Microsoft Intune Reviews

We use Microsoft Intune to manage our computers and users and enforce organizational policies on the computers. We wanted to remove our in-house service and move device management from on-premise to the tool. This helped us manage devices for staff who don't come to the office across locations. Before, when we had policy changes, they weren't always applied or enforced for remote staff in time. We needed a better solution, and Microsoft Intune worked well for our needs.

What I like most about the tool is that it's now very easy to set up a device for someone to use. It also helps us tremendously in managing security.

Before, we used on-premise management with a domain controller. It was difficult to manage security comprehensively. For example, it was hard to know which computers were updated. We weren't able to do that easily with our previous solution.

Having all our endpoint and security management tools in one place with the product has made things very easy and efficient for us. Before, it was sometimes difficult to know what problems a device had. But now, we can see any issues or vulnerabilities on a device. We can also easily apply any needed updates.

I find the tool's user experience very good for the admin side. It's easy to use—you only need a browser and can work from anywhere. This makes it very convenient for us admins to provide support from any location.

It's now much easier for end users to provision a device. Wherever the person is, we can get them to sign in to their account for the first time. This is a big improvement because previously, the person would have had to be physically in the office to use the organization's domain for the first time. Now, it's become much simpler for them to get set up.

The main benefit of using Microsoft Intune is that we can now provide support from anywhere. One major problem we had before was when we needed to give someone an admin password. Now, we can give the password to the person and then change it immediately. This has been very helpful, especially since we have many people working remotely. 

We have situations where people have to use their devices to access organizational resources. One of our issues was when someone had to use a personal device to access organizational resources. How are we sure that the right person is using it? How can we control the resource? Now, if you want to use your device, we don't have any issues. We enroll it, and if we need to wipe our resources, we can do it. So it helps us in that area.

The solution's impact on productivity has been tremendous because now we can manage everything. Before, with the old solution, sometimes our server would give us problems. Now, Microsoft handles all that, so we don't have to spend time fixing server issues. This allows us to focus on specific issues for individual users.

Maintaining servers, backups, and related costs was a huge cost for a small organization. Now, with Microsoft Intune, you scale as needed. We don't need to spend too much on servers and their associated costs, which has been very good for us.

Applying security recommendations can be difficult in Microsoft Intune. Sometimes, they give you recommendations, but you need a different server to manage the pieces, or you have to go to each device individually. However, it has been improving. Before, there were certain policies you could not implement directly in Intune, but now I see progress. I would like to see more improvement in policy management, similar to how we used group policies on-premises.

I have been using the product for five to seven years. 

I rate the solution's stability an eight out of ten. 

The solution is used in two regions. In Ghana, we have about 100 users; in the second location, we have another 70. It is scalable. 

The solution's support is not straightforward. They do not provide the solutions that we expect them to provide. 

Neutral

Before using Microsoft Intune, we used Google for Business. We switched because Microsoft provided us with almost everything in one place, making it easier to manage everything centrally. Using Microsoft alone was more efficient than bringing in Microsoft at some points while using Google.

The tool's deployment is straightforward. We conducted a two-month pilot and then completed the device migration in two weeks with the help of three resources. 

One person came with the license, and two resources were in-house. 

The solution helps to save costs by 20 percent. Implementing Microsoft Intune has made us use less IT software for security. Before, we had to rely on expensive third-party security solutions that didn't consider our size. With the product, we can manage everything at a fraction of the cost, focusing on user licenses. We've seen a return on investment with it, especially during the COVID period, as we could get everything done without issues. Overall, Intune has saved us about 50% in time and resources.

The solution is cost-efficient. 

We're not using Microsoft Intune Suite's enterprise application management feature. We're using the business line version, which doesn't have all the features of the enterprise version. However, it provides us with updates on vulnerabilities and recommendations on the security side. 

For anyone considering the product, I would tell them to consider it if they want to have peace of mind and be able to give their best. Microsoft Copilot is on our roadmap for next year. 

Microsoft 365 and Microsoft security must be integrated for cloud and co-managed devices. This integration makes it easy to apply solutions from one point and have them work across the system. If we were using different systems, we would need to grant permission for them to communicate, which could cause issues. It helps to spend less time getting the work done. As for maintenance, I haven't noticed anything required on my part.

I would recommend Intune, especially if you're not a large enterprise that can afford various tools from various vendors. Microsoft products make it very easy to run your business and have control and visibility. Sometimes, you don't know what's happening in your environment, and Microsoft Intune helps you understand what is happening. Overall, I would rate it a seven out of ten.

