Microsoft Intune Reviews

The primary use cases for Microsoft Intune are patching and mobile control.

The ability to deploy patches and automate software deployments to end-user devices is very useful. Managing the applications and compliance has been easier with over two thousand devices. The solution is easy to use and deploy, particularly for Microsoft-based devices.

The asset management component is not very granular. If it could provide information on devices, their composition, specifications, licensing, hardware expiry dates, software expiry, and inventory, it would be more robust. There is a need for better support for non-Microsoft assets, devices, and software applications, and integration with other tools, like Linux, is needed.

I have been working with Microsoft Intune for about six months.

I was not part of the initial deployment, but I have been involved in deploying Microsoft Intune to end-user devices, and it is very good. The deployment took about an hour.

The technical support by Microsoft is not so good. We have to manage many things by ourselves and do not receive responses in a timely manner.

Negative

We're using both Microsoft Intune and ManageEngine as a result of a merger. One company was using Microsoft Intune, and the other was using ManageEngine. We are deciding which one to focus on.

I rate Microsoft Intune overall as seven out of ten.

Public Cloud

Microsoft Azure

I primarily use Intune for troubleshooting user issues. For example, if a user raises a ticket stating that Teams is not working and they cannot connect to the corporate network, I check if they are in the appropriate group for certifications like Wi-Fi and PKI. If not, I add them to solve the issue. I am also involved in pushing apps like safety apps. My current project involves ensuring compliance with policies, BYOD, CYOD, Apple Business Manager, APNs, and Apple Push Notification certificates. Enrollment is another task I handle.

Having everything in one place is useful for our IT and security operations. We can remotely do anything in Intune. It protects data on managed devices. It is very effective.

Intune allows us to deploy managed apps directly from the Microsoft store by adding an additional layer of security, automatically reviewing apps before they are installed on end-user devices. For example, if a user needs an application and it is mandatory for them, it is silently and mandatorily downloaded from the company portal.

It is a cloud-based service. It is easy to use and offers privacy.

Intune helps the organization manage access to its internal apps, data, and resources. 

I am pretty new to this solution. At this time, I do not have any areas for improvement. I have heard about some downtime, but I am not in the local IT team.

I have one and a half months of experience in troubleshooting. Currently, I have two years of experience with Intune. I handle iOS and iPad tasks, including applications and small works.

I have not faced any issues. I have heard about downtime, but our local IT team manages downtime issues.

It is scalable and capable of growing with the business.

Microsoft has a portal with good resources. I have not interacted with their support.

Neutral

I have not used any other solution previously.

Its pricing seems reasonable.

I would rate Intune a nine out of ten.

Public Cloud

Microsoft Azure

My last job was cyber defense for clients in European countries like France, Belgium, Sweden, etc. We use Intune to manage definitions for Microsoft Defender and classic corporate reasons, such as limiting the access of Active Directory users. 

My current company supports clients using Office 365. We're one of the biggest service providers in Bosnia Herzegovina. We use it to deploy enterprise applications to specific users. 

Intune is good for both the administrator and the client. You can deploy things like antivirus and applications while preventing or allowing users to do something on their PCs. 

It's possible to protect users' personal devices with access control list rules in Intune, DLP, etc. You can set different policies for personal and company devices, but it can be tricky to tell when the rule should be applied to a device.

The most valuable feature is Intune's ability to push out updates for the security and antivirus. I also like Intune's copilot and the ability to automate processes. For example, if you have 5,000 employees who are issued new PCs and you need to set them up with everything they need.  

Intune is on the cloud, so you can bring all your endpoint and security management tools together. Intune may not be the best tool in the world, but it's the most familiar. You have Microsoft, Fortinet, Cisco, etc., but I've worked with Microsoft my entire life, and it brings all the functions from SCCM to the cloud. Office 365 hase everything in one admin portal. With Cisco, everything is messy. If you are dealing with 10,000 to 50,000 employees, you must manage everything from one console.

The user experience is better from an administrative perspective. It has improved in each version, so things are easier to find. 

Setting up Intune Autopilot can be a little complicated. 

I have used Intune for six years, primarily in a lab environment. 

