Microsoft Intune Reviews

Our main use case for Microsoft Intune is for laptops in remote situations where the client is remote and not where we are locally, as well as when the end user is not at the home office. When they get a new computer, they open it up out of the box and then it connects to the internet and it will automatically set up their username to the brand new computer. It'll download apps, it'll set up security policies, it'll connect, program in the company Wi-Fi, the network settings, mapping drives. This enables automated remote setup and management of the computer.

We provide IT support through a managed service provider (MSP) model, offering both hourly work and contracted managed services. 

Once the initial setup is complete, which involves running PowerShell commands, programming, and testing, the product becomes very user-friendly for end users, particularly for Level 1 tech support staff. After Level 3 network engineers have configured everything, it becomes easy for frontline support personnel to manage the computers effectively. This system allows a Level 1 technician to address various needs without having to remote into the end user's computer. For instance, if a user requires a new printer, the technician can simply deploy the printer driver remotely. If access to certain resources is needed, that can also be pushed out without direct interaction. Additionally, the capability to remotely apply or remove settings is crucial. If a machine is lost or confiscated, technicians can lock it down or even wipe the data remotely. In the event of an operating system failure, they can instruct the computer to reinstall the system from a distance.

In this way, once properly set up, Microsoft Intune significantly alleviates the headaches and hassles faced by Level 1 tech support staff when addressing end user issues. The system is not only designed for setting up computers but also for maintaining them and assisting in troubleshooting. Without Microsoft Intune, it would be extremely challenging, if not impossible, for a large company to send out computers to users and have them set up and ready to use right out of the box in a remote location. If a vendor needs to ship a brand new computer to a user whose previous computer has broken, the process becomes much simpler. The user doesn’t need to be on the phone for setup; the computer connects to Microsoft servers remotely and sets itself up automatically.

Our client has around 300 machines, and initially, their goal was to complete the setup of one or two machines each week. However, after implementing Intune for them, they have been able to set up and install approximately 30 machines per week. This has significantly exceeded their expectations, allowing them to accomplish far more than they initially planned.

The best feature of Microsoft Intune is that since it's working with Microsoft servers and the Microsoft operating system, it's tightly integrated. There's a lot of documentation and resources for training. It's the first step to remote managing a Windows-based laptop or machine that you want to use out of the box. Even if you use a third party, they're still built on Microsoft services.

There are some cases where features of Microsoft Intune have changed, and sometimes it's tricky to find the answer. It's such a mass amount of information that searching for the solution to why something isn't working as expected is sometimes tricky or daunting. That's where the AI searches with ChatGPT and CoPilots come in because those AIs are helping us search a vast amount of data all at once. We can type in our question and formulate it to get the steps to the problem, the answer, and then verify it or write a script. We're leveraging AI to search the vast amount of old solutions, new solutions, and potential solutions all at once.

We've been learning Microsoft Intune for a year and a half and have just started to use it.

We haven't used their support. The documentation has been pretty good so far. It has allowed us to meet our clients' needs and deadlines and remotely manage, install their software, remove software, and ensure compliance.

When it comes to the IT department, regardless of individual skill levels, setting up and using these systems requires dedication. It's not something one can merely "hack" their way through; you need to start from the basics and understand the complexities involved. This isn't necessarily Microsoft's fault; rather, it's a reflection of the intricate problems and challenges that Intune addresses.

Intune is designed to handle complex issues, and Microsoft has made it as user-friendly as possible given the many options and components involved. It interacts with various parts of the computer, including group policies, on-premises servers, hybrid systems, and cloud-based solutions like Azure. With such a wide range of capabilities, it's not something you can simply learn by watching a single YouTube video. To effectively use Intune, you need to read and study the material. In summary, it requires a highly skilled individual to properly implement and manage this technology.

The deployment model is what's called a hybrid join with Microsoft Intune. The client has an on-premise server and an off-premise Azure cloud server. Because some of their software is still local and the way they have their network set up, we have to do it as a hybrid, which is one of the more complicated ways to do it, but we've been able to get it done. That's considered a temporary solution by Microsoft. Once you get it all working, there are some changes that you make where it's no longer hybrid.

We've just started taking a look at CoPilot in Microsoft Intune. We use a combination of ChatGPT and CoPilot to get answers and help write scripts quicker or to search for problems quicker. 

I would recommend Microsoft Intune to others because it's the industry standard for doing what it does. There's not really another option.

I would rate Microsoft Intune an eight out of ten.

We are using Intune for managing endpoint devices with zero-trust principles. The devices are not domain-connected because most people work from home. We do not trust these computers, so we use Intune to deploy and enforce policies related to updates, software installation, and management of admin users.

When we are using Microsoft products on mobile devices, we are using Intune to enforce policies on them.

Our usage is very simple. We are using Intune to manage devices that we do not trust. We are using Windows 365, and we install all applications only on these virtual PCs in the cloud. We do not have anything on endpoint devices. Not even a simple document can be downloaded there. We just have an access point to Windows 365 machines in the cloud. We are a financial company. There are not too many enterprise applications that we can use. We prefer to use zero trust. This means no there is no data on company devices at all. It is only on the cloud machines. It is easier to control one perimeter than 10,000 or 20,000 machines. We can reduce the attack surface in this way.

