Microsoft Intune Reviews

Previously, when dealing with COVID-related issues, we had to bring laptops to the office network to resolve problems physically. However, with the introduction of Intune and autopilot, we can now build and manage machines remotely. Intune allows us to upload our operating system and create a tenant, enabling users to enroll and build machines anywhere with an internet connection. This eliminates the need for physical device management and reduces downtime. Additionally, Intune simplifies application management by providing a centralized platform for accessing and deploying applications without requiring multiple servers. Overall, Intune offers significant improvements in device management, flexibility, and efficiency compared to traditional methods.

Currently, we operate Intuneas as a hybrid model. While devices are enrolled in cloud-based Intune, updates are still being deployed from our on-premises SCCM. A complete migration to the cloud will take time, especially for larger organizations with tens or even hundreds of thousands of machines. This transition is hindered by legacy applications that are incompatible with Intune. To facilitate a smooth migration, Microsoft must either enable the use of these legacy applications within Intune or provide equivalent cloud-based alternatives.

Historically, application management involved installing software on users' machines. However, many organizations now utilize software-as-a-service models that are accessible through web portals like Intune. We also employ App-V to virtualize legacy applications, allowing access to any physical or virtual machine. Our current methods include direct endpoint installation, SCCM deployment, and App-V server hosting applications. We introduced App-V as a virtual application platform to address challenges like developer environment inconsistencies and license costs. By centralizing applications and implementing a first-come, first-served licensing model, App-V reduces costs, improves accessibility, and simplifies management.

Intune consolidates our endpoint and security management tools into a single, user-friendly platform. It seamlessly integrates existing on-premises policies, allowing for easy creation or upload. Organizations migrating to Intune or replacing on-premises Active Directory can effortlessly establish new policies. Unlike the complexities of on-premises management, Intune simplifies policy creation and implementation through a click-based interface, eliminating registry changes. Additionally, Intune's cloud-based architecture ensures consistent policy application across devices, avoiding the delays and potential bandwidth issues associated with on-premises servers. Microsoft's robust infrastructure provides reliable performance, making Intune an efficient and effective solution for managing endpoints and security.

Intune users appreciate its flexibility compared to traditional on-premises Active Directory systems. For instance, with on-premises AD, policy implementation requires the user to be physically present in the office. In contrast, Intune enables remote policy management, as demonstrated by the scenario where a user's account is locked on an Intune-managed laptop. Even if the user cannot log in to the device, unlocking the account in Azure AD automatically unlocks it on the laptop, regardless of location. This significantly improved over previous methods involving complex workarounds like sharing local profile passwords. Intune's integration with Azure AD simplifies account management and provides seamless access for remote users.

We manage multiple users who use Azure AD and Azure VDI machines but often prefer using the VDI machines over their laptops. To address this, we proactively contact users whose laptops haven't reported to Intune in 20-30 days, informing them of potential removal and providing additional notifications through tools like Nexting or SysTrack. We also send emails to users whose assigned machines are inactive, warning of removal if usage doesn't resume within 30 days. Additionally, we monitor machine downtime, login times, and compliance status while pushing necessary policies and updates. Our organization utilizes a hybrid model combining Intune for machine management and BitLocker encryption with SCCM for software updates due to the ongoing migration from on-premises to cloud-based solutions. While Intune enrollment and management are in place, we anticipate a full transition to Intune in the future.

We are using Intune Suites Cloud PKI to assign certificates to users. Previously, we managed Microsoft certificates on a hosted server. This process was manual. However, Intune now automates certificate management. Once a machine connects to Intune and authenticates, the necessary certificates are pushed without manual intervention. VPN login requires both a user and device certificate for compliance. Intune offers certificate management from both Microsoft and third-party vendors. Due to cost considerations, we are transitioning to a different certificate provider within our organization.