We were interrupted by a bug and a policy that wasn't configured correctly. In this instance, it was our mistake because we created rules that prevented Intune from pushing applications out. 

We have an SLA with Microsoft support that covers all of our products, including Office 365, Azure, Exchange, etc. If we have a problem, we contact Microsoft Global Support in India. We can call them at any time, day or night, to solve our issues.  

Positive

 I previously worked with SCCM on-prem. Intune has the same features, but it's entirely cloud-based. Everything is the same except for the console. 

The price of Intune is too high for a small company or environment like ours. 

I rate Microsoft Intune eight out of 10.

Essentially, we use it to manage devices. We are looking at potentially moving away from VMware and bringing mobile devices and tablets into Intune along with desktops and laptops, which we currently manage, so that it serves as an all-in-one active asset list where we can look at the health of the entire technical estate. We can manage against threats. We can roll out apps, policies, et cetera. We can also manage logins, reset logins, et cetera, and it's an all-in-one, 24/7 solution.

Microsoft Intune has absolutely improved the way our organization functions. We're currently going through the AAD migration, so we are transitioning away from the old on-premise domain to Azure. The ability to take devices that were locally managed via AD but weren't managed via Intune is brilliant. We can see who last logged in, who it's managed by, which OS is there when it was last updated, etc. It gives us a micro overview of what's happening there.

Generally, we find it quite useful. We don't use it to the full extent. We've only got a P1 license, but generally, the application health and the ability to create and manage policies are valuable. We can split them very quickly into groups, multiple policies, etc. So, it's those core basics that we use, but they work very well.

It's very informative when there is an error. It allows us to backtrace where the error is and resolve that ourselves. It's a bit of a Swiss Army penknife. We find that it fixes most issues.

I'd like some more reporting so that I don't have to delve into PowerShell and I can pull more of the local device information such as memory, apps installed, etc. It would be nice to be able to see the apps that are present there but might not be managed. For example, if they installed 7Zip, it could report that back via an installed program or feature to see what was currently installed. Generally, it works, and nobody complains about it.

I've been using this solution for a couple of years.

Sometimes, they can take a little while to come back in showing that they are compliant. Typically, they may show us as not compliant even when we are. Typically, we find that it takes a couple of hours or a couple of days at worst for the machines to show as being compliant for them to settle down, but generally, it does what it says on the tin. We can set the policy, and we can put a machine or put a device into a group. That policy gets defined or pushed out, and it works. We can then move on to the next job. From my perspective, it works well, and that's why I'm just looking forward to using more Azure technologies moving forward.

It's deployed across multiple locations, departments, teams, and endpoints.

I haven't had any experience with them.

At the moment, we're using VMware AirWatch, which isn't my first choice purely because it's a super segmented platform. We are predominantly, about 95%, Microsoft. It feels a bit of an oversight not having a solution on a Microsoft platform where we've got full transparency and can make live changes. Currently, we have to go through our outsourced IT to make the changes and then we have to wait to see those changes rather than me or a colleague being able to make those changes in a live environment, so it would be my personal preference to get that moved over, which we're looking at. 

I wasn't a party to why they used AirWatch. I presume it was bundled in with the Microsoft service partner's offering originally. The IT team here is quite new. I've only been in the post for about a month, and my IT manager has only been in the post for about two months. We're just making sure that everything is easy to use and easy to manage, and it's cost-efficient for the charity moving forward.

Essentially, the way it was set up, it wasn't set up as a hybrid model. At the moment, we have got on-premises, and we have a cloud, but they're not joined. There is no passthrough, which is interesting. A lot of the on-premise has been copied over to the cloud. We are now taking the cloud to default, and the overall plan is to mothball the servers and reuse those as very high-powered desktops wherever possible. I just predominantly use the cloud.

I was not involved in its deployment, but in terms of maintenance, typically, our MSP makes the changes, but I've got GA rights to make anything that is critical. Generally, there are about 20 people at the Microsoft solution partner, and there are four of us on the IT team. There are less than 30 people in total.

