Microsoft Intune Reviews

I have worked on multiple projects during these four years and encountered various scenarios with Intune. The major issue I found is Intune's vastness; it has numerous features within a single MDM portal. We can deploy unlimited features from the Intune portal to manage devices and protect the environment. Intune's capabilities are extensive, but there is room for improvement in certain areas, particularly reporting. Intune's reporting functionality is still under development, and we can anticipate further advancements in this area.

I previously worked as a solution engineer and am currently a call center agent in IT. I have worked on all sorts of Intune-related issues, including those related to mobile devices, Windows devices, enrollment processes, and policies. My expertise includes Autopilot, GP enrollment, the enrollment process for Windows, iOS, and mobile devices, as well as configuration profiles for multiple devices and platforms. I have also worked on scripts. As an escalation engineer, I have dealt with a wide variety of user issues.

The primary benefit of implementing Intune is the ability to manage devices, including controlling access, deploying applications, and enforcing restriction policies. As administrators, we gain control over which applications and websites users can access on their devices. Additionally, we can seamlessly deploy applications and configure network settings according to our organization's or client's specific requirements. Intune enables us to manage devices, deploy applications, and enforce policies, ensuring that devices within our environment adhere to our company's standards.

My deployment is primarily cloud-based, but I also have knowledge of hybrid environments. I have limited on-premises experience, having only observed local Active Directory servers. I can configure them theoretically, but I wouldn't consider myself a trained engineer in that area. With hybrid environments, I understand how to implement and integrate the hybrid components with Intune for a seamless and error-free deployment.

We can integrate endpoints directly into Intune, enabling us to access the options on the Intune portal. Intune is a seamless feature that collaborates with various services within the Azure ecosystem, essentially relying on Azure for its functionality. An essential collaboration exists between Azure AD and Intune. Similarly, Defender, another Microsoft service, must be integrated with Intune to remediate threats. In essence, Intune is a unique entity that requires communication with other Azure services. Configuration and connectivity are necessary to achieve this integration. Once integrated, we can access other endpoints directly from the Intune portal.

The user interface is straightforward, and the configuration profiles are easily accessible to the administrator. There are multiple ways to implement a single setting or policy on a device, including the deployment of several policies. A new feature allows for the creation of policy sets that can be deployed to different locations within an organization, streamlining management for administrators across multiple regions. This is a valuable feature that saves time and increases efficiency. Policy sets can be created, and locations can be assigned to them, ensuring that any enrolled device or user within that location receives the predefined policies. Group tags further enhance this process by automatically applying policy sets to devices or users added to specific group tags. Overall, Intune offers numerous features that enhance administrator productivity, including the ability to efficiently manage and track policy deployments.

The enterprise application management feature is excellent. If we've deployed applications using the application management services, we can provide updates directly, eliminating the need to repackage them. With application management, if an application is deployed in a region with multiple devices, those applications automatically update once an update is available. It's one of Intune's best features and was recently integrated. While I need to explore it further, I've previously used it to deploy applications in a region, and any auto-updates from the store were applied seamlessly. This is a significant benefit of Intune.

The PKI process in Intune is excellent, though it can be complex for administrators. Intune's reporting has improved since last year's changes, and removing one PKI component has simplified the troubleshooting log collection. Once correctly configured, this reliable feature allows direct certificate deployment to users and devices, eliminating the need for constant password and user ID entry. Users can seamlessly log in with their certificate across various applications, such as email or VPN profiles, enhancing convenience and security. Overall, Intune's PKI capabilities significantly benefit streamlined authentication and access management.

How we use Copilot depends on the specific needs of the enterprise. For clients with an existing on-premises environment, which typically includes multiple servers and domain controllers, there's often a gradual desire to migrate to the cloud. In these cases, we recommend Copilot, where we can implement an Intune environment and facilitate the gradual transition of devices from SCCM to Intune. These scenarios represent the primary use cases for deploying Copilot for device management, as it offers an optimal solution for managing devices during the on-premises to cloud transition. For remote users unable to access the physical office, device enrollment ensures cloud-based management. In contrast, restricted environments necessitate on-site presence. While VPN offers an interim solution, enabling remote device management through on-premises connectivity, it incurs additional costs. Ultimately, we advocate for cloud adoption as a cost-effective and simplified approach to device management, aligned with the ongoing evolution towards cloud-based solutions.