Intune increases the productivity of our IT team. 

There is a reduced cost of ownership and management. We do not need a lot of additional training. Administrators can share roles because its interface is similar to other Microsoft solutions. With one or two days of training, administrators can start working with it. There are a lot of Windows specialists in the market.

We work completely in a Microsoft environment. Its interface is similar to other Microsoft solutions that we are using such as Microsoft Defender. So far, for our administrators, it is easy to use. 

At the moment, we need more flexibility. We have some offices migrating to Windows 11 remotely. Sometimes, it is difficult to manage image installation because we have to collect some information before starting image deployment. Currently, Intune cannot collect the information needed for deploying new images.

We have been using Microsoft Intune for three years. I also used it for two years in my previous work.

Intune is a stable product with no significant issues. We have standardized hardware. We do not have a wide variety of endpoints.

Intune is quite scalable. We started with 3,000 machines, and we now manage 15,000 machines. Our endpoints will probably grow.

I have not interacted with Microsoft technical support personally, but I was satisfied with their support in my previous company.

Positive

I have not used any other solution in my current company.

We are using the public cloud for access, but everything is closed. There is no public access to infrastructure. Access is only through the cloud. There is no VPN or any other way.

I was involved in the security assessment in the beginning. The initial setup was quite easy because we did not look for very complicated functions. We did face some issues with the multi-user mode but resolved them. It took us about a month.

It requires maintenance. You have to review regular policies and adjust policies when something changes in the environment or you deploy new applications. Its maintenance is mostly done in-house. Only in a very complicated situation, we involve a third-party consultant.

We performed the deployment with the assistance of a third-party consulting company, not resellers. Three engineers from our team were involved.

Cost is not my department, but the product is included in the E5 license that we already pay for every user, so no additional cost is incurred.

We have not evaluated other options because Microsoft Intune is included in our E5 licensing. I would prefer to use the VMware solution, but that is not possible because Intune is included with our existing license. Buying any other solution will result in additional costs.

I recommend doing thorough homework and testing everything in a test environment. After ensuring that everything works fine, proceed with the final deployment.

It is not the best solution. It requires a bit more effort in management, but it works. It is not so flexible, but considering it is free for us, it is okay.

We are doing experiments with Copilot to see how we can use it. For some users, it is deployed, and we will be testing it actively. We are mainly using it to make emails, presentations, and documents better for the end users who will read them. We are an international company, and English is not the primary language for 99% of people. Copilot makes the documents more readable. We have not yet tested Copilot in Intune for security functions. We have SIEM and other security tools for insights. At the moment, we do not have a big need to start experimenting with Copilot in Intune. After we finish with the end-user use cases, we can switch focus on daily operations for IT teams.

Intune has not helped us consolidate vendors because we do the installation on the cloud. On endpoints, we have nothing.

I would rate Intune a seven out of ten because it is not so flexible.

With Microsoft Intune, I can leverage all platforms including Mac, Linux, Android, and Windows, especially Windows and Android. Our organization uses the Windows environment and Android applications on Android operating systems, so Microsoft Intune is ideal for us.

I have experience with Jamf Pro and Microsoft Intune. Both Jamf and Microsoft Intune are separate products. When comparing Microsoft Intune to Jamf, Microsoft Intune is superior. Jamf is only for the Mac environment, however, with Microsoft Intune, I can leverage all platforms including Mac, Linux, Android, and Windows.

Sometimes as per our expectations as an IT person and decision-maker, I want to implement certain policies and spread them to all devices enrolled in Microsoft Intune. However, implementing some policies is not possible. For example, with BYOD enrollment, I install the Microsoft Intune application and enroll the machine. Once completed, I attempt to implement the BitLocker policy. Currently, BitLocker does not support BYOD enrollment, which is a product limitation.

We face multiple scenarios where IT decision-makers request specific policy implementations, however, due to product limitations, we cannot fulfill these requests. The limitation primarily affects BYOD enrollment and personally owned devices. While it works well with corporate devices, we cannot enforce multiple policies on BYOD and personal devices.

As per the customer perspective, some changes are needed as product limitations can be restrictive.

For example, with Teams, I am currently using the application in my company for communication. One of my clients in Europe uses Google Workspace, not Teams. When sending meeting links between platforms, synchronization issues occur. If they use Google Workspace and G-meet, they cannot open Teams meeting links directly. They need to open it in a separate browser or install additional software. Better integration between these platforms would be beneficial.

I have been using Microsoft Intune for the last two years.

Overall, the stability is good, although I occasionally face challenges. During those times, I raise a concern ticket with a Microsoft representative, and someone from the team helps resolve the issue.

Support overall is good. 

Sometimes we want extra features and capabilities. When I raise a ticket regarding these requests, someone from the team informs me that it is a product limitation and we must wait for potential backend changes to enable such functionality.

