Microsoft Intune Reviews

My company has over 7,000 devices, including mobile devices, Windows, and Mac. The tool is only used to manage my team's mobile devices.

The solution's most valuable features are its ease of use and control of the MAM and MDM policies and configuration. The tool is straightforward and easy to use, while it also integrates with Azure. It has been a good product so far.

The tool has improved the way my team works as it is a cloud-based tool, so we don't have to manage on-prem servers. We also use apps on Microsoft Office 365, which is also one of the main reasons why we use Microsoft Intune.

I use the enterprise application management features of the tool, and my experience with it has been pretty good. Microsoft tells us that there are no bug issues with the updated versions or current versions, so there are no issues in the tool.

I use Microsoft Intune's Cloud PKI, and it helps manage the complexity of certificate management in infrastructure pretty well. There are no issues with certs or updating them.

Microsoft Intune has not affected my IT productivity, but it is not a very Android-friendly tool. We have had a lot of Android issues and compatibility problems with our VPN or tunnel. The tool is not very Android-friendly.

The maintenance of the tool is a lot less now for our company.

With the day to day device management tasks, the tool has been great, and there have rarely been any issues with it.

The mobile application management policies, specifically conditional access policies and app protection policies, are good features for managing diverse mobile environments. The DLP part is very strong.

The tool's tunnel gateway is not very good, making it an area where improvements are required. I wish it weren't so Azure's security group-based tool with which you can have local accounts. More personalization should be possible in the tool. One negative about Microsoft Intune is it acts too much as one of Azure's group-based products.

I have been using Microsoft Intune for half a year. I am just a customer of the solution.

I think the scalability is pretty easy and a lot easier to manage since we don't have to deal with the on-premises side. We use the cloud for extra storage, so it has been great.

My experience with the solution's technical support has been very good, but for other teams, it has not been very good. I rate the technical support a nine out of ten.

Positive

My company previously had some on-premises tools, but now it is cloud-based, so we save all the money on the network infrastructure and data centers. We don't need servers or storage, and it helps us save money.

When it comes to the product's deployment phase, I have taken part in the mobility side. In our company, we went through a migration, so there is always a lot of planning and testing and all that goes with it. Overall, it is fairly easy to use because it is deployed on a SaaS model.

The solution is deployed using a dedicated SaaS model. I think other teams have deployed it using an on-premises model.

The solution's deployment phase took a year and a half to test and set up everything. There was a lot of stuff involved.

In our company, prior to our migration, we already had Office 365 licenses, so it saved us around 4,00,000 for around a year.

I have seen a return on investment right from the start of the tool's usage.

I don't really know how much it costs, as my company pays for a bunch of licenses. The tool is cheaper than our company's other MDM tools.

My company has a few of Microsoft Intune's compliance policies that have helped us with some of the issues with sync interval with the compliance that we have noticed. The sync interval or the turnaround is not as quick as our company would like it to be currently. I understand that we can't control the sync interval.

I rate the tool a seven and a half out of ten.

Intune is a cloud-based platform for mobile application management and mobile device management. We can deploy applications on user devices and enroll user devices. We can enroll devices as per the organization's security policies. The devices comply with all the policies of the organization. We can also change the policies at the backend via Intune.

Intune helps with enrollments and securities. We can control the access to devices and users. We can specify what users can do. We can give role-based access. For example, a person working as a normal user does not require the same access as a manager. We can give access to users based on their roles. For example, a manager can add users to a particular group, but users cannot do that. We can restrict a user from doing certain activities. For example, we can restrict the user from using a camera or microphone. We can do such a configuration at the backend and deploy it to the user device.

Intune is very helpful for IT and security operations. If Intune is not there, we have to manually connect to user devices and deploy the changes. If we have thousands of devices, doing this manually on each and every device is very difficult. With Intune, we just configure the required settings and deploy them to a thousand devices in a single group. In a single step, we can add devices to a group. We can apply configuration easily. It is very helpful. It saves time. Adding or configuring devices manually takes a few months, whereas the same thing can be done with Intune within minutes.

We have had a very good experience. It is a Microsoft product. Everything related to a user is available. We have user names, user devices' names, and user licenses. We can also check the device compliance. We can see whether the device complies with the company policies or not.

Application updates and patching are available through Intune. We can also change group policy settings and registry settings of a device via Intune. We can change these settings without connecting the device. We can do that by deploying the PowerShell script or configuration profiles. For example, a kiosk device should stay up for hours and hours. It should not go to sleep. You can configure such devices to not go to sleep until 999 minutes. It is a very long time. If we enable such settings and add a particular user device group in the configuration, after the device starts syncing with the policy, no device will go to sleep.

With the Advanced Endpoint Analytics, we can see the application installation status. If we deploy a script to the user, we can see the status. We can see if it is a success or if there is a conflict. We can monitor the changes in user devices and check the compliance status. We can see if any app such as CrowdStrike is not updated.