Intune has significantly improved our organization. Firstly, it allows users to work securely from anywhere, as the device is managed and policies, settings, and restrictions are deployed over the cloud, regardless of the location. Additionally, we can deploy various policies and regulations for security, simplifying device management. From an admin perspective, Intune streamlines device management by allowing us to simultaneously deploy policies to multiple devices. Enrollment is also effortless, as devices can be shipped directly from the vendor to the user and ready for use. This eliminates the previous admin tasks of deploying custom OS images and managing policies via SSCM, ultimately improving productivity.

Intune's ability to secure hybrid work and protect data on company and BYOD devices involves security restriction and conditional access policies. These settings provide significant device security. For instance, we have unconditional access policies and app protection policies. These policies allow us to secure data users might share with other devices or native applications. With conditional access, we can require devices to be managed by Intune before accessing corporate data, ensuring they receive necessary restriction and protection policies to prevent sharing corporate data with unauthorized applications. This significantly enhances corporate data security. While user agents offer data security benefits, Microsoft Defender and Office 365's data loss prevention policies strengthen our overall protection.

Intune has helped save 90 percent of our costs.

The security provided by Intune is excellent. The security policies deployed through Intune significantly enhance device security, encompassing data protection, device restrictions, Wi-Fi settings, and proxy configurations. Additionally, Intune can deploy antivirus software if we have the appropriate licenses, further bolstering security. Overall, I'd estimate that Intune provides roughly 80 percent reliability in terms of security.

Intune's ability to integrate with Microsoft 365 and Microsoft Security for both cloud and co-managed devices is crucial because, in isolation, Intune is limited. To make its features work reliably and meet specific requirements, integration with Office 365, Defender, and local AD is necessary. This integration enhances security on devices and enables advanced features like data loss prevention through Office 365. While Intune offers security policies, integration with Office 365 unlocks their full potential for comprehensive device protection.

What I like most about Intune is its seamless enrollment process, particularly the Autopilot method. Autopilot allows bulk enrollment of devices, making it easy for end users, even those without technical expertise, to use their devices immediately. While there might be occasional error messages during configuration, when done correctly by the administrator, Autopilot is the best feature currently available.

Intune is excellent. It is constantly evolving, from the legacy portal to the current endpoint management; we are seeing a gradual number of changes, and many features have been implemented and added to the Intune portal. The interface is great and user-friendly. Even someone without much MDM experience but needing access to the Intune portal would be able to understand that these are Windows devices and these are the policies they can deploy. The portal's overall UI is user-friendly. Furthermore, the categorization of devices and policies on the portal is excellent. We can categorize devices, look for conditional access, and check for configuration compliance in a specific location. The categorization is the best way currently available.

The worst aspect is the reporting. We are still in the development phase of reporting, and it is not always accurate. Sometimes, we don't receive the correct report, devices aren't listed as they should be in the Intune portal, or deployed applications and user policies aren't reported by Intune even though they are present on a device. There is room for improvement in Intune's reporting capabilities.

If my organization has sensitive data we don't want to leak, deploying the policies can present technical challenges and potential loopholes. While 90 percent of end-users are not technical enough to find these loopholes, a user trained on Intune who understands the background processes and policy weaknesses could pose a security risk to the organization.

App protection policy and compliance state. Recently, I encountered a user scenario similar to one I've experienced as an administrator. If my device is enrolled in Intune but not through a corporate method, some loopholes allow administrative control of the device itself. We can un-enroll the device and remove the management profile, yet the Intune portal will still show the device as compliant because it captured the last compliance state. As long as the device reports to Intune, its compliance status in the portal remains unchanged, regardless of its actual state. Only when the device stops checking in with Intune will the last compliant state be displayed, with no indication of non-compliance. The device's Intune compliance state will show the last check-in time. We can leverage the newly integrated data loss prevention feature in Intune to improve the app protection policy, which is currently inconsistently effective. With the appropriate licensing, deploying data loss prevention policies can enhance our protection strategy.