We have implemented Copilot in Microsoft Teams and Zoom to improve meeting efficiency significantly. Copilot automatically generates meeting minutes, including attendee lists, saving valuable time compared to manual creation. Additionally, it provides real-time meeting summaries, allowing latecomers to grasp discussed topics quickly. By automating these tasks, Copilot frees up approximately half an hour per meeting, enabling us to focus on more productive activities.

For IT and security operations, our company has implemented Copilot by hosting all ChatGPT features on-premises. As a financial company, we cannot access external AI tools directly. Therefore, our system interacts with our server rather than the Internet, allowing us to utilize ChatGPT capabilities based on our specific business needs.

Intune has significantly improved our device management process. Previously, we had to physically build machines on-site, requiring users to come to the office. Now, we can remotely push updates and assist users from anywhere, saving them time and eliminating the need for travel. Additionally, Intune's dashboard provides comprehensive insights into our device fleet, including compliance status, update failures, and application installations. This centralized view has increased our efficiency and proactivity in addressing issues compared to our previous reliance on SCCM reports.

When enrolling personally owned devices, Intune applies organizational-level settings. This prevents downloads to local machines when using Office 365 applications or Teams. We can restrict downloads to specific containers that cannot be copied to other folders. Alternatively, we can limit application usage to on-premises or organizational machines. While our current setup allows Office 365 access on handheld devices, downloads and uploads are blocked. Intune offers this level of control, preventing data transfer to or from the device, regardless of whether it's personally owned or a company-issued app.

We are upgrading our privilege management policies to mirror those already existing in our on-premises Active Directory. While we are not making substantive changes, Intune's endpoint privilege management offers significant improvements over our previous approach. By consolidating multiple policies into a few comprehensive ones, we can more effectively restrict user actions based on organizational hierarchy. This streamlined process eliminates the need for extensive group management in Active Directory and saves time overall.

Once implemented, our policies will reduce the attack surface by restricting service access only to users possessing an infrastructure organization certificate, which we have obtained. Additionally, we will enforce IP-level restrictions, preventing access from personal devices or those outside our specified IP ranges. We can implement these restrictions at the IP, device, or certificate level.

Intune has significantly reduced our costs. Previously, we managed multiple servers, but now we rely solely on a CCM server, which will be decommissioned soon. This eliminates the need for on-site server infrastructure, backup systems, dedicated staff, and extensive network support. With Intune, we can host the CCM server in a central location and avoid latency issues associated with multiple servers across different regions. Additionally, expanding to new offices no longer requires building additional data centers. Intune's cloud-based platform allows remote access from any location without needing on-premises infrastructure. As a result, many organizations, especially smaller ones, are adopting cloud-based solutions and eliminating the need for physical servers and laptops. Employees can leverage their own devices to access applications through Intune, further reducing costs and increasing flexibility.

We can primarily manage security posture through Intune. However, due to pricing, we will likely use a third-party solution for device certificates. Interestingly, Microsoft seems to be introducing third-party vendor options within their portal. Ultimately, the security team will evaluate all options, including Intune, considering factors like policies, pros, cons, and pricing before deciding.

Intune Suite's integration with Microsoft 365 and Microsoft Security provides robust capabilities for centrally managing both cloud and co-managed devices. Previously, managing Exchange, Active Directory, and applications required separate teams, but Intune has streamlined this process, enabling efficient management of all mailboxes across devices from a single platform. It's incredibly easy to manage, allowing for remote administration and policy creation. Unlike the previous process of manually creating and testing Group Policy updates, Intune simplifies policy creation and testing with just a few clicks. Additionally, Intune eliminates the challenges of server-based upgrades by providing centralized management and control.

We are currently utilizing multiple security solutions, leading to a complex environment. Due to cost considerations, we are transitioning from Microsoft's device certificate to a solution from a different vendor. Additionally, we are integrating this new solution with Intune and have replaced Jamf to manage our MacBook fleet. This change eliminates Jamf license costs while allowing us to manage Mac devices through Intune centrally. Similar to our previous use of Jamf, we incurred costs in a previous company but have successfully eliminated them by consolidating management within Intune. Furthermore, we are exploring Microsoft's evolving Office 365 licensing options. The latest E5 license offers integrated phone capabilities, replacing the need for separate devices like Cisco or Avaya phones. This consolidation allows users to make domestic and international calls through Microsoft Teams directly.