With the help of Advanced Endpoint Analytics, we can proactively detect and remediate anomalies in endpoints. We can then reach out to users.

Intune saves us a lot of time. If we package an application using virtual packaging or physical packaging, it will take nearly two to three hours to package a single application. If we do this in Intune, it takes just minutes to add applications and deploy users. We can also monitor the particular application status in Intune.

The devices that are linked with Azure Active Directory are automatically linked with Intune. That makes the enrollment and management of BYO devices easy.

Intune has affected IT productivity in our organization. By saving time, it has automatically improved productivity.

Intune certainly saves costs. Without a cloud-based solution like Intune, we would require more IT staff.

Microsoft releases updates every second Tuesday. We can deploy those updates from Intune. We can also do patching through Intune. We can do quality updates and feature updates from Intune. We can also monitor the application status in Intune. We can see which applications are installed, pending, or available to install. We can see these things in Intune.

It is user-friendly. We can also troubleshoot any issues.

Intune saves time, and it is very easy to use. It allows us to manage applications completely.

If we could remote into a device, it would be great. Currently, we cannot directly connect to the user device. We have to use other tools such as VMware for connecting to devices.

If there are any issues, we should be able to connect through the Intune portal. The administrator should not have to go anywhere from the portal. He should be able to do everything from the portal.

Intune does not show whether a device is online or offline. It just shows the last login. It would be useful to know whether a device is online or offline.

We can see the issue related to updates in the Intune portal, but we cannot do anything from the Intune end. We have to connect to the user's device manually. We also need a better understanding of why the update is not happening on a particular device. It will decrease the time to troubleshoot the issues.

At times, there have been slowness issues with the company portal. It takes time to load and does not show the application status.

It would be great if there is a way to generate a PowerShell script to do certain things. Learning the PowerShell script is not easy, so such a feature would be helpful. Based on what we want, if it can automatically generate a script, it would be helpful.

It is not necessary, but it would be great if they added a messaging system in Intune. For example, when it is a shared device, a number of users log in to the device. In the case of any issue, it would be great to be able to directly message a user from Intune. Currently, there is no option for that, but if it could be done, it would be a very good thing.

I have been working with this solution for the last 18 months.

It is 100% stable.

It is very scalable.

We have about 12,000 devices and 20,000 users.

So far, I have not raised any questions with them.

I have worked with Microsoft SCCM. It is similar to Intune but not as user-friendly as Intune. Intune is very easy to understand. Its framework is very good. Microsoft SCCM is very old.

I have not worked with any other vendor. 

I am involved in the deployments, enrollments, troubleshooting errors, and monitoring in Intune. I take care of adding devices, users, and licenses, deploying policies, and configuring policies and scripts.

Its deployment does not require much. We just need a license to operate it. Our management takes care of that. There are a few licenses that are active only for nine hours. After nine hours, the roles are deactivated.

It does not require any maintenance from our end.

Intune is linked with Microsoft. We can deploy the Microsoft E365 license to users by Intune. There are different types of licenses, such as device administrator licenses, E5 licenses for device enrollment manually, and P1 and p2 licenses for device enrollment automatically. These are the licenses required for the administration.

I did not evaluate any other option. This was my first project, and I started as an Intune administrator.

It is a very good tool. It is easy to learn. You can expect quick assistance from Intune.

Before using Intune, I would recommend learning about Windows. Learn about the registry, configurations, and group policies. If you know these, it is easy to learn Intune.

You can face enrollment errors if the prerequisites are not met. For example, to upgrade from Windows 10 to Windows 11, you need to have some amount of free space or RAM. If you do not care about the prerequisites and just enroll the device, it causes issues. It will affect the device, and you need to enroll the device again.

I would rate Intune a nine out of ten.

Around 90 percent of our platforms are in the cloud, and our company uses them to manage access to various platforms. In our company, what we used to do when we were on an on-premises setup was to use group policy to basically manage access and authorizations to various services, which can be quite challenging because not everything you want to do on GPO even though it is available in it. You can use or manage VBScript and PowerShell, but it was a bit challenging. With Microsoft Intune, you already have specific processes and platforms that have several things you can do with it in terms of security and in terms of making everything standardized, sort of a standard desktop, or even a customized one based on the user's job title, ranging from executive management to basic back-end staff. Microsoft Intune allows you to customize everything, like security, the availability of some features, and even updating particular systems or where and which system can access which service from a geographical location, which we couldn't do with GPO. Microsoft Intune allows us to be very flexible.

Applications have a feature that allows you to deploy applications remotely to different systems. They can be Windows-built, some business applications, small scripts, or even custom applications. The tool can even deploy fixes, and it has been one of the features we use quite frequently to troubleshoot and fix issues.

The tool brings all of our company's endpoint and security management tools into one place.

Speaking about the impact of Microsoft Intune on our company's IT and security operations, I would say that the tool has done a good job in terms of centralized management, but there is still a lot it can do. Microsoft Intune is just a mobile device management platform. It doesn't really implement security, specifically in terms of endpoint security for ransomware and other attacks, so our company has to supplement with other solutions.