We use the solution for endpoint management for about 15,000 devices. It helps us ensure compliance and security for our devices according to standards. We also use it for application management, security and compliance, and centralized management from a single point. So, it covers endpoint management, app management, and compliance management and provides centralized control.

We were trying to solve many issues, mainly the lack of centralized management. Before Microsoft Intune, we had to manually support devices one by one, installing applications and configuring policies individually. When we implemented the tool, it became much easier to manage our devices. We enroll them in Microsoft Intune and can manage all devices with a few clicks. For application management, it's the same process. If we want to deploy applications to hundreds or thousands of devices, we can do it easily with just a few clicks. This also applies to policies. 

I have been using Microsoft Intune and another solution for endpoint management. What I like the most about IT is that it's a cloud-based solution. We don't need any on-premises infrastructure to manage it. It's easy to access the portal from anywhere securely. This setup reduces our workload because Microsoft handles everything related to the infrastructure, including notifications about any downtime. This way, we can inform our customers in advance.

We are currently using different solutions, but all from Microsoft. We use Microsoft Defender for Endpoint Security. it also includes Microsoft Defender. In the future, we might use these tools for security purposes.

The solution's user experience is very good. Compared with on-premises solutions, it deploys applications and policies faster, resolving user queries in less time. Configuring anything is easier; users only need to follow a few basic steps, such as installing the company portal app and logging in with their ID and password, to integrate their device. Unlike on-premises solutions, which can be confusing, the solution allows us to manage various devices, including Linux, mobile devices, and Windows. 

It functions similarly to on-premises but offers additional features. For example, we can maintain applications downloaded from the Microsoft Store and onboard them as a solution for user-based deployment. This reduces the need to create manual packages, as most applications are available on the Microsoft resource.

The solution needs to improve reporting. Sometimes, it shows double or triple entries of the same thing, which affects the count's accuracy. Also, some applications onboarded in Microsoft Intune do not get updated. When we look for solutions online, there is often no clear answer.

Microsoft Intune has no automatic cleanup option for devices that haven't been used for over 90 days. It would be beneficial for Microsoft to add such a feature.

I have been using the product for two years and six months. 

The solution is stable, but there was one incident where we faced an issue with a security patch. We didn't receive any notification about this problem, which caused significant issues in our infrastructure. Regarding SLA, we now receive multiple notifications from Microsoft about planned downtimes. 

The tool is used by users in our environment across various locations, including RU, APAC, China, India, Pakistan, and Germany. It is scalable. 

Microsoft support takes time to respond. 

Neutral

The installation and implementation were very easy compared to on-premises solutions. We just needed one Azure account to create a tenant and log in to endpoint management. The setup required only a full subscription. On-premises setups, by contrast, need multiple servers, VPNs, and IP configurations, which is much more complicated. Configuring the tool took around 10-20 minutes, and only one person was needed.

The solution has reduced manual labor by approximately 15%. Many business applications, such as Google Chrome and VLC Media Player, are available in the Microsoft Store. We still need to manually create packages for a few custom applications used by our organization that aren't available in the Microsoft Store. However, we can onboard the majority of applications without creating manual packages. Being a cloud-based solution, it eliminates the need for multiple on-premises servers and the associated infrastructure. We only need a cloud subscription to manage everything. We can save around 40 percent on costs with Microsoft Intune. It has also helped us save money, time, and resources by 50-60 percent. 

We use the workbook to describe data on device compliance. It helps us generate reports and analytics about how many devices are compliant and how many are below the patch compliance deadline for updates. We do use some of the reporting features. For endpoint security, we can check how many devices have been affected by malware and how many have an updated Defender platform.

Microsoft Intune is a cloud solution, so there's no need to maintain servers, patch networks, or configure network info. It provides EDR capabilities. The solution also allows for mobility management, meaning we can manage mobile devices. Additionally, it can manage Chrome OS and Linux devices, though we aren't currently using that feature. The tool offers a centralized solution for deploying policies, compliance policies, application management, and patching servers and workstations.

The product has reduced our costs and centralized management. We can manage all our devices from a single console, which is very effective for reporting.

It simplifies deploying applications. We can push policies to ensure only certain users can access specific applications. Additionally, Intune allows us to create user and device groups.

Currently, we manage privileges through Azure AD. We have groups set up with specific group policies and restrictions. For example, we've assigned certain licenses, such as E5 and Office 365 Copilot licenses, to users through these groups, granting them the necessary privileges to access these features.