I need to delve into reporting and analytics. The policies, restriction policies, enrollment limitations, and everything else are great. However, one current limitation is that we can't roll back security baseline policies deployed from the Intune portal to a device. Those changes are permanent if a security policy changes the device's registry. If an administrator mistakenly deploys settings from a baseline policy instead of a restriction policy, the only recourse is to reimage the device. In my opinion, baseline settings shouldn't be permanent. However, as developers of the Intune portal, there must be some significance to these clients.

I have been using Microsoft Intune for four years.

I would rate the stability of Microsoft Intune seven out of ten.

I would rate the scalability of Microsoft Intune eight out of ten.

I was the Microsoft Intune Closure Engineer, working in a global support group. My role involved providing solutions for Microsoft, addressing tickets created by users or administrators worldwide. I would rate the overall Microsoft support an average of eight out of ten. The support process begins with a ticket being assigned to a junior engineer with basic understanding, which I'd rate a six. If the user's issue remains unresolved, it escalates to a level two engineer, improving the rating to an eight. In rare cases, unresolved issues are escalated to a senior engineer which would drive the rating up to nine out of ten.

Positive

Before Intune was introduced, we had to use Office 365 for MDM, which had limited options. Then came the legacy Intune portal, followed by the endpoint management folder, the most recent portal we've used. I've also used Jamf and AirWatch a bit, but I'm not as proficient with them as with Intune.

The initial deployment of Intune was complex, with deployment time dependent on the specific environment. For organizations with multiple sites, Intune deployment is particularly challenging and can take four to five months. The migration itself is not a simple task and can be time-consuming. Based on past experience, assessing existing security policies and applications from the on-premises environment is crucial before identifying what can be achieved with Intune, given its limitations compared to SCCM. While Intune can replicate some functionalities achieved through group policies, the migration process can still take a considerable amount of time, ranging from seven to eight months to even one and a half years, depending on the environment's complexity.

Microsoft licenses are costly. Organizations should determine the best license to get the maximum features based on their requirements. Intune comes with multiple licenses, including E3, E5, standalone Intune, and a few more. Microsoft 365 is also an option. There are almost seven license lists where Microsoft Intune is present, except for the standalone license. It's definitely costly. Microsoft could look further into providing some cost-cutting measures for the licenses.

I would rate Microsoft Intune eight out of ten.

Intune includes various features and categories, allowing management of operating systems like Linux, Windows, iOS, macOS, and Android. Its user interface, departmental organization, and enrollment process are all straightforward. However, based on my six years of experience with Microsoft products, including four years specifically with Intune, its reliability is around 80 percent. Occasionally, it doesn't report correctly, or devices fail to receive deployed configurations. In comparison, AirWatch seems more reliable. Despite this, considering my overall experience with Microsoft, it still offers one of the best management solutions. Intune's predecessor, SCCM, which manages devices on-premises, is more reliable because Intune is still developing.

I'm working on two accounts. Under one account, I have a growing number of devices. So far, there are approximately 300,000 Windows devices, 100,000 Android devices, and 250,000 iOS devices in one environment. The number of users is similar. In another environment, which I've been using, there are a large number of devices. It's taking time to load, but I would say there are approximately 400,000 to 500,000 Windows devices in this environment.

Intune is continually evolving. If a feature is currently unavailable or needs improvement, we typically provide feedback to the Intune development team, and they implement or enhance that feature in a future release. In new releases, developers add features, and if there's a need to further develop or enhance those features, we see those improvements in subsequent releases. Maintenance on the Intune portal is necessary to facilitate these dynamic changes. Additionally, the Intune environment itself requires maintenance. This includes managing user accounts and enrolled devices, as well as adjusting restriction and security policies as needed.

I recommend Intune because it offers multiple features within a single environment. Once deployed, you can manage iOS and other platforms from one location. However, there's a caveat: if you have a highly restricted or complex environment where security is paramount, such as in banking, federal agencies, or similar organizations, you might reconsider using Intune due to potential reliability concerns.

We primarily use Microsoft Intune for managing laptops, cell phones, and mobile devices. We aim to have control over corporate data when it is on personal or company-owned devices. This control is crucial for ensuring data protection, especially when a device is lost or goes missing.

Microsoft Intune helps us avoid issuing everyone company-owned devices. We provide a stipend, allowing users to bring their own devices. This approach gives us leverage against other MSPs. It also enhances collaboration because clients already covered by specific licensing can optimize their usage of Microsoft Intune.

