use Microsoft Intune’s Patch Management?
Businesses with an IT environment made up of entirely Microsoft Windows devices can benefit from the use of Intune for continual updates of their mobile devices through the cloud. Additionally, if you’re already using Microsoft tools to monitor and maintain your devices, your organization may find it to be less of a hassle to tack on an additional Microsoft product than finding and implementing a new MDM tool.
Advantages of Intune patch management:
- Updates BYODs and mobile devices
- Can set predefined policies for device updates
- Active user management and control of off-prem devices
However, it should be noted that the functionality of Intune’s patch management is fairly limited. Intune was designed for the management of remote mobile devices, so it doesn’t serve other types of endpoints as well as it potentially could. With no direct control over how patches or updates are deployed and applied, there’s a lot that’s left up to the configurations that were initially set up, and since the devices are mobile, the ability to have control over patches is crucial.
Disadvantages of Intune patch management:
- Lacks granular control for patching
- Focus on remote devices leaves more wanted for general endpoint management
Compare Intune to NinjaOne Patch Management
Compared to Intune, NinjaOne Patch Management is more hands-on with granular control of the patches in your IT environment. Intune is much less robust than NinjaOne when it comes to patching overall. For a more in-depth comparison, check out NinjaOne vs Intune.
Patch management with NinjaOne also serves a different purpose than patch management with Intune. NinjaOne focuses more on the actual identification and remediation of endpoint vulnerabilities, while Intune focuses on keeping mobile device systems up-to-date.
Major differences that stand out about NinjaOne’s patch management are that it:
- Identifies patches for you
- Lets you decide what you do and do not want to patch in a more direct manner
- Reports out on patching outcomes
- Gives you more direct control
Intune would be more comparable to another MDM product. If you want to compare more robust patch management tools, NinjaOne vs WSUS would be a much closer comparison.
Get started with NinjaOne patch management
Patch management is critical when it comes to protecting your IT environment from external cyber threats. Learn more in our patch management overview, and find out why it’s such a necessary process and component.
NinjaOne’s patch management solution helps you mitigate risk and harden your endpoints. With features like patch automation, patch reporting, remediation tools, and more, you can ensure that you’ve taken the necessary precautions against cyber threats. See for yourself how much smoother patch management can be with NinjaOne, and sign up for a free trial.