The solution supports logging, which helps us easily trace and identify issues. It also provides many reports on device compliance and configuration. This capability helps us reduce the time required to reach out to Azure. 

It centralizes the management of users, groups, and applications. In an on-premises setup, we would need multiple teams, such as an AD and application packaging team. With Microsoft Intune, we don't need to create packages for many applications, as they are already available in the line of business.

I would recommend it to other users because it's a cloud solution that centralizes the management of endpoint devices, security, and Azure products. However, I would mention that reporting is an area where the tool could improve, as it's crucial for some organizations. If reporting is a critical need, Microsoft Intune might not fully meet those requirements.

I rate it an eight out of ten. 

We use Intune as the MDM platform, and we used to deploy some products connected to Intune. 

Intune has improved productivity somewhat by connecting the AD with Microsoft Defender and the MDM because we can identify the Internet server. That's the main application or port over which we can manage our infrastructure. It streamlines device management. 

I like how Intune deploys the policies and makes them customizable. You can deploy it through Intune and forget about it. 

You can connect Defender for Endpoint to Intune and assign the client to start porting detections and alerts, creating a little security operations center. The integration is easy but tricky for someone who doesn't know how to use it. Once you learn to use it, it's a powerful tool that can condense most of your administrative tasks into one place

Integration with Microsoft 365 and security is critical if you have a Microsoft infrastructure. You want all the tools to be connected and exchanging data so that when you make a change or deploy something, you can make an informed decision and log the errors. You can avoid having different types of configurations and strengthen your policies. 

We've been using what they call conditional access in which we set up policies and apply them based on certain conditions and attributes. For example, you can apply some policies to company-owned devices and a different set of policies to devices for personal use. 

Sometimes, it takes time to synchronize the policies between the portal and the devices, you don't have a way to estimate how long it will take to deploy. You have some kind of gray area, where it can deploy in 30 minutes or three days. 

I have two years of experience with Intune

I rate Microsoft support nine out of 10. When we raise a ticket, they respond with a solution or guidance on how to fix the problem within 24 hours. 

Positive

We used VMware Workspace ONE and one other MDM. Based on my experience, I think Intune is the most robust because of how easily it can integrate with the other Microsoft tools. You won't need to deal with the process of connecting the Active Directory to Intune. Once you have your account with a subscription and a license, it will connect automatically, and you won't have a big problem with it. 

Microsoft offers a license that lets you access all the tools. Purchasing that license will probably be the most cost-effective if you plan to implement a Microsoft-oriented infrastructure. It's cheaper than purchasing all the products separately. 

I rate Microsoft Intune eight out of 10. 

We use Microsoft Intune for managing mobile devices. We considered purchasing another solution but ultimately decided to leverage the tools already available within our Microsoft product portfolio.

Microsoft Intune helps us achieve better predictability and a more secure mobile device environment.

Intune consolidates all our endpoint management tools into a single platform. This simplifies our software footprint. We began with mobile devices and are now expanding to personal computers and beyond. While the process may seem ongoing, it reflects the continuous growth of our endpoint management needs.

Intune is user-friendly. Supporting users doesn't require a huge effort. We've even created a self-service portal and instructions to help them install and manage their devices independently. We centrally manage policies and other configurations. This approach eliminates the need for users to bring their devices to service for initial setup, even for mobile devices. It's all about centralized management. When we provide company devices, everything is managed in one place with consistent policies. Software updates are also streamlined. Compared to older Microsoft tools, Intune offers a significant improvement. Updating software and maintaining the system is much easier with Intune.

Our overall security posture is good. We have implemented all of Microsoft's recommended security baselines. As a result, we use Microsoft Defender for Endpoint to protect both our desktops and mobile devices.

Overall, Microsoft Intune has positively impacted productivity within our organization. Several routine tasks that previously required manual intervention are now automated. This includes administrative functions, monitoring processes for functionality, and even interacting with processes that previously demanded significant manual effort.

By integrating Azure Active Directory Conditional Access with Microsoft Intune, we achieved full visibility of our devices, even when disconnected from the company network. This enhanced security posture is particularly beneficial for our remote workforce.

We can securely manage both company-owned devices and personal devices enrolled in our BYOD program. Intune allows us to create different profiles with varying security settings. This enables us to enforce strong security policies while maintaining flexibility. In case of a compromised device, Intune allows us to remotely wipe it, ensuring our data remains secure.

Intune does not provide real-time visibility. Since it's an online tool, it can take a few hours for the records to update.

I have been using Microsoft Intune for two years.