Intune's integration with Microsoft 365 is exceptional. It allows a cohesive management experience for users, especially for a small MSP like ours. The automated deployment and configuration using Autopilot and the ability to secure data on lost devices are particularly helpful features.

The solution's user experience is so simple I can give a two-page PDF on how to enroll a cell phone or device, and they can follow it. Automatic enrollments help us migrate large numbers of users.  We take it slowly with them, but they are surprised at how easy it is to enroll a device.

We're still preparing to turn on Copilot in our environment for testing, but we need to sort our security more. We're doing a demo of Copilot, and we're checking out the features. We use another tool to pull the device data, but having everything in a single pane of glass makes more sense. We have to pull this information from four windows now, so having everything in one place is simpler.  

Training will be much easier for us than training someone on 20 different. Giving someone a few videos and having them start going through it will be more straightforward. I'm excited to see the growth of Copilot with Intune.

I would like Intune to natively support easier report generation. This improvement would enable less experienced staff to run reports more efficiently without relying on additional tools or functions.

We have been using Microsoft Intune for at least six years.

Microsoft Intune is reliable. Devices do not frequently go offline, and any connectivity issues usually stem from the user's side, such as a device being turned off.

Microsoft Intune allows us to scale device management efficiently. The system is easy for both technical and non-technical users to navigate, supporting a wide range of devices without complications.

I rate Microsoft customer service six out of 10. While some technicians go above and beyond, there is inconsistency, and connecting with the most helpful representatives is occasionally challenging.

Neutral

We initially used AirWatch for mobile device management before Intune matured. Eventually, Intune’s integration with Microsoft 365 became advantageous, allowing us to consolidate systems and migrate clients using alternative solutions back to Intune.

The setup, especially for mobile devices, has become entirely automated. Devices sync with accounts like Apple Business Manager or Samsung Knox, eliminating the need for hands-on configuration. From there, you can deploy everything by device or user login. 

Before, we used to bring them into our office. We would configure it and ship it out. We now pushed that back to the client and someone in charge of cell phone policy. Once they're powered on and signed in, everything else is taken care of.

We consulted Pax8, our partner, during the implementation for insights on licensing and Intune integration. Their support, coupled with information from Microsoft Ignite, helped address hybrid enrollment challenges.

We've seen a positive return on investment. The ease of use, along with automated features, proved beneficial when handling lost devices. A client successfully restored their wiped iPad and laptop, showcasing the system's efficiency.

Our company uses a flat rate model called stress-free IT. This model aligns with the necessary licensing, making it easy to cover features like Intune and conditional access, which are integral to our service offering.

We evaluated AirWatch (VMware AirWatch) and other mobile device management solutions before consolidating our clients under Intune due to its superior integration with Microsoft 365.

I rate Microsoft Intune nine out of 10. 

We use Microsoft Intune as an MDM solution for all of our Windows laptops and some of our company mobile phones. This serves as an endpoint solution we use so we can control the users' laptops or phones and have access to things on their devices.

Without Microsoft Intune, there would be a lot of cybersecurity attacks happening. We need to use Microsoft Intune so we know which devices can access all of our company resources. If they don't have Microsoft Intune, we automatically deny them from accessing company-sensitive information, so it serves as a layer to protect all of our assets.

I appreciate how easy it is to deploy certificates to end users to get control over their device with Microsoft Intune; that's what Microsoft Intune is known for, and that's what we use them for.

The user experience of Microsoft Intune is pretty easy. Initially, the user has to download a certificate, so when we first give them a certificate to download, they download it on their side, and once they verify themselves, we have access to their phone or laptop, which works pretty effectively.

We are using Microsoft Copilot with Microsoft Intune. Microsoft Copilot helps us with the deployment of Microsoft Intune. Previously, things were more difficult to manage, especially when certificates expire, as they need to be pushed out every year. Sometimes we forgot that, and then people's laptops stop working, so Microsoft Copilot helps us stay on track.

Microsoft Copilot is equally as important as Intune. The go hand in hand as it works in conjunction with Microsoft Intune to affect the deployment process.