If I assess Intune's user experience, I would say it is perfect and simple. In general, the tool is very easy to use. Every feature or domain, ranging from compliance to security to DLP, integrates very well with Microsoft's other modules.

I am using certain aspects of Microsoft Intune Suite, which involves the new collection of advanced endpoint management and security tools.

If I assess Microsoft Intune for securing hybrid work and protecting the company data and the data on my own devices, I would say that it works very well in handling BYOD cases. For all the corporate business apps, you can't share data outside Microsoft Intune or the enrolled devices. It has to go through all the approved suites of Microsoft Project and then into OneDrive so that we can tell where that information passed, making it basically a DLP type of thing. You can't copy and paste anything into an external product since it must be within Microsoft's suite. The tool really helped our company keep certain information confidential within Microsoft Office Suite, and it doesn't go outside, which is helpful.

I use Intune's Endpoint Privilege Management feature in Microsoft Intune. Speaking about how Intune's Endpoint Privilege Management enables our company to enforce the least privileged access that affects user productivity in our organization, I would say that all our users are at the basic level. Depending on the function users need to do, privileged access might be required, and we can basically elevate them to do it, and then we don't have to do anything beyond that.

In terms of how important it is in the context of our company's journey to the cloud that the capabilities of the Intune Suite are integrated with Microsoft 365 and Microsoft Security for both cloud and co-managed devices, I would say that the integration part is the key since it has to follow everybody, whether they work on the company's premises or remotely with Microsoft Intune.

Improvements can be made by allowing server integrations since it is an area where the product currently has shortcomings. Currently, it is just endpoints, Windows, and mobile devices, but we would like to see the servers integrated into the tool as well so that the product covers everything.

The product currently lacks any features. For most of what we can't do with the features available in Microsoft Intune, we use PowerShell to address such areas.

I have been using Microsoft Intune for ten years. I work with one of the past versions of the tool.

My company hasn't faced any stability issues associated with the product since its deployment.

It scales up pretty much with ease. It reduces the work on the admin side. It is a very scalable tool.

With Microsoft Intune, my company covers more than 250 devices. I would probably say that it goes up to 300 devices. My company also has many remote staff members.

I have provided technical support for the solution once or twice, but all the information regarding the fixes is mentioned on the internet. I rate the technical support a ten out of ten. In my company, we haven't had any challenging situations that required a prolonged fixing process, and it was usually done in a day or two, within which it used to get resolved.

Positive

Before Microsoft Intune, I used a different solution for enterprise mobility management named VMware AirWatch. My company started using Microsoft Intune since it was bundled with the other services offered under Microsoft. I think my company moved to a new plan with Microsoft, and Microsoft Intune was present in it with Microsoft Enterprise Mobility + Security (EMS). My company thought about why we should pay for another service when we already have one.

VMware integrated with Microsoft like a connector, but every time there is a change or an upgrade to Microsoft's platform, it sort of disrupts VMware. My company then figured out that the closer we are to Microsoft's platforms, the better, which in turn helps us consolidate vendors.

My company involves two types of judgments to determine whether or not the consolidation of vendors my company deals with has affected our security posture. We have a Gartner evaluation, and we are trying to see if our current vendor is at least in the leadership quadrant. After that, we go for their products. Even if a tool is not at the top, it is a win-win situation for us as long as it is there. Gartner has been important in helping our company decide which vendor to consolidate products and services on.

The consolidation of affected vendors has not reduced our company's licensing costs. We recently discovered that Microsoft is basically unbundling several parts of its products. People can now choose Microsoft's models, but you cannot choose what you want as an add-on. In such a phase, we are going to have to compare apples with apples. If Microsoft unbundles Purview, for instance, we have to look for a similar DLP and compare it in terms of price and performance.

I was involved in the tool's initial setup process. Initially, my company faced some complexities with the product's initial setup phase, especially in terms of how to deploy it remotely. We basically had to have every device in front of us physically to do the deployment.

Considering that the deployment phase was an ongoing process, it took three months to be completed.

The product's deployment phase was carried out with the help of our in-house team with the help of the information in the tool's manuals.

The solution was deployed with the help of three people in our company.

From a cost-saving perspective, my company has no information associated with the tool. When we get the budget approved in our company, there is an additional buffer, causing us to have more of an overcapacity scenario rather than an undercapacity one.

My organization is still in the process of discovering several of the overall benefits that we have experienced from the use of the product. My company keeps discovering new features when we use Microsoft Intune's capabilities.

My company has not done any evaluations to figure out whether the product could generate any return on investment. It is something we should do in the future.

In my personal opinion, the product does offer value for money since it offers good security.

It is not difficult to maintain the product. Once the configurations are set at a basic level, the tool just keeps modifying itself and keeps on improving.

In terms of the product price and licensing costs, my company finds the product to be reasonably priced. As long as our budget is approved for it, everything is fine with the pricing part.