Microsoft Intune is stable.

Intune reduces the number of people needed for routine tasks, freeing them up for higher-value projects. This reallocation of resources delivers a clear return on investment.

Our enterprise agreement includes Microsoft Intune at no additional cost. To add advanced endpoint protection, we need a separate, but relatively inexpensive plan. This makes it a much more cost-effective solution compared to buying these capabilities as separate products.

We considered other mobile device management solutions, such as Davenport and a VMware product, but ultimately chose to stay with Intune due to its rapid development pace.

I would rate Microsoft Intune 8 out of 10. Microsoft Intune excels in environments with standardized devices, but organizations with a mix of models and devices may require significant manual configuration to ensure functionality.

In the past, I wouldn't have recommended Intune. However, with its integration into the Microsoft product line, it has become a valuable tool for any organization's IT portfolio.

We use Microsoft Intune to secure and control our notebooks and mobile devices.

Intune is deployed as SaaS.

Microsoft Intune has been instrumental in helping facilitate remote work.

Microsoft Intune brings our endpoint and security management tools into one place.

Microsoft Intune provides full visibility and IT control across our device platforms.

The Microsoft Intune user experience is seamless. The users are not affected by the control we have over the devices.

Enforcing privilege access using the privilege management feature allows us to quickly address the user's service requests.

Microsoft Intune has helped reduce the risk of security breaches. This control over our devices reduces the attack surface and makes them more secure.

Microsoft Intune has helped consolidate our vendors making it easier to administer control.

Intune suite's ability to integrate with Microsoft 365 and Microsoft Security for all managed devices is important and makes managing them easier.  

The policies restricting non-corporate devices on our network and the installation of unauthorized apps are the most effective for managing and securing devices.

The ability to block and erase remote devices is valuable to us, especially when those devices are lost.

I would like the ability to install the agent on devices from suppliers, which would enable us to implement a zero-trust strategy for guest devices.

I have been using Microsoft Intune for almost two years.

Microsoft Intune is stable. I have not encountered any issues.

Microsoft Intune is scalable. We are planning to increase the size of our company within the next 12 months.

I have contacted Microsoft support once because we primarily use one of their local partners for support.

Positive

One infrastructure analyst completed the deployment.

We used a Microsoft partner to help with the initial deployment.

On a scale of one to ten with one being the cheapest, the cost of Microsoft Intune is a five.

We evaluated a solution from Blackberry but did not like it because it was not as intuitive and the configuration was antiquated. Microsoft Intune was also less expensive.

I would rate Microsoft Intune nine out of ten.

We have only 100 users. It is easy for us to administrate this number of devices.

A junior-level infrastructure analyst manages the solution.

Before implementing Microsoft Intune make sure to have a good plan and become familiar with all the solution's features.

While Microsoft Intune offers centralized management and policy enforcement, it doesn't consolidate all endpoint and security management tools into a single platform. To comprehensively safeguard systems, additional solutions such as Microsoft Defender for Endpoint are necessary.

Achieving comprehensive endpoint visibility and IT control across various device platforms is a complex task, considering the diversity and freedom inherent in different systems. However, when it comes to deploying and managing devices like tablets, mobile phones, laptops, and specialized devices in Germany, a systematic and organized approach is crucial. Particularly noteworthy is the ability to configure IoT devices, such as numerous thermostats, water control systems, or sprinkler devices. Without a solution like Intune, scaling becomes a challenging issue, especially when dealing with thousands of such devices. Therefore, the use of a system like Intune becomes imperative in addressing these scaling challenges and ensuring effective device management.

On a scale of one to ten, I would rate my user experience with Intune as a six. The lack of intuitiveness makes it cumbersome to track and understand what needs configuration, especially when dealing with aspects like OneDrive and having to cross-reference settings across different areas of Intune.

In the context of securing hybrid work with Intune, our experience involved a two-day effort to configure the certificate for the Conditional Access server. However, once this initial setup was completed, we successfully configured VPN access for mobile phones. Despite the initial complexity, especially for a large company, Intune delivered on its advertised promises and proved effective in fulfilling the intended security functions.

Intune's effectiveness in securing data on company and BYOD devices is based on distributing security configuration data. While valuable, Intune has limitations, and comprehensive protection against cyber threats requires a sophisticated approach, including hybrid artificial intelligence solutions like Microsoft Defender for Endpoint. While Intune aids in system configuration, detecting and preventing attacks demands a more advanced defense strategy, comparable to sophisticated endpoint protection. Hybrid AI, with continuous human input, enhances threat evaluation, recognizing nuanced situations like suspicious timings in actions on developer endpoints.