Positive

I am already working with both Jamf Pro and Microsoft Intune. In Microsoft Intune, both Jamf and Intune are separate products. When comparing Microsoft Intune to Jamf, Microsoft Intune is superior. Jamf is only for the Mac environment.

The setup is straightforward. From the portal itself, if I purchase the licenses from the partner, I will inform my partner who will raise it for me. If I purchase from Microsoft directly via credit or debit card, I can raise the ticket from the Microsoft Intune portal.

The pricing is more costly compared to existing players in the market.

I would rate Microsoft Intune an eight out of ten. 

I have concerns regarding Microsoft Intune. It needs to reshape features. In Office 365, I also have concerns that need to be addressed. 

Our main use case for Microsoft Intune is patching. We use Microsoft Intune for patching, specifically Windows patching.

The user experience of Microsoft Intune is quite good because there's not much disturbance in the background; it's just running in the background.

The most valuable features of Microsoft Intune include remote updates. The update runs in the background, so there's no need in most cases to go on-site to do it.

Based on my experience and my team's feedback, one thing that could be better in Microsoft Intune is the file size, as it is quite large at times. Sometimes the file size is too large. The space taken on some hard disks may be too large for the patches that run on them, as we're limiting all these local storage to encourage our users to store on OneDrive rather than on local drives.

For additional functionality, I suggest that Microsoft could expand on asset management. Since the platform is there, they could develop it into a full-fledged asset management system.

I've been working with Microsoft Intune for around a year.

It's stable. I would rate the stability of Microsoft Intune a nine out of ten.

Technical support from Microsoft is quite good, especially because we subscribe to the premium services.

We are currently working with a hybrid deployment model. It's a hybrid because our Active Directory is still on-premises, but other services are online.

As for advanced Endpoint Analytics in the Microsoft Intune Suite, we are still working on it. We only completed the implementation for the basic functions at the end of last year. We are moving in stages.

I'm not sure about the pricing of Microsoft Intune because I didn't buy it. My team members bundled it together with their Microsoft solutions, including Microsoft 365 and related products.

I haven't used different solutions similar to Microsoft Intune or made any comparisons with other products at the moment. In the past, the nearest solution would be BigFix, but you cannot compare it to Microsoft Intune because BigFix was an older system, and you needed more technical knowledge to run it. You needed to know how to do scripting and related tasks.

If they could also make Microsoft Intune a full-fledged asset management system, it would be the best.

I would rate Microsoft Intune an eight out of ten.

We are a Microsoft vendor, not an Intune user. I have deployed Intune for several customers who use this product for business. Our clients use Intune for device management and data security, which gives them control over end-user devices.

Previously, we used a device manager and had a local Active Directory. However, most of our SME customers do not have a local Active Directory set up in their organization that allows them to control their devices. Intune does not require any local AD. It's a cloud application. We can directly join the user devices to the cloud, and the organization manages them. We have enterprise customers and also SMBs, but most of our clients have less than 100 users. 

One of my Indian clients previously had all their devices at the workplace. None of the devices were joined to an Active Directory, so they had to install applications on each device individually. With the help of Intune, we could push the applications to all the portal users simultaneously. 

We have to create a group, assign an application to it, and automatically install it on the user's devices. We also apply the company logo and desktop wallpaper via Intune, which a tech user can change. We can also find the exact location of the devices where the user is sitting.

We also have the option to enroll hybrid devices with Intune. We can enroll users'  devices and separate work and personal data. The devices on the local Active Directory can be joined to Intune. 

Privilege identity management helps. Let's say someone is a company administrator for five to ten days. We can create a dual administrator role for that user for seven days. I can create a PIM role and assign it to the user for seven days, after which the role will be deleted automatically. 

Intune provides routine management of user devices. Once the device is not enrolled in any domain or Active Directory, the IT person must delete every user device to change anything. Intune can work on all those things. That device can be updated and marked as non-compliant. If someone is using Windows 7 or a version of Windows that has been deprecated, we can restrict Windows 7's user ability to log in to the work environment. We can control all this over the admin panel.

If we scale 10 to 50 percent, where new customers manage all their devices. After enrolling all the devices, this work can be done with only one or two people, saving the organization money.

The best part of Intune is device control. If we need to block a user from opening something in their organization's system, we can do it from Intune. If we want to restrict the movement of an organization's data to prevent users from copying the data into Outlook, WhatsApp, or their personal Gmail, we can limit that via Intune. It secures all corporate data.

If they share the data with someone outside the organization, that external person cannot see it until an analyst provides them with access or creates a policy. 

The user experience is good. Users are happy that Intune is managing their work devices. In addition to Windows devices, we can control iOS and other mobile devices. There are good features for managing mobile devices. Work data is stored in different containers, making it easier for users to find their work data. 

In the case of application deployment, we have more services like application updates and patches that can be implemented from the Intune portal. We do not need to outsource these tasks to the device user.

We are currently unable to control aspects of group policy from Teams like we can for GPO. They are still not part of Intune. Microsoft is adding this, but it's currently in preview, and few GPO features have been added to the product. 