My company did not evaluate any other options against Microsoft Intune.

I am not using the enterprise application management features of Microsoft Intune Suite. For applications management, we are basically doing SaaS for most of our applications, so they are on the cloud. The least we do in our company is MFA or two-factor authentication and single sign-on into the enterprise applications, but they are basically on Amazon AWS or SAP.

I am not using the advanced endpoint analytics in the tool.

My company doesn't use Microsoft Copilot in Intune. I would say that my company is waiting for Microsoft Copilot to reach an advanced stage. When I say advanced stage, it means handling business cases that apply to our company's type of business. What we have seen in our company is that in areas like customer relationships and retail banking solutions, Microsoft Copilot works. With Microsoft Copilot, our company hasn't seen any business case related to our work. Microsoft Copilot is mostly for chatbots in CRM and other things, but that is not what my company wants. My company is waiting and hoping that we will see advanced features in Microsoft Copilot by next year. I am working with the basic capabilities of Microsoft Intune.

Intune's Endpoint Privilege Management's least privileged access doesn't affect our organization's attack surface since it is handled by a different platform named Symantec.

My company has not measured if Microsoft Intune has affected IT productivity in our organization, but I believe that it is something that we should do.

I would suggest those planning to implement Microsoft Intune in their company start with a pilot group and implement every aspect they want to implement with that group across different devices, ranging from Androids, iOS, Google, and everything else. In my company, when we did encryption, we found that Android already has an encryption feature, which is basically for Android, so we couldn't turn on the encryption feature. If we did turn on the encryption feature, we would lose information because it was already encrypted by Android.

I rate the tool a ten out of ten.

We use the product to enroll devices, install configurations, and manage apps across our infrastructure. We address issues related to app protection policies, conditional access, and custom policies with its help.

The solution has significantly improved managing a diverse range of devices. We have observed enhancements across Android, iOS, and Windows devices.

One of the product's best features is its ability to integrate company policies and configurations into applications directly.

There could be more competent processes and improvements in the policy space. If devices follow the rules, it will benefit the company. If they do not, it will lead to non-compliance. We have been able to implement some common policies, such as data sharing, handling rooted devices, and managing cyber-available data. We are working on latency and permissions, including PIN tests and direct access to information, to enhance the overall process.

I have four years of experience working with Microsoft Intune.

The product is stable. I rate the stability a ten.

I rate the platform scalability a ten.

The technical support services are satisfactory. 

Positive

The product can be deployed on the cloud or on-premises. 

First, we access the Azure portal by browsing the URL and searching for Intune. Later, we can directly log in to the endpoint management section.

We create and assign licenses to use these tools and then provide users with instructions. Users have to download the company portal and follow the setup steps, which include entering necessary personal information, accepting terms, and managing settings.

Next, we handle the installation process within the company. We need to trust the application by selecting the appropriate option. If applicable, we enable settings on mobile devices. Following that, users must log in and configure settings as required. These options and settings are available through the company portal. The process is straightforward, and it doesn't require maintenance.

The product has helped save money. I would estimate that it has saved around 20% of the investment.

The product is expensive. 

Microsoft Intune provides everything in one place and streamlines our security operations significantly. It has impacted IT productivity across different devices, including Android, AWS, and Windows.

We use application management within Intune Suite. For instance, on Windows devices, we create and manage applications through a structured process. It involves configuring firewall settings, managing OS types, and ensuring that PC applications are updated regularly. We typically make monthly changes and create and manage application packages to maintain quality and compliance.

Copilot has simplified our operations by streamlining the issue management process. For instance, we can efficiently address and resolve issues when we receive tickets. It assists with authentication and other Intune-related tasks, which helps us handle hardware-related issues more effectively.

Intune helps secure hybrid work environments by managing both company-owned and bring-your-own devices. You can enforce policies to convert personal devices into compliant company devices, ensuring that data is protected regardless of whether the device is company-owned or personal.

Endpoint privilege management is integrated into our endpoint management system. It helps us manage and control permissions for various applications and endpoints. It allows us to enforce least-privileged access, which helps minimize security risks. I use it in my organization to enforce the least privileged access. It involves managing access through various channels and ensuring users sign in and complete necessary audits. The process is designed to act as a mediator.

I recommend it to other users and rate it a ten.

We use Intune as the MDM platform, and we used to deploy some products connected to Intune. 

Intune has improved productivity somewhat by connecting the AD with Microsoft Defender and the MDM because we can identify the Internet server. That's the main application or port over which we can manage our infrastructure. It streamlines device management. 

I like how Intune deploys the policies and makes them customizable. You can deploy it through Intune and forget about it. 

You can connect Defender for Endpoint to Intune and assign the client to start porting detections and alerts, creating a little security operations center. The integration is easy but tricky for someone who doesn't know how to use it. Once you learn to use it, it's a powerful tool that can condense most of your administrative tasks into one place

Integration with Microsoft 365 and security is critical if you have a Microsoft infrastructure. You want all the tools to be connected and exchanging data so that when you make a change or deploy something, you can make an informed decision and log the errors. You can avoid having different types of configurations and strengthen your policies. 

