Microsoft Intune Reviews

I'm an IT manager contracting with a European company. We had to onboard Windows machines to the Azure AD, but they did not have an on-prem AD. I prepped the Azure AD on the cloud, and I started to migrate the laptops to Azure AD. 

Once that is done, we need to apply policies, but group policies will not run from Azure AD because there's no on-prem AD to derive the policy from. Intune comes in handy there. It has multiple capabilities. You can create your configuration profiles in Intune that apply to Windows and Mac. You can create security profiles and configuration profiles, and you can apply browser settings to some extent. It isn't a small tool in terms of size or breadth of capabilities. It's very capable. Anybody who has used SCCM will see a lot of similarities.

Intune has many components that replace third-party products. For example, Intune creates an inventory of each machine. Otherwise, I'd need a third-party asset management tool. Intune can also tell me which users are accessing a given machine because it's integrated with Azure AD.

It's easy to deploy a configuration or policy to a system, especially when you don't have Azure AD. Now we are talking to all these small and medium-sized customers who don't necessarily have an on-premise Windows Active Directory. If they have invested in Office 365 Premium, this functionality becomes available to them.

That's considerable savings because you get Intune with Office, and you're getting slightly more advanced Azure AD capabilities. They also get MS Defender, which is there on the Windows client. This March, Microsoft introduced Defender for Business. They activated the business subscription with the Office 365 Business Premium subscription. If a customer is looking for an antivirus solution with a centralized capability, the product is already there. 

Intune allows you to control the policy if you want to control hard drive encryption. We have third-party tools in the market that we used to invest in. Today, we have Windows-native BitLocker, and I can use Intune to manage that BitLocker encryption.

Intune can set policies on each machine. I can create rules and apply them to individual machines. It's much easier than using the Azure AD system.

Reporting in Microsoft solutions is pathetic. With Intune, I'm getting a free inventory tool, but I don't get a reporting tool. When I go to Intune, I can see one machine's entire data in terms of the hardware and the software running on it, but I cannot generate a report for all the machines in the organization. The reporting is the only feature holding back the functionality that is already there. 

All the other third-party tools are doing the same thing, whether Atlassian, ManageEngine, or Ivanti. They all install an agent on your system. Intune also has an agent on your system collecting inventory details and sending them across the central console, but Microsoft doesn't have the reporting capability there. That is the only drawback I see.

I started using Intune last year.

Intune is perfectly stable. We've had zero downtime.

Intune will scale because it's a cloud system. We are not installing anything. It's a Microsoft service. I have it running on around 200 machines.

I rate Microsoft support nine out of 10. In the past year, I've made 20 or 30 support requests on the Intune platform. Each time, it has been smooth. Usually, they sort the problem out on the first try. Once, the ticket was open for about two weeks because they had to do some backend testing on their side. 

Positive

I have used ManageEngine from a company called Zoho Corporation to do inventories and patching. Microsoft Intune lacks capabilities to patch Windows, Office 365, Acrobat Reader, etc. There is no way for me to apply and manage patches. I can create a patch configuration, but I cannot control when it has to be deployed and on which machines. If Intune adds patching, I don't need to invest in another patching tool.

Setting up Intune is pretty straightforward. There may be a few bumps in the road, but you shouldn't have much trouble if you're a system administrator or a pure IT guy. I did it by myself, and it took about two hours. You have to do the basic configuration. 

For that, you need a bit of reading to understand how your configuration is working within your overall setup. Once you do the necessary tweaking, Intune is up and running. After that, you create policies and do a test run on one or two machines. Once you verify that everything is working fine, you deploy it all. 

If you're not a techie, I could guide you step by step. It's as simple as that. After deployment, Intune doesn't require maintenance because it's a cloud product. 

We've seen a significant return on the investment. Otherwise, I would have to invest in a regular Windows Active Directory. If I were running Office Standard, which lacks this feature, I would have to buy something like Intune and pay for it annually.

Plus, I have to manage another product on the desktop. For example, if you're using a VPN client, the VPN client has to be installed and requires maintenance if something goes wrong. I don't have that maintenance cost because it's part of the Windows operating system.

We don't pay for Intune because it is bundled with the premium subscription to Office 365. It includes Intune and Defender. I don't have to buy two extra products to manage my enterprise.

I rate Microsoft Intune eight out of 10. Some functionality needs to be improved, but I believe Microsoft is working on it. They're developing the tool, and those features will be added, but I will give it an eight today.