It positively impacted IT productivity within the organization by enabling the secure addition of thousands of mobile phones to the VPN. In this regard, it performed effectively.

It played a crucial role in mitigating the risk of security breaches by securely distributing VPN certificates. While effective in this aspect, it's important to note that this alone is not sufficient. Endpoint security, such as developer endpoints, is analogous to having specialized tools for reading and managing complex systems.

It significantly contributed to cost savings. Manual configuration for each mobile phone would have taken approximately an hour per device per year, amounting to three or four thousand hours annually. However, with Intune, we accomplished the task in two days for five thousand devices, equivalent to around one hundred sixty hours. This resulted in substantial efficiency, reducing the effort from an ongoing five thousand hours per year to a one-time investment of a hundred sixty hours.

One of the most valuable aspects of Microsoft Intune is its seamless integration with Azure Active Directory, offering capabilities akin to Group Policy Objects. This integration provides a centralized platform for managing and enforcing policies, ensuring the stability of configuration data across devices, resembling the familiar functionalities of traditional group policies in an on-premises Active Directory environment.

In utilizing Intune's endpoint privilege management feature, I've primarily focused on configuring VPN access and certificates, although I'm not an Intune specialist. It's versatile enough for both configuring VPN access and managing large-scale IoT servers. For instance, in building management systems, especially in large structures like bank buildings, where numerous actuators are involved, configuring and securing them becomes a complex task. Intune proves valuable in this context. However, it's essential to recognize that while Intune serves as a powerful tool, relying solely on it is insufficient for comprehensive system security.

The integration of Intune capabilities with Microsoft 365 and Microsoft Security is crucial. As mentioned earlier, securing your machine requires tools like a developer endpoint, and relying solely on Intune may not be sufficient. While Intune allows configuration and deployment of Defender for Endpoints, having a dedicated tool is essential. The unique selling point of Microsoft lies in its seamless integration, especially notable for those working with Linux systems, where Microsoft's comprehensive integration sets it apart.

In terms of configuration, my experience with Intune is somewhat mixed. The configuration tool appears to be scattered throughout the Intune interface, requiring frequent navigation back and forth. The web interface, while functional, isn't particularly user-friendly, leading me to find PowerShell a preferable option. However, using PowerShell involves investing time in developing scripts. The challenge lies in the complexity of navigating between profiles and MDM configurations. Multiple windows need to be open simultaneously to grasp the overall configuration landscape.

I wish there was an improvement in the configuration process, as currently, it involves navigating through different locations with multiple windows open. Having a dedicated configuration server that assists in modifying the configuration service, and creating personalized structures, interfaces, and web services could enhance usability.

I have been working with it for three years. 

When evaluating stability, it's essential to consider the multitude of adversarial attempts, particularly from military opponents engaging in hacking activities. Microsoft has demonstrated its capability to withstand and defend against such sophisticated attacks, setting a high standard for security.

Considering the extensive number of support calls, I believe Microsoft handles them as effectively as possible. I would rate its customer service and support eight out of ten.

Positive

In the past, we utilized Windows services.

The number of people required for deployment depends on the specific tasks at hand. For instance, implementing the VPN solution involved five individuals, including specialists for firewalls and virtualization for the server endpoint. If the focus is solely on Intune-related tasks, one expert may be sufficient. However, in typical scenarios where Intune is used for onboarding machines or mobile device management, you'll need administrators with access to the relevant machines. It functions as a collaborative administration tool, and the required personnel would depend on the number of departments involved.

The pricing is inherently reasonable, as Microsoft leverages market insights to maintain the total cost of ownership at around ninety to ninety-five percent of what would be incurred in an on-premise scenario. Microsoft products inherently benefit from economies of scale and global reach, making them cost-effective.

It aids in vendor consolidation; otherwise, we would have had to manually configure around three thousand mobile phones.

It impacts the security posture positively when you are aware of what you configure and can update configurations promptly. However, as mentioned, the need for artificial intelligence in Endpoint Protection remains crucial.

I would recommend subscribing to reputable YouTube channels that focus on Intune or related topics. Building a strong foundation and gaining practical experience is crucial to understanding the intricacies of Intune. Overall, I would rate it eight out of ten.

It serves as our EDM, enabling remote computer management. We install various applications directly for users, granting us administrator-level control over the computers.

We utilize it exclusively within the IT department to manage all hardware from a single location.