We've been using what they call conditional access in which we set up policies and apply them based on certain conditions and attributes. For example, you can apply some policies to company-owned devices and a different set of policies to devices for personal use. 

Sometimes, it takes time to synchronize the policies between the portal and the devices, you don't have a way to estimate how long it will take to deploy. You have some kind of gray area, where it can deploy in 30 minutes or three days. 

I have two years of experience with Intune

I rate Microsoft support nine out of 10. When we raise a ticket, they respond with a solution or guidance on how to fix the problem within 24 hours. 

Positive

We used VMware Workspace ONE and one other MDM. Based on my experience, I think Intune is the most robust because of how easily it can integrate with the other Microsoft tools. You won't need to deal with the process of connecting the Active Directory to Intune. Once you have your account with a subscription and a license, it will connect automatically, and you won't have a big problem with it. 

Microsoft offers a license that lets you access all the tools. Purchasing that license will probably be the most cost-effective if you plan to implement a Microsoft-oriented infrastructure. It's cheaper than purchasing all the products separately. 

I rate Microsoft Intune eight out of 10. 

While Microsoft Intune offers centralized management and policy enforcement, it doesn't consolidate all endpoint and security management tools into a single platform. To comprehensively safeguard systems, additional solutions such as Microsoft Defender for Endpoint are necessary.

Achieving comprehensive endpoint visibility and IT control across various device platforms is a complex task, considering the diversity and freedom inherent in different systems. However, when it comes to deploying and managing devices like tablets, mobile phones, laptops, and specialized devices in Germany, a systematic and organized approach is crucial. Particularly noteworthy is the ability to configure IoT devices, such as numerous thermostats, water control systems, or sprinkler devices. Without a solution like Intune, scaling becomes a challenging issue, especially when dealing with thousands of such devices. Therefore, the use of a system like Intune becomes imperative in addressing these scaling challenges and ensuring effective device management.

On a scale of one to ten, I would rate my user experience with Intune as a six. The lack of intuitiveness makes it cumbersome to track and understand what needs configuration, especially when dealing with aspects like OneDrive and having to cross-reference settings across different areas of Intune.

In the context of securing hybrid work with Intune, our experience involved a two-day effort to configure the certificate for the Conditional Access server. However, once this initial setup was completed, we successfully configured VPN access for mobile phones. Despite the initial complexity, especially for a large company, Intune delivered on its advertised promises and proved effective in fulfilling the intended security functions.

Intune's effectiveness in securing data on company and BYOD devices is based on distributing security configuration data. While valuable, Intune has limitations, and comprehensive protection against cyber threats requires a sophisticated approach, including hybrid artificial intelligence solutions like Microsoft Defender for Endpoint. While Intune aids in system configuration, detecting and preventing attacks demands a more advanced defense strategy, comparable to sophisticated endpoint protection. Hybrid AI, with continuous human input, enhances threat evaluation, recognizing nuanced situations like suspicious timings in actions on developer endpoints.

It positively impacted IT productivity within the organization by enabling the secure addition of thousands of mobile phones to the VPN. In this regard, it performed effectively.

It played a crucial role in mitigating the risk of security breaches by securely distributing VPN certificates. While effective in this aspect, it's important to note that this alone is not sufficient. Endpoint security, such as developer endpoints, is analogous to having specialized tools for reading and managing complex systems.

It significantly contributed to cost savings. Manual configuration for each mobile phone would have taken approximately an hour per device per year, amounting to three or four thousand hours annually. However, with Intune, we accomplished the task in two days for five thousand devices, equivalent to around one hundred sixty hours. This resulted in substantial efficiency, reducing the effort from an ongoing five thousand hours per year to a one-time investment of a hundred sixty hours.

One of the most valuable aspects of Microsoft Intune is its seamless integration with Azure Active Directory, offering capabilities akin to Group Policy Objects. This integration provides a centralized platform for managing and enforcing policies, ensuring the stability of configuration data across devices, resembling the familiar functionalities of traditional group policies in an on-premises Active Directory environment.

In utilizing Intune's endpoint privilege management feature, I've primarily focused on configuring VPN access and certificates, although I'm not an Intune specialist. It's versatile enough for both configuring VPN access and managing large-scale IoT servers. For instance, in building management systems, especially in large structures like bank buildings, where numerous actuators are involved, configuring and securing them becomes a complex task. Intune proves valuable in this context. However, it's essential to recognize that while Intune serves as a powerful tool, relying solely on it is insufficient for comprehensive system security.

The integration of Intune capabilities with Microsoft 365 and Microsoft Security is crucial. As mentioned earlier, securing your machine requires tools like a developer endpoint, and relying solely on Intune may not be sufficient. While Intune allows configuration and deployment of Defender for Endpoints, having a dedicated tool is essential. The unique selling point of Microsoft lies in its seamless integration, especially notable for those working with Linux systems, where Microsoft's comprehensive integration sets it apart.