If you're thinking about implementing Intune, you should look at what you already have in place. For example, if I wanted to bring my laptops onto Azure AD, Azure AD will do the job for me, so I don't need to invest in a regular Active Directory server.

Either I buy the server and run it on the cloud or I upgrade Office and Business Premium gives me all of the features. Business Premium is the top license. You have Business Basic, Standard, and Premium. The Enterprise equivalent is E3 and E5. 

The Business Premium is equivalent to E3. There is a limit on the number of machines. Per Microsoft's licensing model, you can do up to 300 machines on Business Premium. At 301, you have to switch to an Enterprise agreement.

Nowadays, we've seen more evolution towards Autopilot for Windows 10 and then in a hybrid or cloud-only setup. After the Windows devices, we use it with Android, the most frequent mobile, and then iOS. I have five or six projects regarding Microsoft.

It helps deal with conflicting policies. We do a lot of graph API calls toward Microsoft for reporting, et cetera. 

It simplifies the work of the IT admins in a company if you set it up right. The setup will take some time, obviously. However, if you set it up right, it will simplify the management of your endpoints. The enterprise app management is great. With Intune, you can shorten the time needed for handling the necessary updates so that there are no vulnerabilities on the applications or on the operating system side of things.

The Intune suite offers a lot of features. 

The AutoPilot feature is helpful.

Endpoint privilege management is very good. You can bring your own device setup. You can use it in combination with conditional access policies for encryption.

Migration from on-prem to cloud is good.

The settings catalog and configuration profiles are also very, very useful.

Intunes brings all of our endpoint and security management tools into one place. This is a good thing. We now have one portal to check instead of dozens. I'm really happy with that.

The overall user experience is quite nice. I have no complaints from end users regarding their devices enrolled in Intune.

We've used Copilot. We have nothing to complain about, however, it is very expensive. With Copilot, we summarized a few of our policies and devices, which were great. We check the properties of the devices, hardware, of the devices, and so on. Mostly, we played around with the summaries of the policies, however, we switched it off since it was running for a couple of days, and it was a few hundred euros for those few days. 

Witnessing the benefits of Intune happen quickly. Clients usually begin to see benefits after the kickoff meeting. Intune is an ongoing development product. It helps both greenfield and existing setups. It's not static. We'll work with policies and versioning, and after every quarter, we'll review our policies and update where necessary. If clients used Intune managed services, they get policy updates included in the managed service. 

Intune is good for securing hybrid work and protecting data of the company while bringing our own devices. We use device framework policies from Microsoft themselves with some minor adjustments. They have level one, level two, and level three policies. You can just fix the settings of their site, and that's also what we use. Then we just tweak and bring in our own experiences. 

The endpoint privileged management enables users to enforce privileged access and can positively affect user productivity. In in small environments, the end users are, in 99% of the cases, also local admins on their devices, which is obviously not good. In bigger environments, we get into that less often as it's more of an organized thing. That said, in small environments, everybody is a local admin and that brings certain risks with it. So users can install and download everything they want. With endpoint privilege management, we can set rules for specific applications, and then, a user can ask for approval to run a certain application, which is very good. 

Intune positively affects overall IT productivity in organizations. If users need to install it on a device that they need in their workday or day-to-day business, they can just grab it themselves from the company portal app. They do not have to wait. They do not have to enter a support ticket that goes to the help desk to request a certain type of software. They can do it themselves, so they save a lot of time.

Intune, when applied on the cloud, can save on costs. With the cloud, there's no on-prem infrastructure that needs service, electricity, space, or cooling, for example. 

There are a lot of features that need to be released. There is no copy-paste or fie transfer. There's more work to do. They don't live up to my expectations anymore. Microsoft has a history of releasing features that are not completely finished. 

Remote help needs to be better.

Reporting needs improvement. It's still lacking. The built-in reporting is pretty basic. In managed services, we have a lot more reporting. However, we had to develop it ourselves.

I've used the solution since the product launched, about 15 years ago. 

The solution is fairly stable. I cannot recall the last time that there was a health issue reported on the Microsoft side regarding Intune.

The scalability is perfect. I've had no issues with scaling. 

The communication between us and Microsft is good. They do come back with insights on what's to come. When it coms to support, if you are lucky, you will get a good tech that can help. The knowledge of some techs are insufficient. They may ask basic questions that are not relevant to the issue. You spend a lot of time re-answering questions you may have already addressed in the original ticket.