I have worked on Intune for the last two years. 

Intune is a stable solution with a lot of capabilities. Most customers who are moving to Intune are also exploring the capabilities of the cloud. 

I rate Intune seven out of 10 for scalability.

I rate Microsoft support eight out of 10. Microsoft is good, but Intune support is delayed compared to other products. If I make a support ticket on the Intune portal, I get a reply after one or two days. For Exchange or SharePoint, I get a response after an hour, but Intune takes a minimum of a day. 

Positive

One product we can compare Intune with is Jamf Pro. Intune has limitations when managing Mac devices. You can enforce fewer policies because Apple has its own hardware and software. There are lots of limitations of control. Most of my clients use Intune for Windows and Android devices, but Jamf Pro if they have Mac devices.

Deploying Intune is a little complex but not too complicated. At the time of deployment, there is much work to do to join a device to Intune. We have to create a new Windows profile and make users log into the enabled Windows profile. We need to configure all the Office applications and copy users from one to another. It takes 30 to 40 minutes on a single device. 

Intune requires some maintenance, but the customer performs the maintenance once we implement it. We support the customers with issues while they are enrolling the device.

I rate Intune five out of 10 for pricing. It's expensive. 

I rate Intune 10 out of 10. I recommend Intune to every organization that wants to secure user data and control endpoint devices. It can manage other platforms on the market. Google has device management software, but it doesn't have the same scope as Intune. 

It's cost-efficient and cheaper than the other device management and third-party applications available. Intune can control most things, especially Windows devices. Intune has the best compatibility with Microsoft Windows.

The main use cases for Microsoft Intune are to manage all types of devices, especially Windows.

The selling points for Microsoft Intune are very good. You don't have to enroll the devices, however, you can still push an app through some policy and with a few restrictions. If you want to push one single app to end-user devices, once you push it, you can also push it along with the security that they cannot copy your data or misuse it. This is one of the key benefits.

Microsoft Intune can be used with co-management. There are clients who don't fully want to go with Microsoft Intune as they are already spending with SCCM or other platforms. They want to partially transition into Microsoft Intune, then later fully transition into it. That's when the co-management works, and that feature is available in Microsoft Intune.

The user experience of Microsoft Intune is good. It's a very old tool, and many engineers are available in the market. There are multiple knowledge articles and videos about this tool. The user experience is good since users understand their path and how to proceed. If users understand that, it's easy for them. In that way, it deserves ten out of ten as users know how to work on this tool.

Everything has remained the same in terms of Enterprise Application Management in Microsoft Intune. App discovery still requires user initiation for installation, whereas auto-installations occur silently and remain on the device screen.

The PKI tool is cloud-based, and they are doing excellent work. In terms of complexity, they reduce the task. You cannot keep giving certificates to all the devices one by one, and the PKI tool handles that. They provide the certificate and stamp on it for the device seamlessly, so you never know the device is secured with this type of certificate.

The granular support for other device types in Microsoft Intune could be improved. Microsoft Intune works well with Windows, however, we are not as well-suited for Mac devices. If you're looking to support Mac, consider other products such as AirWatch or Jamf. MobileIron is not that effective. That said, Jamf is good for Mac. Microsoft Intune offers numerous features for Windows, allowing for substantial customization; however, for Mac, it lacks this capability.

In the next releases of Microsoft Intune, a feature to renew the certificate automatically would be beneficial. Currently, for Wi-Fi certificates, we need to do it manually, which can cause most devices to disconnect and reconnect, resulting in big issues for clients facing connectivity problems. The renewal should happen automatically, and that is something they need to work on.

I have been working with Microsoft Intune for approximately five to six years.

Microsoft Tech Support is good, providing solid support. That said, it often depends on the representative. There are levels of support; level two and level three offer great assistance, while level one primarily collects data and doesn't provide as great of support.

The deployment is okay. It depends, from client to client. It's not like every console needs some time for deployment. So for example, if you're already on the on-prem margin of Intune, then we have a certified vendor who would deploy in the initial phase. I'm talking about initial deployment, where you configure Intune, you log in to a new Intune, and then you add users, and then you add the devices and things like that. So the initial deployment for that, we have certified vendors. Even our company is a certified company that does this deployment. We have certain tools for direct migration. However, if you're trying to deploy from a different console, like AirWatch or a mobile app or things like that, it may take maybe three months, for example. We need to be ready with all the profiles. We need to be ready with all the products. We need to be ready with all the app deployments. We need to be ready with multiple things. That way, once the device is enrolled, it gets what it needs. It gets the certificate. It gets the apps, and the user experience is seamless. 

Obviously, it needs some time. We have worked on two clients and it takes three months minimum.

The cost-effectiveness of Microsoft Intune is about 90%. Most clients, specifically with Windows devices, adopt it, so it's effective. The licensing model has advantages, as they bundle services such as Azure AD with Office 365, which many clients find valuable, leading to Microsoft Intune's dominance in the industry.