In terms of configuration, my experience with Intune is somewhat mixed. The configuration tool appears to be scattered throughout the Intune interface, requiring frequent navigation back and forth. The web interface, while functional, isn't particularly user-friendly, leading me to find PowerShell a preferable option. However, using PowerShell involves investing time in developing scripts. The challenge lies in the complexity of navigating between profiles and MDM configurations. Multiple windows need to be open simultaneously to grasp the overall configuration landscape.

I wish there was an improvement in the configuration process, as currently, it involves navigating through different locations with multiple windows open. Having a dedicated configuration server that assists in modifying the configuration service, and creating personalized structures, interfaces, and web services could enhance usability.

I have been working with it for three years. 

When evaluating stability, it's essential to consider the multitude of adversarial attempts, particularly from military opponents engaging in hacking activities. Microsoft has demonstrated its capability to withstand and defend against such sophisticated attacks, setting a high standard for security.

Considering the extensive number of support calls, I believe Microsoft handles them as effectively as possible. I would rate its customer service and support eight out of ten.

Positive

In the past, we utilized Windows services.

The number of people required for deployment depends on the specific tasks at hand. For instance, implementing the VPN solution involved five individuals, including specialists for firewalls and virtualization for the server endpoint. If the focus is solely on Intune-related tasks, one expert may be sufficient. However, in typical scenarios where Intune is used for onboarding machines or mobile device management, you'll need administrators with access to the relevant machines. It functions as a collaborative administration tool, and the required personnel would depend on the number of departments involved.

The pricing is inherently reasonable, as Microsoft leverages market insights to maintain the total cost of ownership at around ninety to ninety-five percent of what would be incurred in an on-premise scenario. Microsoft products inherently benefit from economies of scale and global reach, making them cost-effective.

It aids in vendor consolidation; otherwise, we would have had to manually configure around three thousand mobile phones.

It impacts the security posture positively when you are aware of what you configure and can update configurations promptly. However, as mentioned, the need for artificial intelligence in Endpoint Protection remains crucial.

I would recommend subscribing to reputable YouTube channels that focus on Intune or related topics. Building a strong foundation and gaining practical experience is crucial to understanding the intricacies of Intune. Overall, I would rate it eight out of ten.

We were using SCCM to build and manage our machines and to control the AV, and everybody left the offices for the pandemic. We did not have an external management point. Oh. And we realized we lacked a method of control. After hassling Microsoft over a question of semantics, we finally got our answer, and we quickly scrambled over two weeks to push out Defender while everybody was still in the office. The other part was to move toward Intune. 

We started testing that and went in both directions. We tried domain and nondomain. We eventually worked backward, redid it again, and took all of our workstations off the domain. Now, none of our workstations are running on the domain. We build everything from Intune. The company gets a list ahead of time from vendors like Dell or HP, so we can have a laptop sent directly to an individual without ever touching it. They sign in, and it simply asks for their password. 

The biggest benefits of Intune are the ability to push changes and the added security. When we moved forward with Defender, we onboarded all those machines automatically. That helps dramatically. For a while, we were left with machines that weren't protected. We could see where people had done things they shouldn't have done, and Defender saved our skins a few times. It didn't happen a lot, but it happened enough that it made us glad we made that decision. 

Intune has enabled us to manage our remote workers' devices, which has been especially helpful since the start of the pandemic. My guys spend less time troubleshooting. If they're going to spend more than about an hour on an issue, it's a little easier to just reset the machine and reinstall everything again. It saves a lot of time. 

We're a much smaller group, so it worked out better for us. We've been able to push out products that we hadn't planned on. We had to push out certificates because we decided to go with a Cloud RADIUS provider and moved to certificate-based authentication for wireless. We've leveraged that same certificate to turn on 802.1x in all our offices to secure the wired networks. And all of these things have made it possible to roll out DNS filtering. Once again, all through Intune. We could enable all these pieces that we would need to turn on one by one with Intune in place.  

The company needed something that could be agnostic, so it didn't matter where it was. Half our workforce doesn't work in the office. We've downsized our primary office, and leased over half of it to other companies with subleasing. We don't need as much space anymore. Our workers are still working, and they're not required to be in the office more than three days away. Intune ensures that everyone can work remotely and securely. You can't log into our Office 365 environment from a non-managed device. Almost everything is in Office 365. We use nearly every piece of it. We use Teams for communications and switched to Azure Virtual Desktop at the end of 2019. We were a Skype customer then, so it wasn't hard to switch. 

We continued to shrink our footprint as we adopted more and more SaaS offerings. Unfortunately, finance and some other use cases cannot be in the cloud. You still need on-premise Bloomberg terminals, and other companies require you to have circuits to run them. We have to redirect certain things, which is why we have the VDI in place for a handful of users who require those internal resources when they work remotely. Intune is what made all that easy and possible. I don't think we would ever change that. My guys like it. It has simplified things. 