Neutral

I did not use a different solution previously. 

I've been in touch with MobileIron and AirWatch, however, that's very, very basic.

I work with both on-cloud and on-prem versions of the solution. 

The initial deployment is very simple and straightforward. I've been doing it for 15 years, so I understand the process. When people are new to Intune, there may be some complexity. There are many things that need to be considered. The learning curve can be steep. 

There is support from Intune for maintenance, like when an application fails to install. 

I tend to implement the solution myself. 

Some people have Microsoft 365 with a security add-on, and Intune is integrated. 

Copilot is expensive as an add-on.

It's a rather expensive solution, especially if you want to use all the bells and whistles. 

I've been involved with the solution as a customer, integrator, reseller and consultant. I'm a freelancer as well and use it myself. I'm selling licenses and doing greenfield setups for different customers. 

We've not yet used all aspects of Intune suite, which is a new collection of advanced endpoint management and security tools. We have demoed it, and we are showing it in workshops. However, we do not have it in a live environment. A lot of customers are hesitating to buy the Intune suite due to the price. Some users may be paying fifty euros per user per month and then would need to add another 10 euros for the Intune suite, and that's a big step since that would be a fifth of the license that they're already paying. 

It's helpful that Intune is integrated with 365. It's important that everything is integrated together so that the Microsoft ecosystem becomes seamless. 

I'd rate the solution 8 out of 10 overall. 

It's a fund product. The possibilities are almost endless. It will make your life easier. 

I was using Intune with a customer. I had a long-term contract with a mining company, and then I moved to another organization. I am now in a different company. They all are large organizations. They are moving to the cloud, and Intune is one of the tools they are going to utilize.

In my previous job, Intune was being used for the cloud environment. We migrated fully from on-premises SCCM to cloud-only managed. We were utilizing all the benefits of Intune for cloud management, such as Windows updates, encryption, configuration, replacement of GPOs, etc. Moving away from the SCCM to Intune was a part of my previous job.

It is a modern tool. It is a cloud-based or software-as-a-service tool that gives you centralized management at one location. You have good dashboards. You have pretty much everything at a single location. You can manage different settings in one place. It is about manageability. It also gives you access from any place. It is a cloud solution, so as long as you have connectivity, you can do pretty much everything.

Intune brings all of the endpoint and security management tools into one place, but it is a lengthy process because I have been working for large organizations. They have been heavily dependent on on-premise services for years or decades, so the transition always takes time, but it is pretty successful. It is a good tool, but in security, there are dependencies, so it takes time for the transition to be successful. We have been using different security baselines and CIS or NAS methodology. It is a difficult process. Especially when you do GPO migration, not all settings are yet directly supported in Intune. Sometimes, you have to do a bit of workaround, power shell settings, and registry settings. It is tricky, but it is a key area for a successful transition.

Intune does not yet provide full endpoint visibility and IT control across device platforms. There is still a significant gap between all the systems we used on-premise and Intune. It is probably going to take time for Microsoft to fill the gap. Sometimes, you have to use third-party products, and sometimes, you have to use workarounds. It is a tricky one, but Microsoft is moving in the right direction, slowly but surely.

In terms of user experience, users do not use Intune. From the user perspective, it is about the performance and the impact, and there are some analytical tools to measure performance, reliability, etc. The built-in reporting is pretty good.

Intune affects IT productivity. From the IT operations perspective, things are much more simplified. The transition also enforces some cleanups, optimization, etc. It is definitely a great improvement for the IT organization.

Intune itself has probably not reduced the risk of security breaches, but there are many add-ons. There are many security products from Microsoft that integrate with Intune and Azure. Its reporting is great. By having the right knowledge and the right understanding, you can utilize this. There are some security baselines that you can utilize in Intune, which are coming out of the box. Microsoft is providing its own products for security, and this is probably an area we should explore.

Intune helps to save costs. As a part of the transition from on-premises to Intune, you can decommission your legacy infrastructure such as SCCM and domain controllers.

Intune has helped to consolidate vendors. It is one product, and Microsoft is trying to fill all the gaps with the add-ons. Microsoft is constantly adding functionality pretty much on a monthly basis. Utilizing a single vendor or single tool set is always good. This consolidation affects the licensing costs. When you have a single vendor, you have more options for contract negotiation, license discounts, etc.