Microsoft Intune can be improved by making it even more seamless for users to download their certificates. Currently, we have to push it out to their laptop and they have to do some work on their end, but if we could integrate it so it's seamlessly done and the end user doesn't even know that Microsoft Intune is on their laptop and it's just naturally there, that would be even better. This is especially true for Apple devices, such as Apple phones, where you have to push it out and the user has to accept or deny whether Microsoft Intune can have access to these applications. If it were easier for us to do it automatically without getting permission, that would be beneficial, but in today's environment, we have to get permission to access data.

To make it a perfect ten, it would be helpful if there was a better way to troubleshoot user issues, as I've had a few users with corrupt files before and had to redeploy it without knowing the root cause.

We have been using Microsoft Intune for eight years.

I would rate Microsoft Intune a nine out of ten for stability and reliability. We've never really had any issues with it in the past, and if we have, it's maybe one or two random people where their certificate is corrupt or something's wrong, so we just need to go back and redeploy it, which is not really a significant issue.

Microsoft Intune scales very effectively with our growing needs. The only requirement is more licenses, so once we get more licenses, we're able to deploy them more quickly.

I haven't needed to contact customer service or technical support, which is a good sign. Since I haven't had to use them, I have no experience with their quality of service.

Positive

We did not use a different solution. We started with Intune.

My experience with the deployment of Microsoft Intune was good. Initially, I didn't know much about it, so I had to review all the documentation, complete training, and watch videos to get familiar. Once I got a grasp of things, I tested it on my phone and laptop, and when it worked, I felt comfortable deploying it to more people. I eventually deployed it to about 7,000 machines as it scaled up.

The biggest return on investment for using Microsoft Intune comes down to protecting security. We are protecting all of our assets and using it as an endpoint MDM solution, which fulfills our needs.

Microsoft Intune costs about $7 per user per month, which is somewhat on the pricier end. That said, it's a reliable product, so it's fair. If it were less expensive, we would be able to roll it out to more people, so it's definitely something we're considering.

We use Microsoft Intune for Windows products and Jamf for Apple Mac products. I'm not sure if Microsoft Intune works for Macs. If they do, that's something we'd be interested in exploring.

I prefer Microsoft Intune because Jamf is not the most reliable solution based on my personal experience.

We do not use Microsoft Intune Suite's cloud PKI.

We also do not use the Enterprise Application Management features of Microsoft Intune Suite.

I haven't examined the Advanced Endpoint Analytics in the Microsoft Intune Suite yet. That said, we do have it; I just haven't had the opportunity to review it.

I rate Microsoft Intune a nine out of ten.

The primary use case is endpoint management.

The organization I'm with now is pushing towards cloud management. They want to move away from on-prem and hybrid to pure cloud.

We use some security management through Intune, but we have another product for that.

We were using a different product to manage machines. I had a lot of different organizations I was managing. I started seeing the benefits of machine level or the cloud management through Intune as we started pushing it to clients that were using the proper licensing, like 365 Premium. The management aspects of that were fantastic compared to what they had or didn't have at that point. So it was a pretty immediate benefit in using Intune.

The biggest asset is the range of device management options available with Intune, whether it is a Windows device, a Linux device, a Mac device, or mobile devices. There are numerous options available. Within Windows devices, the depth of management is very nice.

I grab the logs through the events in Intune. We do some of the security through there, but we're evaluating whether to migrate wholly into the Microsoft ecosystem for security or keep it separate.

We do manage some applications through Intune. I think they make that very simplistic and easy to maintain.

I only have under 400 endpoints that I'm managing right now with this organization. The reporting aspect of it has been very nice because I've been able to keep an eye on devices that may or may not be functioning properly. I need to explore some of that automation deeper.

We use Cloud PKI extensively for deploying certificates.

There are a lot of great functions that have been implemented, especially conditional access and zero trust. Intune really does nail that quite well.

We're more productive with Intune. The management of devices makes it a lot easier, and it's faster to deploy devices with Autopilot.

Intune helped us to consolidate vendors, which is helping reduce attack surface.

The reporting dashboard is really limited. You have to use something like Power BI and Graph to get better reporting. I wish they would implement new dashboards and widgets for the dashboard in Intune. The report updating period is very slow, taking upwards of over an hour to confirm if a policy is deployed after check-in.