At the end of the day, we do touch the machines, but we don't need to. And we know if we didn't have to. Previously, a machine got left in an office, and we just walked through somebody wiping it, where you assign it to them, and they log back into it. In the worst-case scenario, we can just pull something off a shelf like that.

We had to learn the hard way which machines work in our environment. It's nothing against the company, but we will no longer buy Dell because their business platforms only use Intel chips, and we can no longer afford to use Intel chips. It doesn't work for our needs. I can get AMD chipsets that are generally cheaper and perform better. They aren't throttled for some of our applications the way Intel chips do. People have been happier since we made that migration a little over a year ago. 

We replaced many machines and onboarded people after acquiring a couple of other companies, and they were shocked at the difference between the machines we gave them and what they were used to working with. They just had always put up with that, and so had we. With Intune, it didn't matter what we purchased because it already had Windows loaded on. It was simple and easy to move forward.

Intune has reduced our build time from four hours per build to an hour or an hour and a half on a slow day. That's getting the Office 365 stuff to download and install. The other apps are secondary. When somebody logs in to a machine, the apps start downloading. We could give somebody a machine they've never seen before, have them sign in, and they're ready to work in an hour and a half. That's a tremendous amount of time saved, and there's nothing left for us to do.  We just make sure everybody who's supposed to be in a group has the assigned apps that the group needs to have. They're installed automatically.

The biggest problem we ever have is when something goes out of date after 30 days when nobody has logged into it. We do have a problem trying to get those back online. We've been working with Microsoft to resolve that problem, but that's been the only issue that we've had in the last few years.

Out of the box, Intune works reasonably well. They will continue to think of new ways to improve. Some of the policies could use some work to align more with what people are used to, but it's getting there. It's coming along, and I'd like to see how Security Copilot comes into play. You could have Copilot build things based on what you request. It could help put policies in place and look at your current policies. 

Unfortunately, we've had stuff out there for four years, and it's not working properly. A tool like Copilot could assess my policies, find weaknesses, and tell me where to make changes. That would be a great benefit.

I've had a constant battle with the DLP component, and no they're not going to have a choice. If they want to go with Copilot, we will need to start classifying documentation whether we want it or not. There will be a big fight when I get back of it. There's a fight. If you want you want you say you want copilot when it comes out, but if we have a classified stuff, it's not gonna work the way you wanna too. I heard so. Yeah. That's a problem. I heard someone talking about

We started testing Intune at the start of the pandemic, and at the time, it didn't seem to be quite as ready as they claimed it was. It was still being pieced together when we adopted it. However, it worked out well. While everybody else was scrambling during the pandemic to get on Teams and Azure Virtual Desktop, we had done that in the previous December, so by pure luck, we were ready to walk out the door. 

And I think it's scalable, honestly, but it's it's also about mentality, whether you believe it's you wanna spend the time to make sure that it's scalable. You know, I I I don't think I've been a big fan of getting away from domain services for the longest time. Think I don't see the point anymore. It's we use it very rarely. I so, you know, everything should be cloud based. It's a way to go. I mean, if you can run it that way,

We don't usually deal with Microsoft much. We have a CSP in place. However, sometimes we're dealing with a backend problem, and the CSP will take longer, so we'll go straight to Microsoft. When that occurs, Microsoft typically handles those issues reasonably quickly. When I contact Microsoft, I usually go through several engineers before I get to someone who can help. That's normal, but it doesn't drag out.  

Years ago, when we paid for enterprise support, I felt it dragged on forever because I went through the same process. I'd talk to a first-level engineer, and we had to escalate to tier three before we finally got somebody who understood what was going on. They would see the problem but not know how to fix it. They never had a resolution half the time.

The initial setup was easy, but we had lots of time during the pandemic. I had that all set up in my living room that first summer, working on it remotely. There were some pains because it wasn't all there yet. It wasn't until about July 2020 that most of the pieces were in place. It took another year before the rest was solid. However, to be fair, people adopting Intune now will get a mostly finished product.

Intune has a cost advantage if you get it with a bundled Microsoft license. If you have E3 licenses, you already have access to Intune, so you're not paying anything extra. That's a huge savings right there. Back in the day, people always wanted Office, but they didn't wanna pay for it, so you would use Open Office. That was my go-to 10 years ago. Now, I recommend the opposite. You need an Office 365 account. Don't think it is as paying for Office. That's not what you're buying.

For $7 dollars a month, you're getting a terabyte of storage in OneDrive and all the apps. You won't get that from Google. It's about cost, and it's even better if you get those bonuses with it. 

I rate Intune eight out of 10. I've never seen anything perfect, but it is an excellent fit for our environment. This is the smallest company I've ever worked for in my professional career, so it works well for us.

The primary use case for Intune is to enable user access to authorized data and applications like Outlook and Microsoft Teams, whether they are using corporate devices or their personal ones. By enrolling these devices in Microsoft Intune, users gain access to organization data, effectively turning their device into a mobile office laptop.