It consolidates all endpoint and security management tools into a single platform. This allows us to efficiently determine the required applications for each employee. Having Azure Active Directory integrated into the complete environment further simplifies the process. Additionally, its compatibility with Android-based devices is a significant advantage, enabling the management of both Windows PCs and Android devices from a unified platform.

It offers complete visibility and IT control across various device platforms, saving us a significant amount of time. The alternative, handling devices individually each time there's a change in employee or any other scenario, is much more time-consuming.

When it comes to the user experience of Intune, the initial setup is quite straightforward, but delving deeper into its functionalities demands additional training and familiarity. This complexity can be considered a drawback. The policies that can be configured sometimes lack clarity, and understanding the limitations for users who aren't global admins can be unclear.

We don't utilize the MAM tunnel feature for remote access to corporate resources. Instead, we rely on TeamViewer for remote support when dealing with any issues.

It significantly enhanced our organization's efficiency, particularly in terms of time savings. While I don't have the specific numbers at the moment, the impact was substantial. Especially when we operated with a small IT team, the investment in the license cost was undoubtedly worthwhile.

In terms of securing hybrid work environments and safeguarding data on company and personal devices, there's flexibility to fine-tune policies for preventing certain actions. Currently, our approach restricts employees from installing unauthorized software, acting as a deterrent to Shadow IT. However, we haven't explored the full spectrum of possibilities with policies to uncover additional security measures.

The impact of Intune on the organization's security is essentially a peace of mind for me. If there's ever a report of a stolen computer, I can swiftly lock it without much concern. The speed at which this can be done is particularly reassuring, especially in the current landscape of hybrid work where such incidents tend to occur more frequently than before.

It has significantly impacted IT productivity in our organization. Onboarding and offboarding processes have become much faster. Simply Intuning the device and managing it through the internal portal or even within the VPN network streamlines the workflow. This is especially beneficial since our company supports hybrid work, extending flexibility to the IT staff as well. Inventory management has also seen a notable improvement, with less time spent. Now, we not only have a count of devices but also know which accounts they are associated with. Compared to our previous reliance on paper and Excel, this is a whole new level of efficiency. Overall, it has been an extremely positive experience for us.

While it's challenging to directly quantify cost savings, Microsoft Intune has certainly resulted in significant time savings for our organization. As we didn't have a comparable system before, it wasn't a matter of moving from something else to Intune. However, the investment has proven valuable, especially evident in the offboarding process. Previously taking fifteen to twenty minutes per device, it has now been streamlined to just a few clicks, around five minutes. This efficiency has been particularly impressive and has undoubtedly saved us considerable time.

Its most valuable aspect is the seamless onboarding and offboarding of new users, whether it's for a computer or a mobile device. This process is remarkably straightforward. Additionally, while not explicitly security features, there are safeguards in place that enhance safety. For instance, if a user reports their computer as stolen, you can promptly lock it and erase all data remotely. This means you can secure the hardware even without physical possession of the device. It goes beyond safeguarding just the Microsoft 365 user account; it extends protection to the hardware itself. It also served as a means to efficiently manage our inventory. Through Intune, I could easily access a comprehensive list of all the computers, tablets, and company-owned devices. This streamlined the process of accounting for new devices in our stock, eliminating the need for separate tracking outside of the Intune platform.

The capabilities of the Intune suite are seamlessly integrated with Microsoft 365 and Microsoft Security. This integration, especially with Microsoft 365, is crucial for us as it enables clear visibility into the association of devices with specific employees. Additionally, it facilitates tracking the usage of applications by different groups. The integration with Azure Active Directory further enhances the importance of the overall integration for our operations.

It would be beneficial to have a more straightforward understanding of Intune's capabilities, presented in a simplified manner. This way, one wouldn't need to be an Intune specialist or spend hours trying to grasp the intricacies of policies and functionalities. While I've used Intune extensively and have practical experience, I've found that to explore its full potential, significant time is needed for both understanding capabilities and seeking out relevant training. The current understanding of what actions or functionalities are available for configuration is not as clear as it could be. Enhancing the clarity of these policies, whether in terms of functionality or features, would be beneficial for users managing Intune.

I have been working with it for three years.

It provides excellent stability. We didn't face any downtime. I would rate it ten out of ten.

Scalability has been excellent. We began with a pilot involving just a few devices and swiftly expanded to over two hundred without experiencing any degradation in performance or functionality. I would rate it ten out of ten.

