Before going into the comparison of these two modes, I need to clarify a couple of terms.
Device: Any multi-purpose computer used by a user to run apps or applications and access data. This includes handheld devices like smart-phones as well as tablets, desktops, laptops, and even servers. Ultimately, who cares if the device is mobile, fixed, or in the cloud — they all still need to be managed.
Intune Deployment: Intune is a cloud based-service and nothing needs to be manually deployed to use it. You simply request a tenant to be created for you and it magically appears in the Microsoft cloud ready for your use. Integration with Microsoft System Center Configuration Manager (ConfigMgr1) involves one additional step of setting up a connector but no additional infrastructure is required for this necessarily.
The below table summarizes the capabilities (and limitations) of Intune in stand-alone mode or Intune combined with ConfigMgr. Not listed in the table are the great features that Microsoft added to Intune in November and December of last year (2014) or February of this year (2015). These newly added features, for the time being, are exclusive to Intune stand-alone. They will eventually make their way to ConfigMgr (although *probably* not until the next version due out around the time that Windows 10 is released).
Both solutions have their place in the Microsoft device management ecosystem, but without knowing these differences, it can be difficult to choose between the two. Note that this is a bit of a moving target so things will change. Microsoft is committed to providing both solutions though and sees a place for both so neither is a dead-end thus use the following table as a first-step guide for comparing Intune stand-alone to hybrid.
So which do I recommend? Generally, I recommend hybrid because of the robust, on premises Windows management capabilities that come with it. This does come at the cost of complexity and additional administrative overhead though. If you’re a smaller organization and/or don’t need the robust capabilities covered by ConfigMgr and/or want the (currently) better mobile device capabilities of stand-alone Intune, then stand-alone Intune is a great choice.
|Unified administration with ConfigMgr||No||Yes|
|Supported Devices||iOS 6.0+, Android 4.0+, Windows Workstations, Windows RT, Windows Phone 8.0+||iOS 6.0+, Android 4.0+, Windows Workstations and Servers, Windows RT, Windows Phone 8.0+, Linux Servers, Mac OSX2|
|Maximum managed device count||50,000 with mobile devices only, 7,000 with mixed mobile devices and PCs (using the Intune client agent)||50,000 with a shared ConfigMgr primary site, 100,000 with a dedicated ConfigMgr primary site|
|On-premises infrastructure required||No||Yes|
|Extensible and customizable (inventory, reporting, third-party)||No||Yes|
|Simple web Console accessible from anywhere||Yes||No|
|Requires client connectivity to the Internet||Yes||No|
|Integrated Operating System Deployment3||No||Yes|
|Retire and wipe devices||Yes||Yes|
|Full-featured app deployment||Yes (for mobile devices), kind of (for Windows devices)4||Yes|
|Software Updates5||Yes (for Windows devices)||Yes (for Windows devices)|
|Endpoint Protection||Yes (for Windows devices)||Yes (for Windows devices)|
|App-V Integration||No||Yes (for Windows devices)|
|Software Metering||No||Yes (for Windows devices)|
|Rapid updates to features and capabilities with no upgrades required||Yes||In ConfigMgr 2012 R2, kind of (via Intune extensions)6|
1 Yes, ConfigMgr and not SCCM or SCCM.
2 Please do not call this OS “ecks”, it is OS “10”. It is a Roman numeral, not some weird reference to the X-Men. Apple’s previous Macintosh OS was named … OS9. And the one before that was … surprise … OS8 … and so on. Thus, don’t be a heathen and call it OS “ecks”.
3 Operating System Deployment can be naively thought of as “OS imaging”. It is ultimately so much more than simply deploying an image though. Don’t be naïve: stop calling it “imaging”.
4 While application deployment is certainly supported and works in stand-alone Intune, it is a simple fire-and-forget method at best without any ability to use scripts or perform any complex processing.
5 Software Updates is sometimes referred to as “patching”. Patching sounds like a word uttered by a caveman though so I prefer Software Updates.
6 Feature set parity as well as the ability to rapidly add capabilities is expected in the next version of ConfigMgr.