I'm not sure. Certainly, it has been at least three years since the software has been rolled out, but it's not particularly well maintained by the solution partner. So, it's hard to measure the ROI. It does have merit, but in our particular sector, it's just overkill. We just need to make small and light changes whilst having effective security. We don't need corporate class, biometric/conditional access level security. Whilst we have multiple offices, they're very small. They're all under 20 users, and there's a lot of work from home. So, as long as we've got encryption, a form of AV, an anti-spam, and good account security, it certainly staves off a lot of the threats.

Personally, I feel that we haven't had the ROI purely because we're paying about £13,000 for under 300 users a year, which is a little bit top-sized. My personal feeling is to make a business case to switch to Microsoft Defender. Obviously, we've got P1 in our business premium licensing, so we've got a very basic protection at the moment that we don't use. We've got a large number of credits, and we could use those credits to switch over for a year to a higher project and see where we go from there.

Generally, it's not too bad. Obviously, a cheaper price would be great. Typically, we are in touch with the partner to provide non-profit discounts wherever possible. Generally, we get favorable discounts, so it's not too bad. Obviously, we're looking at decreasing those wherever we can to bring value back to the public purse because it's all charity based. It's all publicly funded.

Create a test group and create test policies, and then just test, test, and test before anything is rolled. It's the usual IT gambit. Test everything, and then just test it again before you roll it out.

I worked for a couple of MSPs before. I've seen it in very remote areas. I'm very impressed with it. Whilst it seems almost fashionable to criticize Microsoft, Intune is pretty much a well-laid-out product. It does what it says it's going to do. There is a lot of dependence on Microsoft products being pushed to it, and that's probably my only criticism. It would be good if Intune was a bit more open-source, but that would lead to more complications. It's a bit of a complicated beast, but generally, I like it.

I'd rate Microsoft Intune a nine out of ten. I'm happy with it.

We are currently using Intune, and we are also deploying it for customers. We use Intune to manage our mobile devices. We manage our Android and iOS devices with it, and at the same time, we also use Intune to manage our macOS and Windows devices.

During the pandemic, there were devices that we couldn't control. For example, we wanted to manage BYOD and make sure that they are secured so that when they access our corporate resources, our data, computers, users, and mobile devices are protected. We use Intune to publish some of our company applications and at the same time push down our restriction policy and configuration profiles, such as VPN.

We are a vendor, and we deploy the Intune solution. We see that our clients have benefited from this solution. They're able to manage devices that were previously not managed. They are able to secure those devices. It also improves the productivity of the users. They can work from wherever they are and leverage their own devices to access company resources. So, productivity-wise, users are more productive when it comes to Intune.

Based on my experience, I find Intune very flexible for managing Windows devices. We can use scripting, and we can make use of the self-service portal or the company portal to publish some of the applications for Windows.

I'd suggest adding more features for macOS in Intune. There should be more functionality for managing macOS. There should be a better capability for pushing things down on macOS. Currently, Intune is not capable of managing macOS at the same level as Windows.

It has been four years since I've been using Intune.

I'd rate it an eight out of ten in terms of stability because it sometimes breaks. That's mainly because Windows OS keeps on changing because of upgrades and things like that, and there are some instances where it's not supported, or it has not been tested fully on a specific version of OS.

We haven't yet gone down to the scalability part. It meets the needs of our customers. What they have right now in the cloud is sufficient and satisfies the requirements. So, scalability is not a problem.

Some of the deployments are done across sites, so there are multiple sites.

I have interacted with their support. I'd rate them a ten out of ten.

Positive

We have previously used MobileIron and Jamf Pro.

The deployment model for Intune is cloud basically, but for other MDM solutions, it's on-prem because the government and healthcare sectors prefer to use the on-prem solution.

The deployment duration depends on the project timeline and the complexity of the deployment. A fresh Intune deployment is straightforward. We just need to do the configuration and create configuration profiles. For example, for Windows OS, we can enroll 1,000 devices in a month or something like that depending on the availability of the machine. Everything is configured in the backend, so they just need to power on the device, and everything works as expected, and everything is pushed down.

The number of people required depends on how many machines need to be deployed and users' availability. The model that we're having right now is that for a new device, it's straightaway delivered to the user. So, there is no involvement of IT because it's an autopilot deployment. When a user powers on a device, the configuration kicks in. The users just log in using their user accounts, and that's all. So, one IT person is enough to configure the backend.