The user experience is good. There are a few things that I wish could be tweaked. Whereas with other management systems like Jamf and JumpCloud, you can set the check-in interval times so you can push policy faster. We don't have that option with Intune, so I think that's the biggest failing so far. It can take a while for policies to push out to users.

I have been using Intune for about three years now.

Very rarely have I seen it crash, maybe twice. However, if Intune is not available, the 365 environment might not be available, causing a major ordeal.

Customer service used to be better. In the last couple of years, support has not been very good, even with Premier and Premium support. It's been very hit-or-miss. However, when you get a knowledgeable support engineer, they are very good and helpful.

Neutral

I've used Jamf, JumpCloud, Mosyle 360, and Automate. I switched when I started to see the benefits of machine-level or cloud management through Intune.

Intune from zero has a learning curve, however, it's not overly difficult. It's important to have a basic understanding of what you're doing.

I've set up environments by myself. It's better to have a small team to verify policies and come up with solutions.

I know what's included in 365 Premium offering, and it's a good deal. On an enterprise level, they break out features I'd really want, which complicates access. It is a good value, especially for smaller organizations.

I've used Jamf, JumpCloud, Mosyle 360, and Automate in the past.

Make sure you have a test environment or test devices. Don't push a policy out to all devices unless you absolutely understand what it's going to do.

My advice to someone considering Intune is that if they're already using 365 products, then this is a great system to lean on and to deploy to your organization. If you're in another organization's ecosystem, like Google or Amazon, then I may not necessarily think it would be the best option.

We are using various security solutions and implementing a Zero Trust framework for our organization. Intune is part of this framework.

We are transforming our flat network by adopting different cloud solutions, and our own applications are hosted in the cloud. Intune ensures our security throughout our entire cloud-based system, improving our security posture.

Intune is valuable for managing various endpoints and integrating with the Azure cloud, which is essential for our organization. The user experience is good because we only use Microsoft solutions, which are user-friendly.

We have Intune's enterprise application management in our pipeline, and our infrastructure and hybrid cloud team are working together to deploy applications using Intune. It has security analytics, and more exciting features are on the way. 

Cloud PKI helps us manage the complexity of certificate infrastructure. Previously, we hosted all the VMs in our own data center, but now we're on the cloud, helping our user base and VMs grow. 

Copilot helps our engineers work better by making suggestions and offering resolution metrics. We can understand and push those patches or fixes from that side.

Intune could be improved by organizing different solutions, like Defender and Sentinel, into a single package. This would allow us to focus on security while Microsoft manages other areas. Having a unified solution would drive better management of various sectors. Although the Intune user experience is good, we should continue enhancing it.

I have used Intune for one and a half years.

Since we started last year, it's relatively new, and I would need more time to fully assess it. However, I have positive thoughts about Microsoft Intune's stability and anticipate it will be beneficial for us.

Intune is scalable, and Microsoft is always focused on scalability, especially for business conglomerates like ours. Scalability has been ensured, and it's working correctly.

I rate Microsoft support seven out of 10. Technical support can be challenging when resources shift, requiring repeated explanations. Support from India sometimes provides information without the right solution. Given our premium support, expert-level service from Microsoft could be enhanced. 

Neutral

Before Microsoft Intune, we used regular security solutions. We chose Microsoft Zero Trust for full security.

The initial setup was aided by our partner, who guided us well. Although there was much to learn initially, current processes have simplified the experience.

We worked with a local reseller, Elevate Solutions, who is implementing the Zero Trust framework for us. They have been committed and focused on implementing the right solutions, which has been helpful.

Earlier incidents caused data loss and required reentry. Microsoft Intune has improved our processes.

We have a limited budget for security investments, so Microsoft should consider reducing pricing in our region. This would make investment more viable, especially since larger businesses in other countries can afford it easily.

We evaluated Google Cloud Platform (GCP) before choosing Microsoft Intune, but since our team is experienced with Microsoft, and Microsoft's clear vision for the future aligns with ours, we chose Microsoft Intune.

I rate Microsoft Intune eight out of 10. 

We are a Dutch MSP delivering modern workplace solutions for all of our clients. We create tailor-made workspace environments for them.

It helps us to transform IT environments of our customers from on-premises to the cloud, focusing on both Azure and the modern workplace.

