Choose between Basic Mobility Security and Intune

Microsoft Intune is a standalone product included with certain Microsoft 365 plans, while Basic Mobility & Security is part of the Microsoft 365 plans. Both are included in a variety of plans, described in the following table.

Plan

Basic Mobility & Security

Microsoft Intune

Microsoft 365 Apps

Microsoft 365 Business Basic

Microsoft 365 Business Standard

Office 365 E1

Office 365 E3

Office 365 E5

Microsoft 365 Business Premium

Microsoft 365 Firstline 3

Microsoft 365 Enterprise E3

Microsoft 365 Enterprise E5

Microsoft 365 Education A1

Microsoft 365 Education A3

Microsoft 365 Education A5

Microsoft Intune

Enterprise Mobility & Security E3

Enterprise Mobility & Security E5

Note: You can't begin using Basic Mobility & Security if you're already using Microsoft Intune.

Differences in capabilities

Microsoft Intune and built-in Basic Mobility & Security both give you the ability to manage mobile devices in your organization. But there are key differences in capability, described in the following table.

Note: You can manage users and their mobile devices using both Intune and Basic Mobility & Security in the same Microsoft 365 Business Standard organization by setting up Basic Mobility & Security first, and then adding Microsoft Intune. This allows you to choose whether you manage a user’s devices with Basic Mobility & Security or the more feature-rich Intune solution. In the mode, the license assignment determines which service the device is enrolled with. Assign an Intune license to enable the Intune-only features.

Feature area

Feature highlights

Basic Mobility & Security

Microsoft Intune

Device types

Different OS platforms and major management mode variants.

  • Windows 10

  • iOS

  • Android

  • Android Samsung KNOX

  • Windows 10

  • iOS

  • Android

  • Android Samsung KNOX

  • Android Enterprise

  • mac OS

  • iPad OS

Device compliance

Set and manage security policies, like device level PIN lock and jailbreak detection.

Limitations on Android 9+ devices. See details.

Conditional access based on device compliance

Prevent noncompliant devices from accessing corporate email and data from the cloud.

  • Not supported on Windows 10.

  • Limited to controlling access to Exchange Online, Sharepoint Online and Outlook services.

Requires Azure AD Premium 1

Device configuration

Configure device settings (e.g. disabling the camera).

Limited set of settings. See details.

Remote actions

Send commands to devices over the internet. For example, remove Office data from an employee’s device while leaving personal data in place (Retire).

  • Retire

  • Wipe

  • Delete

Email profiles

Provision a native email profile on the device.

Wifi profiles

Provision a native wifi profile on the device.

VPN profiles

Provision a native VPN profile on the device.

MDM application management

Deploy your internal line-of-business apps and from apps stores to users.

Mobile application protection

Enable your users to securely access corporate information using the Office mobile and line-of-business apps they know, while ensuring security of data by helping to restrict actions like copy, cut, paste, and save as, to only those apps managed approved for corporate data. Works even if the devices are not enrolled to MDM. See Protect app data using MAM policies.

Managed browser

Enable more secure web browsing using the Edge app.

Zero touch enrollment programs

Enroll large numbers of corporate-owned devices, while simplifying user set up.

Expand your Office skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×