We implement it in-house. It does require some maintenance, but that's taken care of by another party.

It's affordable. It's cheaper if you have an Office 365, E5, or E3 subscription because everything is there.

I evaluated VMware Workspace ONE, which is similar to Intune. They both can manage multiple OSs. 

While evaluating, I'd advise evaluating each and every feature of Intune and using multiple operating systems, such as Android, iOS, Windows, and macOS. You should see the capabilities of Intune and also check how to integrate Intune with other solutions. For example, for security, there is endpoint protection, etc. You need to check that because one of the requirements is to make sure that the computers and the mobile devices are secure, but Intune cannot secure your device itself. It's just an MDM solution. It only restricts some of the functionality. It cannot do more in terms of security. You need another solution to secure your devices, and you must check that your security solution can be integrated with Intune.

I'd rate Intune an eight out of ten.

Private Cloud

We use the solution for BYOD, MDM, and to access Microsoft applications like Teams. Microsoft Intune helps us access Microsoft applications on the road and mobile.

The solution’s most valuable feature is its ease of use.

I have been using Microsoft Intune for about three years.

Microsoft Intune is a very scalable solution. Around 4,000 users use the solution in our organization.

A third-party vendor helped us set up the solution in six months.

We have a large amount of our population using the applications on their phones. Microsoft Intune definitely helps with productivity and efficiency. The solution brings value to the money we pay for it.

Microsoft Intune has been incorporated into our Microsoft E5 licenses. The pricing is very good, as it is not an additional cost to what we already need for our organization as a whole.

Microsoft Intune brings all our endpoint and security management tools into one place for mobile. We work closely with security, which mostly implements the overall rules on what users should be able to do, how the new data is encrypted, and how secure data can't leave the Intune environment. It's easy to go into Intune and apply all of those policies and have them work for you.

I would assess Microsoft Intune very highly for securing hybrid work and protecting company data via BYOD devices. I think it's very secure. Everyone in IT has to be available during off hours to make sure that everyone can see what's going on if there's an emergency.

Since Microsoft Intune has been incorporated into our Microsoft E5 licenses, our organization has saved costs compared to using other EMM providers. Microsoft Intune is a comprehensive solution that has a lot of features and manages all your endpoints.

Overall, I rate the solution a nine out of ten.

Hybrid Cloud

We support other companies in managing their devices. Right now, we have multiple projects wherein we are only utilizing the Windows aspect of Intune, but for some of the other organizations, we are utilizing Android and iOS features. For most of the projects that I am working on, the use case is autopilot enrollment, and for iOS, it is through ABM.

One of the most common requests that we get is that most of the users are still on-prem. They need to be moved to the cloud, but they do not want to lose the data on-prem. The basic request that we get is to get co-management enabled for on-prem and the cloud for managing devices. The basic request from every organization I have worked with so far is to get a hybrid or the same management scenario. This is what we utilize Intune for.

All the device information is available in one place. We can see which profiles are being used and other things. If I want to get any information about a device, I just have to select it, and it shows me everything that I want about the device.

As an admin, we have different privileges to a user. In terms of user experience, it is quite easy. It is easy to understand. They have been making a lot of changes to the layout and the categorization. It is much easier and user-friendly. Overall, it has been a pleasant experience to use the portal. Everything is categorized in such a manner that it is easy to understand and navigate.

Advanced endpoint analytics are certainly used in almost all the projects that I have worked on because the security baseline is a very crucial part of configuring all those things in one single place. Apart from that, other profiles are also configured.

It is quite handy. For the general device configuration, we might have to create multiple profiles for different things. When it comes to the security baseline, multiple components are configured into a single policy. That makes configurations easier to handle and easier to change in the future if required. One thing about endpoint analysis that can be an issue is that there is an imprinting policy. Sometimes for some of the components, even if I change the policy, it would not make the change in the device. The policy gets tattooed on the device.

The Cloud PKI helps manage the complexity of certificate infrastructure. It makes work much simpler. The configuration that needs to be done is much simpler.