It is very important that the capabilities of the Intune Suite are integrated with Microsoft 365 and Microsoft Security for both cloud and co-managed devices. You have a single pane and the same toolset. It is always good to utilize a single product.

It is a modern desktop management tool. It is a replacement for SCCM and GPOs. When organizations are moving away from the AD to Azure AD, especially for devices, it is very useful. It is helpful for managing devices anytime and any place without requiring dependency on the local networks.

There is still a gap between SCCM and Intune, especially in the reporting, inventory, and software deployment areas. For people using SCCM, Intune seems to be very simple. It is a good thing, but sometimes, it is a bad thing. There is a significant gap, especially for large organizations in terms of functionality. Microsoft still has a lot to do.

I have been working with Intune for about 5 years. I am an endpoint management specialist. I am using it pretty much daily.

I would rate it an 8 out of 10 for stability. It is still under development, so there are issues. Sometimes, settings are not consistently applied everywhere, so they give unexpected results. It is probably because of the learning curve and also the ongoing development. Sometimes, there are bugs or some mistakes. It is a cloud environment, and sometimes, some settings are not applied. It is a matter of time. It will get fixed.

It is very scalable. It is practically unlimited.

I have been working with companies with different numbers of users and devices. In one company, there were 40,000 devices, and in another one, there were 300,000. The number of users is more than the number of devices because the companies I have been working with have different shifts, so they are sharing devices. That is why there are more users than devices. The average is 35,000.

The first and the second lines of support are quite poor. They redirect end users to publicly available documentation, which is not very useful because usually, the first thing you do is to check what is available publicly before you raise the ticket. Their support is not very good. I would rate their support a 6 out of 10.

Neutral

I have been mostly using SCCM. The move to Intune was a part of the cloud transition. Most companies are moving not only the MDM solution but all kinds of services to the cloud. Intune is just one of them. It covers one of the areas.

Its deployment and maintenance are easy. I would rate it a 9 out of 10 for both. It is generally deployed on a public cloud.

The number of people required for maintenance depends on the size of the organization. One person is never good enough because you need to consider various time zones, people going on leave, etc. 

Intune comes with the licensing that is common for large organizations. However, Microsoft has recently released many add-ons that are very expensive, especially for large organizations or corporations. They are not very happy. They are not willing to buy them. That is the problem. Microsoft should probably work on the strategy for pricing for the add-ons.

They probably did not evaluate other options. A lot of organizations are trying to use one vendor, and they have been using Microsoft for a long time. Intune seems to be the most complete as compared to others. I have been doing some research recently for a company, and I have been going through some Gartner reports. Intune is clearly number one in this area.

To those evaluating this solution, I would advise to be aware of the fact that this is a product that is still being developed. There are many features that are not available yet, especially as compared to a product like SCCM which has been on the market for many years. Do not expect everything to be available straight away. 

I have not used Intune much for BYO devices. The companies I have been working with do not allow that. They either provide their own hardware, such as laptops or desktops, or virtual desktops such as cloud PCs. They either have Azure virtual desktop or Windows 365, so I do not have much experience with BYO devices.

I have also not used Intune's Endpoint Privilege Management feature. It is probably a new functionality that is not free. For large organizations, it is a significant cost, so they are reluctant to go in this direction. They might use it in the future.

Because of its scalability and future-proofing, I would rate Intune a nine out of ten.

We manage all our client devices, including Windows laptops, MacBooks, iPhones, iPads, and Android devices, using Microsoft Intune.

We regularly survey our users to gather feedback on their experience with device enrollment and app installation. The feedback we have received so far has been positive.

Intune is good at securing hybrid work and BYOD. There are a few gaps but we can manage those with other tools.

Microsoft Security Signals within Intune is an effective tool. It allows us to restrict access to specific systems or resources for certain devices based on their risk score. We can also prevent access for other devices that don't meet a specific risk threshold until their score improves.

It has enabled our IT team to use their tools more effectively.

Intune streamlines our endpoint management by consolidating multiple vendors into a single platform. With Intune, we can now manage features like the Windows Defender firewall and disk encryption directly, eliminating the need for separate third-party products. This simplifies our management process and potentially reduces costs.

The vendor consolidation has helped to reduce our licensing costs.

It is extremely important to us that the Microsoft Intune suite is integrated with Microsoft 365 and Microsoft Security. We're looking at consolidating more systems and solutions into our Microsoft licensing because of how easily it integrates. 