Windows Autopatch is the most valuable because it removes the burden of patch management. Intune's user experience is pretty smooth. The endpoint analytics works well if you know how to use it as a guess. Microsoft includes a little more added value by default. It's a great source of information. 

Intune should improve its software inventory to provide better metering of which software is used throughout the company. This is especially needed for reporting third-party software solutions.

I have been using Intune since 2017 or 2018.

Intune's stability is good and has improved a lot over the last year.

Scalability works well. It supports organizations with 200 endpoints and those with more than 15,000 endpoints.

I rate Microsoft support eight out of 10. Customer service is pretty good, partly because we have a contract with Microsoft. Transparency is good.

Positive

We used Active Directory group policies and ConfigMgr in the traditional way. However, most of our clients are already on Microsoft 365 Business Premium or the enterprise E3 or E5 stack, so it doesn't make much sense to use solutions from different vendors.

We are a reseller.

One of our clients migrated the model workplace based on Intune, achieving a 78 percent cost reduction, which is quite a lot. Even with the projects around it, they still gain cost benefits in the first year.

It's cost-effective because Intune is included in the E3 and E5 licenses. It's smart because it helps Microsoft sell the license.

I rate Microsoft Intune eight out of 10. There's always room for development.

Microsoft Intune is a comprehensive solution for mobile application management and mobile device management, securing various endpoints like Windows, Android, and Apple devices. It excels in managing BYOD scenarios, employing work profiles to segregate personal and company data, and ensuring device configuration and compliance with company policies.

Intune provides a centralized management solution, although its suitability depends on specific needs and comparisons with alternatives like Jamf, Kandji, or ManageEngine. Overall, Intune is a sufficient solution for general use cases requiring essential device management and data security.

The Intune Analytics section is quite useful, especially for Windows upgrades on remote devices. We frequently utilize it to assess compliance and gather analytics on upgradable devices, including TPM and Secure Boot support, and memory capacity. This allows us to identify devices that meet the requirements for Windows 11 and proceed with deployment accordingly. It's particularly valuable for managing Windows 10 to Windows 11 upgrade scenarios.

Copilot for Microsoft 365 is a valuable tool that I use daily for creating proposals, summarizing Teams meetings, and generating content in Word and PowerPoint. It's even helpful in Outlook on occasion. Additionally, both Bing Enterprise and the standard Copilot in Edge are particularly useful when integrated with Customer Data Protection. This integration allows Copilot to securely access company data, including emails, presentations, and documents, to provide relevant recommendations and answers to queries.

Intune secures Bring Your Own Devices through network access management and work profiles, separating personal and company data. Additionally, it utilizes Defender for Endpoint for device security and facilitates deployment. Features like cloud app security, Microsoft Purview, and data loss prevention further enhance security and compliance, depending on the Microsoft 365 package, protecting both devices and data.

Privilege Access Management sits mostly on Entra ID and is deployed through Intune.

The primary challenge lies in managing employee devices, particularly differentiating between personal and corporate devices. Personal devices often face pushback against deploying security measures, while corporate-owned devices can be managed more securely and effectively. For instance, if a corporate device is lost or stolen, Intune enables remote wiping to protect company data.

Intune has helped in integrating Windows Update for Business to ensure machines are compliant. It provides functionality for workflow management on devices and separating company data from personal data. It is also used for deploying security and compliance capabilities depending on the Office 365 package used.

I find Microsoft Intune valuable primarily for its Windows management capabilities, along with its Android Enterprise and Apple device management for mobile devices. The mobile application management features enable BYOD support and work profiles on personal phones, enhancing security and control. Additionally, Intune excels in configuration and compliance management for Windows 10, ensuring devices receive timely updates and adhere to organizational standards.

While Intune effectively handles basic functionalities such as device management, data separation, and updates, it may present challenges with update times and limited advanced features.

Intune is not the most user-friendly mobile device management platform available. Compared to Jamf, AirWatch, or VMware Workspace ONE, it is not as intuitive or easy to navigate. 

The primary challenge with Intune's enterprise application management feature is its focus on the Microsoft application stack. This limitation makes managing third-party applications difficult, as there is no centralized store or streamlined process for batch operations. Intune lacks the robust support for third-party applications.