In terms of tech support or customer support, our experience has been somewhat mixed. Since we work with partners rather than directly with Microsoft Intune, and these partners are internal and cross-charged within the same company, there have been instances where support was not entirely satisfactory. This could be attributed to a lack of in-depth understanding on their part. However, it's important to note that they are not directly affiliated with Microsoft, and the level of support might vary accordingly.

The initial setup was complex.

Our setup is hybrid, specifically with Active Directory. The initial configuration necessitated an on-premises presence. However, once the setup is complete, the entire system operates in the cloud, making it predominantly cloud-based after the initial on-premises setup. I was involved in certain aspects of the deployment process. The complexity arose not necessarily from the intricacies of the tasks themselves but from the coordination required. As we lacked global admin privileges, there was a need for extensive collaboration between our team, global admins, and the Intune team at Microsoft.

In terms of maintenance, once it's up and running, there's not much ongoing effort required. It's essentially a set-and-forget situation. Occasionally, we might need to handle reports and views, especially when there's a new release. In such cases, there might be minor adjustments, like making something visible or invisible, but overall, the maintenance workload is minimal.

Regarding the pricing, my experience was with a nonprofit, where we enjoyed a substantial discount. While I can't provide insights from a business perspective, it's worth noting that the pricing may differ significantly, and the discount we received might not be reflective of standard business rates.

It's advisable to start with a straightforward approach, avoiding unnecessary complexity initially. However, it's equally important to have a well-thought-out plan for maximizing the platform's capabilities. Assign someone the responsibility of owning and creating a roadmap for ongoing improvements and enhancements. The idea is not just to go live and consider the implementation complete; rather, to plan for continuous refinement and utilization of additional features over time. Overall, I would rate it eight out of ten.

We were using SCCM to build and manage our machines and to control the AV, and everybody left the offices for the pandemic. We did not have an external management point. Oh. And we realized we lacked a method of control. After hassling Microsoft over a question of semantics, we finally got our answer, and we quickly scrambled over two weeks to push out Defender while everybody was still in the office. The other part was to move toward Intune. 

We started testing that and went in both directions. We tried domain and nondomain. We eventually worked backward, redid it again, and took all of our workstations off the domain. Now, none of our workstations are running on the domain. We build everything from Intune. The company gets a list ahead of time from vendors like Dell or HP, so we can have a laptop sent directly to an individual without ever touching it. They sign in, and it simply asks for their password. 

The biggest benefits of Intune are the ability to push changes and the added security. When we moved forward with Defender, we onboarded all those machines automatically. That helps dramatically. For a while, we were left with machines that weren't protected. We could see where people had done things they shouldn't have done, and Defender saved our skins a few times. It didn't happen a lot, but it happened enough that it made us glad we made that decision. 

Intune has enabled us to manage our remote workers' devices, which has been especially helpful since the start of the pandemic. My guys spend less time troubleshooting. If they're going to spend more than about an hour on an issue, it's a little easier to just reset the machine and reinstall everything again. It saves a lot of time. 

We're a much smaller group, so it worked out better for us. We've been able to push out products that we hadn't planned on. We had to push out certificates because we decided to go with a Cloud RADIUS provider and moved to certificate-based authentication for wireless. We've leveraged that same certificate to turn on 802.1x in all our offices to secure the wired networks. And all of these things have made it possible to roll out DNS filtering. Once again, all through Intune. We could enable all these pieces that we would need to turn on one by one with Intune in place.  

The company needed something that could be agnostic, so it didn't matter where it was. Half our workforce doesn't work in the office. We've downsized our primary office, and leased over half of it to other companies with subleasing. We don't need as much space anymore. Our workers are still working, and they're not required to be in the office more than three days away. Intune ensures that everyone can work remotely and securely. You can't log into our Office 365 environment from a non-managed device. Almost everything is in Office 365. We use nearly every piece of it. We use Teams for communications and switched to Azure Virtual Desktop at the end of 2019. We were a Skype customer then, so it wasn't hard to switch. 

We continued to shrink our footprint as we adopted more and more SaaS offerings. Unfortunately, finance and some other use cases cannot be in the cloud. You still need on-premise Bloomberg terminals, and other companies require you to have circuits to run them. We have to redirect certain things, which is why we have the VDI in place for a handful of users who require those internal resources when they work remotely. Intune is what made all that easy and possible. I don't think we would ever change that. My guys like it. It has simplified things. 

At the end of the day, we do touch the machines, but we don't need to. And we know if we didn't have to. Previously, a machine got left in an office, and we just walked through somebody wiping it, where you assign it to them, and they log back into it. In the worst-case scenario, we can just pull something off a shelf like that.