In our work, we have experienced the advantages of using Microsoft's services, particularly when it comes to handling certificates and inventories. Microsoft's capabilities in these areas have prompted many people to transition their operations to Microsoft.

One of the standout features of Intune is its seamless accessibility to work data, eliminating the need to be tied to an office or a desktop. Whether on iOS, Android, or other mobile devices like tablets, users can effortlessly access essential tools such as email, Microsoft Teams, and custom business applications, enhancing productivity. This capability became especially crucial during the COVID-19 pandemic, when remote work setups became the norm, making Intune a prominent solution for remote access to corporate resources.

Intune's areas for improvement, especially since its implementation in June, revolve around security and certificate management, primarily related to personal devices known as BYOD. While there are policies in place to prevent data transfer between corporate and personal apps, there is room for further enhancing security measures for devices that aren't corporate-owned but are enrolled to access organization data. Tightening security in this context is a key area in which Intune can continue to evolve.

I have been using Microsoft Intune for six years.

In terms of stability, it largely depends on how well security measures are implemented. Ensuring that devices are properly secured and monitored is crucial for stability, especially in situations like a lost device where sensitive data is at risk. Security awareness and access controls play a significant role in maintaining a stable environment. Multi-factor authentication and additional conditional access measures, such as fingerprint access, are used to verify the user's identity and protect data. I would rate the stability of the solution as a nine out of ten.

The scalability of Intune is highly rated by engineers for its flexibility. It is easy to scale, primarily due to the licensing options. You can start with a smaller scope, say, with 40-50,000 employees, who want to use corporate devices with Intune. As your organization grows, you can easily expand, going up to more than 100,000 users, and incrementally add licenses as needed, be it on a quarterly or monthly basis. This makes Intune a versatile solution for businesses of various sizes. At our company, for mobile devices and laptops, we have 30,000 users. I would rate the scalability of the solution as a ten out of ten.

The experience with Intune support has been generally positive, although there has been a learning curve for support staff. Initially, there were some challenges, with different teams involved, which sometimes resulted in less than optimal solutions. However, the situation has improved over time. On a scale of one to ten, I would give an eight out of ten rating for Intune support. It is a generally positive experience with room for further enhancement.

I would rate the complexity of the initial setup as a seven out of ten. However, if you have prior experience with MDM solutions or other MDM platforms like MobileIron, AirWatch, or IBM's MaaS360, the process may be more straightforward. Intune deployment typically takes a few weeks. The deployment involved a team of over 35 people to cater to a user base of around 30,000 in an automobile company based in Canada. The process began with testing and policy configuration over a month, focusing on aspects like data restrictions and copy limitations. After the pilot phase, Microsoft provided a pricing model, and a migration process took place over two to three months. This involved transitioning users from BlackBerry to iOS and Android and incorporating Windows Autopilot for Windows laptops, both new and existing. The onboarding process also extended to HP and other vendors.

I find the pricing for Microsoft Intune to be quite reasonable. It is available through various licensing options, including E5 Enterprise, E3 Enterprise, and as a standalone product. E5 Enterprise provides Intune as part of a bundled package, while E3 Enterprise offers it separately. Microsoft offers several licensing options, allowing organizations to choose the one that suits their specific needs. Before deploying, there is a free trial period of one month where you can test it with up to 50 devices. Once you have an understanding of your needs and Microsoft's pricing, you can choose the right model and device enrollment numbers. After the trial period, they offer a budget of around $120 for you to allocate according to your requirements. The pricing is then converted into a pro-rated monthly basis, depending on the volume of devices you need to manage, whether it is beyond fifty or a hundred. This flexible approach is advantageous for users. Overall, I would rate it as a seven out of ten in terms of costliness.

In comparison to earlier vendors like IBM, AirWatch, MobileIron, and SOTC, Microsoft Intune stands out as more flexible and user-friendly. These earlier systems were rigid and required IMEI numbers, making them less adaptable. Intune, on the other hand, is simple, similar to Azure, and excels in terms of scalability and versatility. Creating device-switching policies in Intune is straightforward and visually intuitive. It involves selecting the appropriate profile and specifying the device type (iOS, Android, or Windows). The options are readily accessible, making Intune an easy-to-use solution for managing mobile devices and endpoint management tasks.

I highly recommend using Microsoft Intune, especially in today's remote work scenario driven by the COVID-19 pandemic. It is a robust solution for managing corporate and BYOD devices, ensuring that they are properly configured and secure. Intune simplifies end-to-end device management, from pushing policies to implementing multifactor authentication, and it's the best option in the market right now. While VMware Workspace ONE and AirWatch are good, Microsoft Intune stands out, as evidenced by its popularity among clients, with more than 80% opting for it. It is definitely worth considering and conducting a proof of concept to see how it can benefit your organization. Overall, I would rate the solution as a nine out of ten.