Previously, we relied on third-party applications like PointSec for mobile device security before Microsoft introduced BitLocker. PointSec required complex management, including console login, authentication, and handshake processes. BitLocker offered a cost-effective solution, initially used independently of Intune. However, Microsoft integrated BitLocker and Active Directory into Intune, simplifying management. While our previous company used an outdated AD environment that was difficult to migrate, Intune's integration with AD FS eliminated these concerns. Intune now allows us to easily manage BitLocker, including remote device wiping, providing enhanced security and control over mobile devices.

We currently aren't building any data centers. Previously, we did, but now we're facing a tenant-related issue. When accessing a US-hosted Azure machine from India, latency is a problem regardless of whether we're using a data center, our own, or Intune. I believe Microsoft could offer a feature to create a nearby tenant, allowing users in India to create one there rather than dealing with multiple tenants, policies, and groups for different regions. For example, if a company with a US-based data center expands to India, they currently need to create a separate Indian tenant to provide machines for Indian employees. Instead, Microsoft could potentially offer a peer-to-peer connectivity solution or similar approach, enabling access to US-based machines from India without requiring additional tenants or administrative overhead. This would simplify management, as administrators wouldn't need to handle separate tenants for each region.

There's a significant discrepancy in Intune pricing between tenants. Previously, my company assigned Canadian machines to Indian users due to a lack of Indian tenant options. This resulted in exorbitant costs compared to the drastically lower pricing for identical configurations in India. Given that Microsoft can determine the user's location based on IP address, they could potentially adjust pricing accordingly. For instance, a Canadian machine accessed from India could be charged a reduced rate similar to locally provisioned machines. This would align pricing with the actual location of use rather than solely relying on the tenant or data center.

Intune's lack of support for legacy applications is hindering rapid migration to Intune or Microsoft platforms. Organizations are reluctant to switch due to Intune's limitations and potential cost implications compared to alternatives like AWS or Google Cloud. While many organizations are using Intune and registering applications, they often rely on other cloud providers for specific services like storage or SQL. Given the extensive use and reliability of platforms like AWS over the past decade, Microsoft should consider offering competitive pricing and comparable services to encourage wider adoption of Intune.

I have been using Microsoft Intune for two and a half years.

I have never experienced any stability issues with Intune. If something occurs, it is resolved in a fraction of a second. I would rate the stability ten out of ten.

I would rate the scalability of Intune nine out of ten. The scalability is dependent on the configuration. To increase usage, we have to pay more.

The technical support is good.

Positive

Previously, we relied on SCCM and on-premises Active Directory, which was challenging due to manual account management and group assignments. Intune has significantly improved this by allowing us to implement policies upon user creation and automatic replication. Active Directory management was often problematic, with group removals due to scripts and inconsistent replication across different locations. Intune's cloud-based nature ensures faster updates and accessibility regardless of location or VPN status. This flexibility benefits both IT staff and end users. Intune's integration with Windows and potential for future enhancements, such as system health monitoring, make it the leading choice over third-party solutions.

Intune deployment is straightforward. Even end users can perform it. All organizational laptops have a built-in operating system. Resetting a laptop returns it to factory settings, automatically installing the enterprise OS, ready for Intune enrollment. The only requirement is internet connectivity. Enrollment is simple: log in to the laptop, press Shift, restart, and the device enters enrollment mode.

Deployment time varies based on the operating system's complexity. At my previous company, we deployed twelve applications within the OS. Currently, I manage the deployment of over forty applications through autopilot. The exact duration depends on the specific OS configuration, including the number of applications and other bundled components. Generally, it can take anywhere from two to three and a half hours to complete the process.