The pricing for Microsoft Intune has different types of packages. Currently, if you go with all the packages, the mid-variant of the top-level package such as E3 or E5 offers benefits such as AD and Azure AD. If you require all these tools, it could be cheaper, however, if you do not need certain tools and still want Microsoft Intune, it is not that cheap. It can be quite expensive. 

Additionally, if you are already on one cloud-based platform and moving to Microsoft Intune, the transaction will also involve some costs since deployment is necessary. 

Cost-wise, it varies from project to project. If the client wants to move, they may need to go for the E5 license; the difference between E3 and E5 is not significant. If your organization has a large number of Windows devices, Microsoft Intune is a valuable tool. But for Mac users, Jamf would be recommended.

If you're looking to support Mac, you need to look at other products such as AirWatch or Jamf. MobileIron is not that effective; however, Jamf is good for Mac.

Copilot in Microsoft Intune is a new tool used for answering questions, similar to ChatGPT or Gemini. There are two types of Copilot; even in Workspace ONE, there are similar tools. The licensed version is not used as it comes with a price, and our client doesn't want to go with that. The basic level of Copilot is given, which can answer a few questions, however, it is still under the learning phase. If I ask a question, it sometimes gives an exact answer, yet at other times, it suggests going somewhere else to find it, and there is no button available there. In the paid version, it can perform simple tasks such as pushing or adding devices to a group, however, it wouldn't truly help with the current level of AI. We may need more complex AI for this type of console.

On a scale of one to ten, I rate Microsoft Intune a nine.

It is being used for device management. We have a couple of clients using it at the moment. They have Windows, Android, and iPhone devices that are managed by it. We have another client with only three devices, but they are Windows SE devices with the cut-down version of Windows.

They are using the latest version because it is always kept up to date online.

Microsoft Intune pretty much brings all of our endpoint and security management tools into one place. I cannot think of the ones where it does not do what we need. Apple Mac management could be better. It makes IT and security operations much easier and much more convenient.

We use the Enterprise Application Management features of Intune Suite. That is what the data manager is set to. These features are good. So far, we have had no problems with that.

Implementing applications is easier than MaaS360. There are definitely time savings. It is a lot smoother and a lot more well-integrated with Azure AD, etc.

The integration with Microsoft 365 and Microsoft Security for both cloud and co-managed devices is very important. That is the key thing for us. Almost all of the clients have Microsoft Office 365. We have only two clients who use Google G Suite, so this whole integration is very important.

It has helped us consolidate vendors.

Its benefits can be realized within a couple of weeks. It is very good because it works. Conditional access and compliance work from anywhere, so it is very good.

For our clients, the conditional access feature along with different compliance policies that they can set is valuable.

All the remote tools you can use on the mobile are also valuable. Features such as passcode reset for the device lock are helpful, so you can set a code and get people back into the device.

The Apple Mac management is a bit basic. The mobile management is good for iPhone and iPad, but the Apple Mac management needs improvement. That is probably because Microsoft does not have low-level access to Apple Mac hardware. If you are doing basic things, it is okay, but if you want to image Apple Macs and do things like that, then Jamf is much better.

Their support needs to be improved.

I have been using this solution for about eight years.

It is stable.

It is definitely scalable.

Their support is absolutely useless. They used to be good, but now, there are separate departments. We had an issue with conditional access where the client did not like the fact that single sign-on was working and automatically logging them into everything. They found it to be a security issue. It was not a good thing. We were trying to disable that, but then conditional access would not work. Their support could not figure it out. They would say that it is Entra and then they would say that it is Intune. I found out what it was. It was a token that was coming from a single sign-on.

Negative

We use Jamf. We are still using IBM MaaS360 for some of the clients, but it is getting phased out for Intune.

MaaS360 does not integrate with all Microsoft products as well as Intune for obvious reasons. A lot of our clients want Intune for data protection, conditional access, etc. It is more about protecting their data and making sure that the devices are compliant and meeting certain policies. 

The user experience of Intune is good. It is a lot less clunkier than MaaS360. We do most of the setup, so the users are not really affected by it.

Jamf is mainly for Apple Mac management. Intune is mainly for Windows management and mobile management. Intune does not have the same level of integration with Apple Mac, so you cannot image them properly. It supports very basic imaging. Jamf is a much better tool for managing Apple Mac.

You have to use Azure because it is a part of the Microsoft environment.

I am the lead engineer involved in setting it up and configuring all the policies. It is straightforward.

From a maintenance point of view, there is no maintenance you have to do because Microsoft does it all in the cloud. You might need to tweak a few things on an app after you send it out, but those are general tweaks to make things run better. You do not have to put updates on or do things like that.

We do not use any external help. We just use Microsoft documentation.

We work in the charity sector, so a lot of our clients get Microsoft Premium licenses or Business Premium for free. They get ten licenses free, and a lot of our clients do not have more than ten staff members. They are getting the tool for free, so its cost is not an issue.

We did not evaluate other solutions.

It is good. If your clients want to protect their data and they are using Microsoft tools, then Microsoft Intune is definitely the one that they should be using.