While Microsoft Intune boasts a wide range of features, its user-friendliness and bundled licensing cost are key considerations for me.

The licensing has room for improvement.

It would be great if Intune offered better data protection controls for BYOD Windows PCs.

I have been using Microsoft Intune for four years.

While Microsoft Intune is generally stable, there are recurring issues with deploying Microsoft 365 apps through Intune. These outages occur around the same time each month.

I would rate the scalability of Intune a nine out of ten.

While the technical support team is generally good, there have been instances where feedback sent to the product group has resulted in delayed or absent responses. This can be frustrating, especially when requesting new features or clarifying existing ones. It would be beneficial to establish a clearer communication channel with the product group to ensure timely responses and address customer concerns efficiently.

Neutral

Previously, we used Workspace ONE. While I find Intune to be generally better, there are still some specific areas where Workspace ONE offers functionalities that Intune currently lacks. Additionally, Workspace ONE was significantly faster for generating reports. However, I acknowledge that Intune has undergone significant improvements over the past year and a half, and it's steadily approaching the level it needs to be. Nevertheless, there's still room for further improvement.

The implementation was completed in-house.

The current licensing model separates essential features into higher-tier subscriptions, requiring additional purchases. Ideally, all functionalities should be included in a single bundled license.

I would rate Microsoft Intune eight out of ten.

We rely on Intune for device management and leverage other tools for security.

Additional maintenance is required to deal with the monthly outages.

I recommend using Intune for endpoint management. It's important to familiarize yourself with the product beforehand. Researching endpoint management via Intune and reviewing Microsoft's online recommendations is crucial for successful implementation within your organization.

I use Microsoft Intune for my Active Directory and my end-point and zero-day protection.

Microsoft Intune has allowed us to work from anywhere.

Autopilot is the most valuable feature of Microsoft Intune.

Integrating certain group policies can be challenging and may necessitate using on-premises systems to integrate them with Microsoft Intune.

I am encountering challenges integrating with multiple domains outside of my own due to unsupported Active Directory extensions.

I have been using Microsoft Intune for four years.

Microsoft Intune is stable.

Microsoft Intune is scaled to support more than 39,000 users without any issues. The initial setup process for the on-premises to Active Directory hybrid integration can be quite technical. We have 100 users.

Microsoft Intune's technical support is good.

Positive

The initial setup is straightforward. I am an architect and completed the deployment on my own within two months.

The implementation was completed in-house.

Using a hybrid setup instead of relying on a third-party product can provide a better return on investment with Microsoft Intune.

Microsoft Intune is included in our Office 365 suite license. The E5 license is expensive.

I give Microsoft Intune an eight out of ten.

Microsoft Intune doesn't require any maintenance from our end.

I recommend Microsoft Intune because it can be easily integrated with other Microsoft products into a single suite, making it a plug-and-play solution that can be set up with ease.

We use Microsoft Intune to manage desktop, mobile, Apple, and Windows devices.

Before Microsoft Intune, we were unable to manage devices because everyone was working from home, even though they were still part of our group. This meant that we could not control the devices, such as installing software, deploying tools, or setting up laptops for remote users. After Microsoft Intune was implemented, we were able to manage devices remotely. We can now push policies and applications to devices from a central console. This has made it much easier to keep devices up-to-date and secure, even when employees are working from home.

Device management allows us to control devices remotely, push applications from the cloud, and use autopilot. Autopilot is the most valuable feature.

When somebody has a customized application or their own company's application, we cannot deploy that application. For that, Microsoft has to change some tools, such as the launch tools, so that we can deploy those applications as well.

I have been using Microsoft Intune for two years.

Microsoft Intune is stable.

Microsoft Intune is scalable. We have 300 end users.

The technical support is good.

Positive

We previously used TeamViewer Remote Management. However, we switched to Microsoft Intune because TeamViewer did not offer application deployment or vulnerability management. Microsoft Intune offers both of these features, as well as integration with Office 365 Defender.

Intune's initial setup is straightforward. Microsoft provided us with some documentation on how to implement the basic setup, and we went through that. There is also a lot of documentation available on the Microsoft portal. We can easily find whatever we are looking for by searching. The Microsoft support team is also very helpful.

The implementation was completed in-house.

We have seen a return on investment with Microsoft Intune.