We had to learn the hard way which machines work in our environment. It's nothing against the company, but we will no longer buy Dell because their business platforms only use Intel chips, and we can no longer afford to use Intel chips. It doesn't work for our needs. I can get AMD chipsets that are generally cheaper and perform better. They aren't throttled for some of our applications the way Intel chips do. People have been happier since we made that migration a little over a year ago. 

We replaced many machines and onboarded people after acquiring a couple of other companies, and they were shocked at the difference between the machines we gave them and what they were used to working with. They just had always put up with that, and so had we. With Intune, it didn't matter what we purchased because it already had Windows loaded on. It was simple and easy to move forward.

Intune has reduced our build time from four hours per build to an hour or an hour and a half on a slow day. That's getting the Office 365 stuff to download and install. The other apps are secondary. When somebody logs in to a machine, the apps start downloading. We could give somebody a machine they've never seen before, have them sign in, and they're ready to work in an hour and a half. That's a tremendous amount of time saved, and there's nothing left for us to do.  We just make sure everybody who's supposed to be in a group has the assigned apps that the group needs to have. They're installed automatically.

The biggest problem we ever have is when something goes out of date after 30 days when nobody has logged into it. We do have a problem trying to get those back online. We've been working with Microsoft to resolve that problem, but that's been the only issue that we've had in the last few years.

Out of the box, Intune works reasonably well. They will continue to think of new ways to improve. Some of the policies could use some work to align more with what people are used to, but it's getting there. It's coming along, and I'd like to see how Security Copilot comes into play. You could have Copilot build things based on what you request. It could help put policies in place and look at your current policies. 

Unfortunately, we've had stuff out there for four years, and it's not working properly. A tool like Copilot could assess my policies, find weaknesses, and tell me where to make changes. That would be a great benefit.

I've had a constant battle with the DLP component, and no they're not going to have a choice. If they want to go with Copilot, we will need to start classifying documentation whether we want it or not. There will be a big fight when I get back of it. There's a fight. If you want you want you say you want copilot when it comes out, but if we have a classified stuff, it's not gonna work the way you wanna too. I heard so. Yeah. That's a problem. I heard someone talking about

We started testing Intune at the start of the pandemic, and at the time, it didn't seem to be quite as ready as they claimed it was. It was still being pieced together when we adopted it. However, it worked out well. While everybody else was scrambling during the pandemic to get on Teams and Azure Virtual Desktop, we had done that in the previous December, so by pure luck, we were ready to walk out the door. 

And I think it's scalable, honestly, but it's it's also about mentality, whether you believe it's you wanna spend the time to make sure that it's scalable. You know, I I I don't think I've been a big fan of getting away from domain services for the longest time. Think I don't see the point anymore. It's we use it very rarely. I so, you know, everything should be cloud based. It's a way to go. I mean, if you can run it that way,

We don't usually deal with Microsoft much. We have a CSP in place. However, sometimes we're dealing with a backend problem, and the CSP will take longer, so we'll go straight to Microsoft. When that occurs, Microsoft typically handles those issues reasonably quickly. When I contact Microsoft, I usually go through several engineers before I get to someone who can help. That's normal, but it doesn't drag out.  

Years ago, when we paid for enterprise support, I felt it dragged on forever because I went through the same process. I'd talk to a first-level engineer, and we had to escalate to tier three before we finally got somebody who understood what was going on. They would see the problem but not know how to fix it. They never had a resolution half the time.

The initial setup was easy, but we had lots of time during the pandemic. I had that all set up in my living room that first summer, working on it remotely. There were some pains because it wasn't all there yet. It wasn't until about July 2020 that most of the pieces were in place. It took another year before the rest was solid. However, to be fair, people adopting Intune now will get a mostly finished product.

Intune has a cost advantage if you get it with a bundled Microsoft license. If you have E3 licenses, you already have access to Intune, so you're not paying anything extra. That's a huge savings right there. Back in the day, people always wanted Office, but they didn't wanna pay for it, so you would use Open Office. That was my go-to 10 years ago. Now, I recommend the opposite. You need an Office 365 account. Don't think it is as paying for Office. That's not what you're buying.

For $7 dollars a month, you're getting a terabyte of storage in OneDrive and all the apps. You won't get that from Google. It's about cost, and it's even better if you get those bonuses with it. 

I rate Intune eight out of 10. I've never seen anything perfect, but it is an excellent fit for our environment. This is the smallest company I've ever worked for in my professional career, so it works well for us.