We are not using it to its fullest. There is a lot more we could do. I work for an MSP, so we are bound by what the client wants to do. If the client does not want to advance anything, we will not advance it.

In terms of IT productivity, it does not benefit us directly because we are an MSP, but it is a lot easier to use than MaaS360 and other ones we have tried. Similarly, it does not save us costs because we are an MSP. We charge people to implement a solution, and that is it. If we are paid to manage it, we obviously try to manage it, but it does not save us any money.

It does not affect our security because we do not use it ourselves. We just install it for other people.

Overall, I would rate Microsoft Intune an eight out of ten.

Previously, when dealing with COVID-related issues, we had to bring laptops to the office network to resolve problems physically. However, with the introduction of Intune and autopilot, we can now build and manage machines remotely. Intune allows us to upload our operating system and create a tenant, enabling users to enroll and build machines anywhere with an internet connection. This eliminates the need for physical device management and reduces downtime. Additionally, Intune simplifies application management by providing a centralized platform for accessing and deploying applications without requiring multiple servers. Overall, Intune offers significant improvements in device management, flexibility, and efficiency compared to traditional methods.

Currently, we operate Intuneas as a hybrid model. While devices are enrolled in cloud-based Intune, updates are still being deployed from our on-premises SCCM. A complete migration to the cloud will take time, especially for larger organizations with tens or even hundreds of thousands of machines. This transition is hindered by legacy applications that are incompatible with Intune. To facilitate a smooth migration, Microsoft must either enable the use of these legacy applications within Intune or provide equivalent cloud-based alternatives.

Historically, application management involved installing software on users' machines. However, many organizations now utilize software-as-a-service models that are accessible through web portals like Intune. We also employ App-V to virtualize legacy applications, allowing access to any physical or virtual machine. Our current methods include direct endpoint installation, SCCM deployment, and App-V server hosting applications. We introduced App-V as a virtual application platform to address challenges like developer environment inconsistencies and license costs. By centralizing applications and implementing a first-come, first-served licensing model, App-V reduces costs, improves accessibility, and simplifies management.

Intune consolidates our endpoint and security management tools into a single, user-friendly platform. It seamlessly integrates existing on-premises policies, allowing for easy creation or upload. Organizations migrating to Intune or replacing on-premises Active Directory can effortlessly establish new policies. Unlike the complexities of on-premises management, Intune simplifies policy creation and implementation through a click-based interface, eliminating registry changes. Additionally, Intune's cloud-based architecture ensures consistent policy application across devices, avoiding the delays and potential bandwidth issues associated with on-premises servers. Microsoft's robust infrastructure provides reliable performance, making Intune an efficient and effective solution for managing endpoints and security.

Intune users appreciate its flexibility compared to traditional on-premises Active Directory systems. For instance, with on-premises AD, policy implementation requires the user to be physically present in the office. In contrast, Intune enables remote policy management, as demonstrated by the scenario where a user's account is locked on an Intune-managed laptop. Even if the user cannot log in to the device, unlocking the account in Azure AD automatically unlocks it on the laptop, regardless of location. This significantly improved over previous methods involving complex workarounds like sharing local profile passwords. Intune's integration with Azure AD simplifies account management and provides seamless access for remote users.

We manage multiple users who use Azure AD and Azure VDI machines but often prefer using the VDI machines over their laptops. To address this, we proactively contact users whose laptops haven't reported to Intune in 20-30 days, informing them of potential removal and providing additional notifications through tools like Nexting or SysTrack. We also send emails to users whose assigned machines are inactive, warning of removal if usage doesn't resume within 30 days. Additionally, we monitor machine downtime, login times, and compliance status while pushing necessary policies and updates. Our organization utilizes a hybrid model combining Intune for machine management and BitLocker encryption with SCCM for software updates due to the ongoing migration from on-premises to cloud-based solutions. While Intune enrollment and management are in place, we anticipate a full transition to Intune in the future.

We are using Intune Suites Cloud PKI to assign certificates to users. Previously, we managed Microsoft certificates on a hosted server. This process was manual. However, Intune now automates certificate management. Once a machine connects to Intune and authenticates, the necessary certificates are pushed without manual intervention. VPN login requires both a user and device certificate for compliance. Intune offers certificate management from both Microsoft and third-party vendors. Due to cost considerations, we are transitioning to a different certificate provider within our organization.

We have implemented Copilot in Microsoft Teams and Zoom to improve meeting efficiency significantly. Copilot automatically generates meeting minutes, including attendee lists, saving valuable time compared to manual creation. Additionally, it provides real-time meeting summaries, allowing latecomers to grasp discussed topics quickly. By automating these tasks, Copilot frees up approximately half an hour per meeting, enabling us to focus on more productive activities.

For IT and security operations, our company has implemented Copilot by hosting all ChatGPT features on-premises. As a financial company, we cannot access external AI tools directly. Therefore, our system interacts with our server rather than the Internet, allowing us to utilize ChatGPT capabilities based on our specific business needs.