Microsoft frequently changes its offerings, so features previously included in Intune might now require Intune Suite. For example, managing device certificates, once an Intune feature, now requires this separate package. Essentially, Microsoft releases new features but places them in Intune Suite, requiring an additional purchase for functionality we might expect in the standard Intune license. This ever-evolving strategy means staying current with Intune can become costly.

I have been using Microsoft Intune for almost five years.

Microsoft's product support can be inadequate, with slow response times and unsatisfactory resolutions impacting the overall user experience. This contrasts with Jamf's support, which is generally perceived as superior due to its responsiveness and effectiveness.

Neutral

Microsoft Intune's costliness stems from licensing fees and the overhead associated with its management, user experience, and device remediation. While its licensing costs are high, the platform's limitations in manageability and user experience customization further contribute to the overall expense. Unlike Jamf, which offers greater flexibility and remedial capabilities, Intune's intrusive, yes or no approach limits user customization and potentially increases support needs. Therefore, determining Intune's true cost of ownership is subjective and depends on how these factors are measured.

I have evaluated Jamf, Kandji, ManageEngine, and VMWare Workspace ONE.

I would rate Microsoft Intune a six out of ten. Its management is not user-friendly, and device additions can take up to 24 hours to synchronize, unlike Jamf, which updates within 15 minutes. This delay is problematic for immediate remediation actions, such as removing harmful content or addressing device exposure, where a 24-hour wait is unacceptable.

It is advisable to prepare for the complexities of Intune and consider Jamf for better support and manageability if working alone. If you plan to use Microsoft Intune, be prepared for manageability and potential delays in changes and support responses.

We use Intune to connect university staff and faculty to secure resources on their computers quickly.  

Intune is a force multiplier coming directly from Active Directory. We had to engineer over some limitations of Active Directory, and Intune resolves that by addressing known trouble areas. It allows us to do things quicker and more efficiently. 

We like Intune's Autopilot functionality, which enables one-touch deployment. Dynamic grouping is another feature we find valuable working in academia. We have people in buckets based on their roles in the university, such as faculty, staff, alum, or grad. Sometimes, they will fit into multiple places, and dynamic grouping helps with that. So far, using Intune has been easy and intuitive. Once everything is set up, our user base finds it much easier and more modern.

We've recently purchased Copilot licenses for Intune, but we've only had it for a week or two. It's a new deal for Syracuse, but it has been good so far. It moves quickly. You can see that it's constantly learning, and I love that. Today is the dumbest it will ever be. It's going to continue getting better and better. Even when we're wowed, we understand that more "wow" will come. 

It has some growing pains, but they are no different from anything new. We're implementing Intune on an individualized data set. So there's no way Copilot can know everything about every data set it's going to get, but it does grow pretty quickly, which is phenomenal. 

It would be awesome if Microsoft opened their API so we could filter more properties. If we have to do anything outside of Intune that requires a third-party solution to talk back to it, we're very limited in what we can do. Trust your people. We promise not to break your stuff. Open it up just a tiny bit wider.

We started using Microsoft Intune about a year and a half ago. We transitioned our fleet from Active Directory to Azure Active Directory. Then, we took that hybrid and shifted it into Intune for our MDM solution.

Intune is solidly reliable. Microsoft has some peaks and valleys that you need to get used to. Stability is essential when transitioning from on-prem to the cloud, where Microsoft manages your infrastructure. There have been a few drops in performance, but that's more growing pains from our rapid expression than an indicator of major problems.

Scalability is fantastic. 

I am a technician, so when I'm reaching out about problems I cannot solve myself, they tend not to be tier-one or tier-two problems. When I contacted Microsoft, they had the same expertise, if not more, which is phenomenal because I felt heard and my problem was solved. That is delightful because I have contacted support for other solutions. After trying several troubleshooting steps, I contacted them, and they asked me to restart something. I have gone beyond that point and tried to tell you where I am. 

Positive

We previously used Active Directory and spec ops for software deployment, with Active Directory handling computer and user management. Intune was a natural progression for MDM. For Mac users, we still use Jamf but plan to transition them to Intune as support for Apple products grows.

It is absolutely a positive investment. Everything we've gained from it makes my job easier day after day, and I see value in it as an engineer.

I am not involved in those discussions. We worked hard to acquire E5 licensing, and Microsoft collaborated well with the university to ensure everyone got what they needed.