Microsoft Intune is more expensive than other solutions, but it offers a wider range of features and control. It is definitely worth the cost for organizations that need a comprehensive mobile device management solution.

I give Microsoft Intune an eight out of ten. It solves all of the problems that we were previously logging into other products to handle. Now, we can do everything from a single console, including security, management, encryption, device vulnerability, and anything else we want to do with the device. We can even run any script.

There is no maintenance required from our end for Microsoft Intune.

To use Microsoft Intune, we must have an active domain. We can then purchase Intune directly from Microsoft or from a partner.

If I had the opportunity to choose a configuration management tool again, I would choose Microsoft Intune.

Intune is a tool for managing configurations and policies for devices. It has additional benefits like monitoring and enforcing security measures. It helps us ensure that the devices we provide to our users are perfectly controlled so that data isn't leaking. For example, I can enable BitLocker to encrypt data on all employee devices. All laptops in the organization require antivirus software. Any laptops without antivirus are non-compliant, so I can block them in Intune. 

I can also use Intune to lock down specific activities on mobile devices. When people access their email, Microsoft Teams, or OneDrive on their mobile devices, I can enforce a policy that prevents them from copy-pasting data from the corporate email address mailbox to their phones. I can also block screenshots. 

We have nearly 100,000 users across multiple locations. That's one benefit of Intune. We can cover devices at several locations with a single cloud-based solution. 

The great part about Microsoft Intune is that we can target for Android/IOS/Windows devices with full control. We can also enroll Mac and Linux OS and enforce certain configurations and get compliance reporting. This provides us a key criteria for zero trust deployment model.

And now we have the option to integration of Ms Intune to MAC JAMF with API integration which makes the life simpler

And administrative Units helps a lot in scoping the device and providing the delegation to the required administrators which creates a very good RBAC management as well.

Intune is a cloud-based solution, so we avoid many of the headaches associated with on-prem maintenance like for example SCCM which was doing this job in the past and we need frequent patching and maintenance as well. Because Intune is a cloud-based solution whereas SCCM depends on on-premises technology to function, Intune has a simpler architecture with more options on MAM, reporting, security & MDM. We always get the latest security features and enhancements from Microsoft with the cloud-based solution Intune.

Intune allows you to create policies for managing mobile devices and mobile applications. Mobile application management targets and protects only the application. It will create a container for your application on the mobile device, securing the container and application. Mobile application management allows you to set limits on what employees do in specific applications that contain corporate data, such as Microsoft Outlook.

Intune device restriction policies enable me to enforce limitations on the device, like blocking the mobile camera or restricting the employees from using and inserting USB devices, including thumb drives and flash drives.

Intune's reporting and logging could be improved. When troubleshooting, it's difficult to collect the logs and determine what's happening. If I want to filter out the compliant devices, I can see it from the logs, but I would like the option to drill down further. 

I select one device, and Intune tells me it's non-compliant. I click on it, and it tells me the antivirus service is not running. It should provide some additional information. When did the service stop? Did the service start in the first place? Intune's internal graph API should also be improved because that is where we can apply commands. 

I've been using Intune for the last six years.

As stated the solution is very stable because there is 24/7 monitoring of the core component by Microsoft Monitoring Team. 

Microsoft Intune can scale easily since it's a cloud-based solution and we need to procure only licenses per user and no need to worry about maintaining the backend core component because it's handled by Microsoft.

I rate Microsoft's support a seven out of ten. Support is one area that requires massive improvement. In most cases, the frontline engineers collect the logs. After they review the logs, they will find the person who can help us fix the issue. 

Neutral

We previously used Microsoft System Center Configuration Manager, Microsoft's on-premise configuration management solution. We switched to Intune because we purchased an EMS E3 license that covers Outlook, Teams, Intune, etc. 

Ultimately, it comes down to costs. We don't need to spend money on SCCM licensing, and we get better cloud-based monitoring and reporting than SCCM. Most people prefer to move to Intune because they get some additional features included for free when they buy the EMS E3 license from Microsoft.

Setting up Intune was initially complex because we need to migrate everything from SCCM to Intune. If you already have your policies and configurations worked out on-prem, it will be the same once you move to Intune, and you'll see a massive improvement in configuration, compliance, reporting, and mobile device management.

The return on investment is that I have a better way to secure my devices and make them compliant. 