Intune has significantly improved our device management process. Previously, we had to physically build machines on-site, requiring users to come to the office. Now, we can remotely push updates and assist users from anywhere, saving them time and eliminating the need for travel. Additionally, Intune's dashboard provides comprehensive insights into our device fleet, including compliance status, update failures, and application installations. This centralized view has increased our efficiency and proactivity in addressing issues compared to our previous reliance on SCCM reports.

When enrolling personally owned devices, Intune applies organizational-level settings. This prevents downloads to local machines when using Office 365 applications or Teams. We can restrict downloads to specific containers that cannot be copied to other folders. Alternatively, we can limit application usage to on-premises or organizational machines. While our current setup allows Office 365 access on handheld devices, downloads and uploads are blocked. Intune offers this level of control, preventing data transfer to or from the device, regardless of whether it's personally owned or a company-issued app.

We are upgrading our privilege management policies to mirror those already existing in our on-premises Active Directory. While we are not making substantive changes, Intune's endpoint privilege management offers significant improvements over our previous approach. By consolidating multiple policies into a few comprehensive ones, we can more effectively restrict user actions based on organizational hierarchy. This streamlined process eliminates the need for extensive group management in Active Directory and saves time overall.

Once implemented, our policies will reduce the attack surface by restricting service access only to users possessing an infrastructure organization certificate, which we have obtained. Additionally, we will enforce IP-level restrictions, preventing access from personal devices or those outside our specified IP ranges. We can implement these restrictions at the IP, device, or certificate level.

Intune has significantly reduced our costs. Previously, we managed multiple servers, but now we rely solely on a CCM server, which will be decommissioned soon. This eliminates the need for on-site server infrastructure, backup systems, dedicated staff, and extensive network support. With Intune, we can host the CCM server in a central location and avoid latency issues associated with multiple servers across different regions. Additionally, expanding to new offices no longer requires building additional data centers. Intune's cloud-based platform allows remote access from any location without needing on-premises infrastructure. As a result, many organizations, especially smaller ones, are adopting cloud-based solutions and eliminating the need for physical servers and laptops. Employees can leverage their own devices to access applications through Intune, further reducing costs and increasing flexibility.

We can primarily manage security posture through Intune. However, due to pricing, we will likely use a third-party solution for device certificates. Interestingly, Microsoft seems to be introducing third-party vendor options within their portal. Ultimately, the security team will evaluate all options, including Intune, considering factors like policies, pros, cons, and pricing before deciding.

Intune Suite's integration with Microsoft 365 and Microsoft Security provides robust capabilities for centrally managing both cloud and co-managed devices. Previously, managing Exchange, Active Directory, and applications required separate teams, but Intune has streamlined this process, enabling efficient management of all mailboxes across devices from a single platform. It's incredibly easy to manage, allowing for remote administration and policy creation. Unlike the previous process of manually creating and testing Group Policy updates, Intune simplifies policy creation and testing with just a few clicks. Additionally, Intune eliminates the challenges of server-based upgrades by providing centralized management and control.

We are currently utilizing multiple security solutions, leading to a complex environment. Due to cost considerations, we are transitioning from Microsoft's device certificate to a solution from a different vendor. Additionally, we are integrating this new solution with Intune and have replaced Jamf to manage our MacBook fleet. This change eliminates Jamf license costs while allowing us to manage Mac devices through Intune centrally. Similar to our previous use of Jamf, we incurred costs in a previous company but have successfully eliminated them by consolidating management within Intune. Furthermore, we are exploring Microsoft's evolving Office 365 licensing options. The latest E5 license offers integrated phone capabilities, replacing the need for separate devices like Cisco or Avaya phones. This consolidation allows users to make domestic and international calls through Microsoft Teams directly.

Previously, we relied on third-party applications like PointSec for mobile device security before Microsoft introduced BitLocker. PointSec required complex management, including console login, authentication, and handshake processes. BitLocker offered a cost-effective solution, initially used independently of Intune. However, Microsoft integrated BitLocker and Active Directory into Intune, simplifying management. While our previous company used an outdated AD environment that was difficult to migrate, Intune's integration with AD FS eliminated these concerns. Intune now allows us to easily manage BitLocker, including remote device wiping, providing enhanced security and control over mobile devices.

We currently aren't building any data centers. Previously, we did, but now we're facing a tenant-related issue. When accessing a US-hosted Azure machine from India, latency is a problem regardless of whether we're using a data center, our own, or Intune. I believe Microsoft could offer a feature to create a nearby tenant, allowing users in India to create one there rather than dealing with multiple tenants, policies, and groups for different regions. For example, if a company with a US-based data center expands to India, they currently need to create a separate Indian tenant to provide machines for Indian employees. Instead, Microsoft could potentially offer a peer-to-peer connectivity solution or similar approach, enabling access to US-based machines from India without requiring additional tenants or administrative overhead. This would simplify management, as administrators wouldn't need to handle separate tenants for each region.