It makes application deployment and management easy on a device. It is easy to get them packaged and pushed out. Applications are available in the first sync itself. It is pretty easy to do that with Intune.

In terms of integration, so far, we have set up co-management features with SAPM, and it has been going well. The settings are pretty easily understandable. We can do them easily. The setup is smooth. In case of any issues, the logs and troubleshooting are very simplified. It gives pretty accurate information. The APM portal can also be very easily configured. The steps about what to do next are available in the Intune portal itself. It works well with other consoles.

I would assess Intune highly for securing hybrid work and protecting data on company and BYO devices. I would rate it a nine out of ten for this.

As an admin, Intune has made life much easier. Any information about a device is available in one console. We do not have to navigate to multiple portals to see what is going on. The console gives us the answer. Intune gives us information about the error and the possible reason for it to happen. We can see the device status and whether it is syncing. Everything is available in one single source. As an admin, it makes my life easier.

Intune has made the transition from on-prem to the cloud a smoother and simpler experience. We do not even have to make a complete transition. If we want to set up co-management where both of them are in the picture, Intune does a great job in helping out the admins to manage those devices.

In the recent upgrade, I feel the portal has become much more user-friendly. The navigation, the keys, and the settings are easy to find. It is easy to understand. As compared to the previous versions or SCCM, it is very handy. Apart from that, we have many configuration profiles. They have been introduced over the course of time. We had put in the request for them. Some aspects that were not available previously are available now. It keeps improving over time, which is beneficial.

Reporting needs to be better. Sometimes, it is way too slow, and it is not even accurate. Reporting is one aspect about which we have received a lot of complaints. As an admin, I cannot rely on its reporting.

Another feature that can be improved is audit logs. There should be more details in the audit logs.

We have been using it for almost four years.

I would rate it an eight out of ten for stability. I do not believe that any product is completely stable given the fact there is always something new that comes into the market, so it has to go through changes. You never know what those changes might be and whether a release is compatible with certain devices, etc.

We have more than 100 users. Our clients are large enterprises.

We have had a mixed experience. Sometimes we get an engineer who is extremely aware of what is going on and is very quick with the resolution. We get an answer quickly, and the ticket gets closed quickly. However, sometimes we get an engineer who prolongs the case to an unnecessary time frame. We might get an email in six to seven days. We need to keep chasing them about the update. Their support can be improved.

Neutral

I have worked with SCCM which is a Microsoft product. I have not worked on any other similar solution.

We have a combination of cloud and on-prem. We do have GPOs in the picture. We also have cloud users. We have Windows 365 devices. It is a combination of both so far.

Its deployment is pretty straightforward. They provide the details or info in the portal itself, so it is not very difficult. You do not have to go searching for the information.

The initial setup does not take time. Setting up an account for the organization rarely takes five minutes or so, but the time taken for doing the setup for the entire organization, which includes setting up policies and other things, would vary. It depends on the number of activities that need to be performed.

It does not require much maintenance from our side. Over time, they provide new releases that fix the issues that have been stated in our health control section.

Based on the features that it gives, it is cost-efficient. It is not necessarily on the expensive side of the scale. It provides a hefty number of features that any organization would want. It is in a good price range.

Intune does not necessarily bring all of the endpoint and security management tools into one place because there is a role of connectors in Intune that need to be enabled in order to get other accesses. Things like Defender, Compliance, and Purview need to be managed in the device in itself. I do not necessarily see it bringing everything into the same picture, but it does act like a mediator with those connector options.

With the projects in hand, we are mainly focusing on applications and Windows. I have not had an opportunity to explore it much when it comes to iOS and Linux. We are not using the Enterprise Application Management features of Intune Suite. We have done the configuration via Azure.

We are testing out Microsoft Copilot in Intune. We have not had many opportunities to use it.

To a colleague at another company who wants to know what I think about Microsoft Intune Suite, I would say to definitely go for it. I have seen multiple portals, and Intune goes way far. In terms of features and interface, Intune is much superior to any other console that I have seen so far. It is easy. It has many configurations. It is easily understandable. Everything is good about it, and it is growing with time. Within a span of a few months or weeks, you might see a new update, a new configuration profile, or a new system that could be managed. Some kind of new feature is always coming up.