Intune's pricing is competitive. For example, the license of Blackberry's Enterprise Mobility Suite was costly, but Intune is affordable. It is included as an additional feature when you buy security enhancements for your organization. For example, let's say I have fifty users in my organization and all of them are using Microsoft cloud services, like Teams, Office 365, and OneDrive. 

In order to protect this, I'm going to buy the EMS E3, which includes security and also the option to utilize Microsoft Intune. I don't need to buy an additional license for software and device management. I can do all of this with the same license I bought for Microsoft security.

I see a significant gap between Microsoft Intune and products by other vendors. We were using SCCM on-premises, but Microsoft Intune added monitoring and security features, so we didn't see any suitable alternatives. 

I rate Microsoft Intune a nine out of ten. Before deploying Intune, you must understand your current setup and security needs. If you're only looking for a security solution, you can deploy Microsoft Defender for Endpoint. However, Intune is ideal if you want a more comprehensive security solution that covers configuration and compliance management. You need to understand the gaps in your current solution and what you want to overcome. 

Around 90 percent of our platforms are in the cloud, and our company uses them to manage access to various platforms. In our company, what we used to do when we were on an on-premises setup was to use group policy to basically manage access and authorizations to various services, which can be quite challenging because not everything you want to do on GPO even though it is available in it. You can use or manage VBScript and PowerShell, but it was a bit challenging. With Microsoft Intune, you already have specific processes and platforms that have several things you can do with it in terms of security and in terms of making everything standardized, sort of a standard desktop, or even a customized one based on the user's job title, ranging from executive management to basic back-end staff. Microsoft Intune allows you to customize everything, like security, the availability of some features, and even updating particular systems or where and which system can access which service from a geographical location, which we couldn't do with GPO. Microsoft Intune allows us to be very flexible.

Applications have a feature that allows you to deploy applications remotely to different systems. They can be Windows-built, some business applications, small scripts, or even custom applications. The tool can even deploy fixes, and it has been one of the features we use quite frequently to troubleshoot and fix issues.

The tool brings all of our company's endpoint and security management tools into one place.

Speaking about the impact of Microsoft Intune on our company's IT and security operations, I would say that the tool has done a good job in terms of centralized management, but there is still a lot it can do. Microsoft Intune is just a mobile device management platform. It doesn't really implement security, specifically in terms of endpoint security for ransomware and other attacks, so our company has to supplement with other solutions.

If I assess Intune's user experience, I would say it is perfect and simple. In general, the tool is very easy to use. Every feature or domain, ranging from compliance to security to DLP, integrates very well with Microsoft's other modules.

I am using certain aspects of Microsoft Intune Suite, which involves the new collection of advanced endpoint management and security tools.

If I assess Microsoft Intune for securing hybrid work and protecting the company data and the data on my own devices, I would say that it works very well in handling BYOD cases. For all the corporate business apps, you can't share data outside Microsoft Intune or the enrolled devices. It has to go through all the approved suites of Microsoft Project and then into OneDrive so that we can tell where that information passed, making it basically a DLP type of thing. You can't copy and paste anything into an external product since it must be within Microsoft's suite. The tool really helped our company keep certain information confidential within Microsoft Office Suite, and it doesn't go outside, which is helpful.

I use Intune's Endpoint Privilege Management feature in Microsoft Intune. Speaking about how Intune's Endpoint Privilege Management enables our company to enforce the least privileged access that affects user productivity in our organization, I would say that all our users are at the basic level. Depending on the function users need to do, privileged access might be required, and we can basically elevate them to do it, and then we don't have to do anything beyond that.

In terms of how important it is in the context of our company's journey to the cloud that the capabilities of the Intune Suite are integrated with Microsoft 365 and Microsoft Security for both cloud and co-managed devices, I would say that the integration part is the key since it has to follow everybody, whether they work on the company's premises or remotely with Microsoft Intune.

Improvements can be made by allowing server integrations since it is an area where the product currently has shortcomings. Currently, it is just endpoints, Windows, and mobile devices, but we would like to see the servers integrated into the tool as well so that the product covers everything.

The product currently lacks any features. For most of what we can't do with the features available in Microsoft Intune, we use PowerShell to address such areas.

I have been using Microsoft Intune for ten years. I work with one of the past versions of the tool.

My company hasn't faced any stability issues associated with the product since its deployment.

It scales up pretty much with ease. It reduces the work on the admin side. It is a very scalable tool.

With Microsoft Intune, my company covers more than 250 devices. I would probably say that it goes up to 300 devices. My company also has many remote staff members.