There's a significant discrepancy in Intune pricing between tenants. Previously, my company assigned Canadian machines to Indian users due to a lack of Indian tenant options. This resulted in exorbitant costs compared to the drastically lower pricing for identical configurations in India. Given that Microsoft can determine the user's location based on IP address, they could potentially adjust pricing accordingly. For instance, a Canadian machine accessed from India could be charged a reduced rate similar to locally provisioned machines. This would align pricing with the actual location of use rather than solely relying on the tenant or data center.

Intune's lack of support for legacy applications is hindering rapid migration to Intune or Microsoft platforms. Organizations are reluctant to switch due to Intune's limitations and potential cost implications compared to alternatives like AWS or Google Cloud. While many organizations are using Intune and registering applications, they often rely on other cloud providers for specific services like storage or SQL. Given the extensive use and reliability of platforms like AWS over the past decade, Microsoft should consider offering competitive pricing and comparable services to encourage wider adoption of Intune.

I have been using Microsoft Intune for two and a half years.

I have never experienced any stability issues with Intune. If something occurs, it is resolved in a fraction of a second. I would rate the stability ten out of ten.

I would rate the scalability of Intune nine out of ten. The scalability is dependent on the configuration. To increase usage, we have to pay more.

The technical support is good.

Positive

Previously, we relied on SCCM and on-premises Active Directory, which was challenging due to manual account management and group assignments. Intune has significantly improved this by allowing us to implement policies upon user creation and automatic replication. Active Directory management was often problematic, with group removals due to scripts and inconsistent replication across different locations. Intune's cloud-based nature ensures faster updates and accessibility regardless of location or VPN status. This flexibility benefits both IT staff and end users. Intune's integration with Windows and potential for future enhancements, such as system health monitoring, make it the leading choice over third-party solutions.

Intune deployment is straightforward. Even end users can perform it. All organizational laptops have a built-in operating system. Resetting a laptop returns it to factory settings, automatically installing the enterprise OS, ready for Intune enrollment. The only requirement is internet connectivity. Enrollment is simple: log in to the laptop, press Shift, restart, and the device enters enrollment mode.

Deployment time varies based on the operating system's complexity. At my previous company, we deployed twelve applications within the OS. Currently, I manage the deployment of over forty applications through autopilot. The exact duration depends on the specific OS configuration, including the number of applications and other bundled components. Generally, it can take anywhere from two to three and a half hours to complete the process.

Microsoft's pay-as-you-go pricing model for Intune could benefit from a Google-like approach. While Microsoft charges for actual usage, it lacks discount options. In contrast, Google offers discounts based on usage duration, rewarding customers for extended service utilization. AWS also provides organizational-level discounts, demonstrating alternative pricing strategies. Intune's current focus on cost savings through service adoption is effective, but incorporating usage-based discounts could enhance its competitiveness and attract more customers. While the current pricing is market-competitive, additional discounts could position Intune as a more compelling option.

I would rate Microsoft Intune ten out of ten. Previously, we had to physically go to the office to build machines. Now, we no longer need to build them on-site, as Intune allows us to manage many aspects of devices remotely and easily without a VPN connection. It's truly a SaaS solution.

If someone is interested in using Intune, I would need to assess their enterprise's size, work location, and specific needs to determine if it's suitable. Intune is particularly beneficial for remote workforces and larger organizations due to its ease of management and scalability. I would evaluate their department structure, policies, applications, and existing infrastructure to provide tailored recommendations. Intune's cloud-based nature eliminates the need for on-premises infrastructure, reducing complexity and administrative overhead. Additionally, it consolidates management responsibilities, allowing for efficient oversight of various IT functions. Compared to traditional IT setups, Intune simplifies email management with cloud-based solutions like Office 365, offering increased storage, accessibility, and device compatibility.

Approximately 60 of our 100 employees utilize Intune, and the platform manages 100 percent of their devices.

Intune generally requires minimal maintenance, but this depends entirely on the complexity of our created policies, including allowed and restricted settings. While Microsoft offers guidance to minimize management efforts, adhering strictly to their recommendations is essential for full automation. Customizations may necessitate ongoing maintenance. Ultimately, closely following Microsoft's guidelines will optimize Intune management and minimize our workload.

We also use Bing Copilot, but I find Bing AI less effective than ChatGPT. Bing frequently requires multiple prompts before providing a response, whereas ChatGPT typically delivers accurate answers more directly. For instance, when asking for a Microsoft Outlook KB article, Bing requested clarification on the term "KB," while ChatGPT promptly provided relevant KB articles. It seems Microsoft's AI could benefit from further development to match ChatGPT's capabilities.

I recommend Microsoft Intune for larger organizations. Legacy applications may not be compatible with Intune, preventing their use. Smaller companies might consider Software as a Service solution like Office 365 instead, offering email, PowerPoint, and other tools without requiring Intune. Enrolling devices in Intune for small businesses might not be justified due to the costs and IT management overhead. However, for organizations with 1,000 or more employees, Intune can provide enhanced security and device management. If Intune pricing is scalable based on the number of enrolled devices, smaller companies could evaluate it. Ultimately, the decision depends on the organization's size, IT resources, and security needs.