I would recommend Intune to others. If anyone comes to me with any questions or concerns, the first thing I ask is how they are managing their devices. If they are using anything apart from Intune, my suggestion is to use Intune.

Overall, I would rate Intune a nine out of ten.

We use Intune to manage mobile devices and applications. I'm not solely using Intune for the agents installed on each machine. I use the Microsoft Endpoint Manager solution primarily for device configuration, device compliance, and mobile application management.

I have 80 different clients, and their environments vary. We have people that work in offices across multiple foreign countries and domestically. Most have a strictly cloud-based deployment, but a few have a private cloud that we host ourselves. Some have their own data centers. I've got a couple of clients with hybrid environments. None of them are entirely on-prem. Everybody is using a hybrid cloud or completely on the cloud.

Intune helps us from a compliance standpoint by making it easier for system admins to configure devices and ensure they conform to business policies. It gives us more visibility into where the devices are and their postures.

I try to use conditional access policies for every client I can. It's essential for a zero-trust security posture. Conditional access policies make it possible. This dramatically reduces the risk of unpatched devices connecting to our corporate network.

The conditional access policies, compliance, and updates affect employees positively. Once the value is explained to them, they don't complain much about MFA.

You can use Endpoint Manager to see whether or not a device is compliant and apply conditional access policies in Entra to only allow connections to your environment from compliant devices. That significantly reduces your risk from unpatched software because that device cannot connect to your machine or environment. Using those two features together definitely helps protect us.

It saves some time. Either way, you will have to manage an Active Directory environment, but Intune allows you to manage devices over the internet. You don't need to worry if the machines are connected to a VPN or on-site.

The most valuable feature is probably mobile device management. Small businesses are coming under greater scrutiny and requirements for compliance as time goes on. We don't have to worry about a VPN because we can manage these devices, control company data, and lock users out. If needed, we can remotely wipe devices and switch them. 

It's a big deal to be able to assure an insurance company or auditor that our endpoint devices are effectively managed. Intune is a solid solution if you use Microsoft and Microsoft 365 products.

Intune's third-party patch management could be better. It should be easier for an average system admin to keep non-Microsoft applications updated. 

I have used Intune for about six years now.

Intune is highly stable. 

Intune is highly scalable. Thus far, I haven't had to expand it to a thousand users, but the scalability appears to be readily available.

I rate Microsoft support a nine out of ten. I enjoy working with them, and I'm often surprised at how good they are. 

Positive

I've used Rocky MDM and Google MDM. Microsoft is the primary platform on which we do business. Intune works better with the Windows operating system, desktop applications, and SharePoint. It also reduces vendor complexity. I don't require multiple vendors, which reduces my costs because many features are baked into it. 

I log into fewer systems daily. Microsoft's virtual monopoly on productivity applications in your average small business makes them the right choice in most situations.

Deploying Intune is pretty straightforward. It doesn't matter whether you use autopilot or manual deployment. Each machine is enrolled in Intune automatically if it's connected to Azure AD with the correct user licensing. It's a relatively painless enrollment process.

Intune involves some maintenance, like any solution. You must ensure it's still working correctly and helping you achieve your business goals for compliance and configuration of your endpoints.

Meraki and Google are relatively common in small businesses. Many small businesses use Meraki for wireless and networking solutions, so that is one MDM option. Also, small businesses often start with Google and transfer to Microsoft 365 once they mature. Google is already in the environment. I don't sell anything as an IT guy, so I don't care what solution my clients use. I choose what's best for them in that particular instance.

I have tried Okta, but I haven't used it seriously as an MDM solution. I've only used Okta as an SSO provider. I didn't realize they did MDM solutions. I don't understand the point of Okta. If you have Azure AD and Entra, I can't fathom why you would bother with Okta. It seems redundant to me.

I rate Microsoft Intune a nine out of ten. Don't underestimate the solution, and spend time learning about it. Intune has some powerful capabilities. Often, small businesses acquire systems but never fully utilize them because nobody has the time to dive deeply into them. It's a big solution with a lot of features. 

Hybrid Cloud