I have provided technical support for the solution once or twice, but all the information regarding the fixes is mentioned on the internet. I rate the technical support a ten out of ten. In my company, we haven't had any challenging situations that required a prolonged fixing process, and it was usually done in a day or two, within which it used to get resolved.

Positive

Before Microsoft Intune, I used a different solution for enterprise mobility management named VMware AirWatch. My company started using Microsoft Intune since it was bundled with the other services offered under Microsoft. I think my company moved to a new plan with Microsoft, and Microsoft Intune was present in it with Microsoft Enterprise Mobility + Security (EMS). My company thought about why we should pay for another service when we already have one.

VMware integrated with Microsoft like a connector, but every time there is a change or an upgrade to Microsoft's platform, it sort of disrupts VMware. My company then figured out that the closer we are to Microsoft's platforms, the better, which in turn helps us consolidate vendors.

My company involves two types of judgments to determine whether or not the consolidation of vendors my company deals with has affected our security posture. We have a Gartner evaluation, and we are trying to see if our current vendor is at least in the leadership quadrant. After that, we go for their products. Even if a tool is not at the top, it is a win-win situation for us as long as it is there. Gartner has been important in helping our company decide which vendor to consolidate products and services on.

The consolidation of affected vendors has not reduced our company's licensing costs. We recently discovered that Microsoft is basically unbundling several parts of its products. People can now choose Microsoft's models, but you cannot choose what you want as an add-on. In such a phase, we are going to have to compare apples with apples. If Microsoft unbundles Purview, for instance, we have to look for a similar DLP and compare it in terms of price and performance.

I was involved in the tool's initial setup process. Initially, my company faced some complexities with the product's initial setup phase, especially in terms of how to deploy it remotely. We basically had to have every device in front of us physically to do the deployment.

Considering that the deployment phase was an ongoing process, it took three months to be completed.

The product's deployment phase was carried out with the help of our in-house team with the help of the information in the tool's manuals.

The solution was deployed with the help of three people in our company.

From a cost-saving perspective, my company has no information associated with the tool. When we get the budget approved in our company, there is an additional buffer, causing us to have more of an overcapacity scenario rather than an undercapacity one.

My organization is still in the process of discovering several of the overall benefits that we have experienced from the use of the product. My company keeps discovering new features when we use Microsoft Intune's capabilities.

My company has not done any evaluations to figure out whether the product could generate any return on investment. It is something we should do in the future.

In my personal opinion, the product does offer value for money since it offers good security.

It is not difficult to maintain the product. Once the configurations are set at a basic level, the tool just keeps modifying itself and keeps on improving.

In terms of the product price and licensing costs, my company finds the product to be reasonably priced. As long as our budget is approved for it, everything is fine with the pricing part.

My company did not evaluate any other options against Microsoft Intune.

I am not using the enterprise application management features of Microsoft Intune Suite. For applications management, we are basically doing SaaS for most of our applications, so they are on the cloud. The least we do in our company is MFA or two-factor authentication and single sign-on into the enterprise applications, but they are basically on Amazon AWS or SAP.

I am not using the advanced endpoint analytics in the tool.

My company doesn't use Microsoft Copilot in Intune. I would say that my company is waiting for Microsoft Copilot to reach an advanced stage. When I say advanced stage, it means handling business cases that apply to our company's type of business. What we have seen in our company is that in areas like customer relationships and retail banking solutions, Microsoft Copilot works. With Microsoft Copilot, our company hasn't seen any business case related to our work. Microsoft Copilot is mostly for chatbots in CRM and other things, but that is not what my company wants. My company is waiting and hoping that we will see advanced features in Microsoft Copilot by next year. I am working with the basic capabilities of Microsoft Intune.

Intune's Endpoint Privilege Management's least privileged access doesn't affect our organization's attack surface since it is handled by a different platform named Symantec.

My company has not measured if Microsoft Intune has affected IT productivity in our organization, but I believe that it is something that we should do.

I would suggest those planning to implement Microsoft Intune in their company start with a pilot group and implement every aspect they want to implement with that group across different devices, ranging from Androids, iOS, Google, and everything else. In my company, when we did encryption, we found that Android already has an encryption feature, which is basically for Android, so we couldn't turn on the encryption feature. If we did turn on the encryption feature, we would lose information because it was already encrypted by Android.

I rate the tool a ten out of ten.