Microsoft's pay-as-you-go pricing model for Intune could benefit from a Google-like approach. While Microsoft charges for actual usage, it lacks discount options. In contrast, Google offers discounts based on usage duration, rewarding customers for extended service utilization. AWS also provides organizational-level discounts, demonstrating alternative pricing strategies. Intune's current focus on cost savings through service adoption is effective, but incorporating usage-based discounts could enhance its competitiveness and attract more customers. While the current pricing is market-competitive, additional discounts could position Intune as a more compelling option.

I would rate Microsoft Intune ten out of ten. Previously, we had to physically go to the office to build machines. Now, we no longer need to build them on-site, as Intune allows us to manage many aspects of devices remotely and easily without a VPN connection. It's truly a SaaS solution.

If someone is interested in using Intune, I would need to assess their enterprise's size, work location, and specific needs to determine if it's suitable. Intune is particularly beneficial for remote workforces and larger organizations due to its ease of management and scalability. I would evaluate their department structure, policies, applications, and existing infrastructure to provide tailored recommendations. Intune's cloud-based nature eliminates the need for on-premises infrastructure, reducing complexity and administrative overhead. Additionally, it consolidates management responsibilities, allowing for efficient oversight of various IT functions. Compared to traditional IT setups, Intune simplifies email management with cloud-based solutions like Office 365, offering increased storage, accessibility, and device compatibility.

Approximately 60 of our 100 employees utilize Intune, and the platform manages 100 percent of their devices.

Intune generally requires minimal maintenance, but this depends entirely on the complexity of our created policies, including allowed and restricted settings. While Microsoft offers guidance to minimize management efforts, adhering strictly to their recommendations is essential for full automation. Customizations may necessitate ongoing maintenance. Ultimately, closely following Microsoft's guidelines will optimize Intune management and minimize our workload.

We also use Bing Copilot, but I find Bing AI less effective than ChatGPT. Bing frequently requires multiple prompts before providing a response, whereas ChatGPT typically delivers accurate answers more directly. For instance, when asking for a Microsoft Outlook KB article, Bing requested clarification on the term "KB," while ChatGPT promptly provided relevant KB articles. It seems Microsoft's AI could benefit from further development to match ChatGPT's capabilities.

I recommend Microsoft Intune for larger organizations. Legacy applications may not be compatible with Intune, preventing their use. Smaller companies might consider Software as a Service solution like Office 365 instead, offering email, PowerPoint, and other tools without requiring Intune. Enrolling devices in Intune for small businesses might not be justified due to the costs and IT management overhead. However, for organizations with 1,000 or more employees, Intune can provide enhanced security and device management. If Intune pricing is scalable based on the number of enrolled devices, smaller companies could evaluate it. Ultimately, the decision depends on the organization's size, IT resources, and security needs.

Our main use case for Microsoft Intune is for laptops in remote situations where the client is remote and not where we are locally, as well as when the end user is not at the home office. When they get a new computer, they open it up out of the box and then it connects to the internet and it will automatically set up their username to the brand new computer. It'll download apps, it'll set up security policies, it'll connect, program in the company Wi-Fi, the network settings, mapping drives. This enables automated remote setup and management of the computer.

We provide IT support through a managed service provider (MSP) model, offering both hourly work and contracted managed services. 

Once the initial setup is complete, which involves running PowerShell commands, programming, and testing, the product becomes very user-friendly for end users, particularly for Level 1 tech support staff. After Level 3 network engineers have configured everything, it becomes easy for frontline support personnel to manage the computers effectively. This system allows a Level 1 technician to address various needs without having to remote into the end user's computer. For instance, if a user requires a new printer, the technician can simply deploy the printer driver remotely. If access to certain resources is needed, that can also be pushed out without direct interaction. Additionally, the capability to remotely apply or remove settings is crucial. If a machine is lost or confiscated, technicians can lock it down or even wipe the data remotely. In the event of an operating system failure, they can instruct the computer to reinstall the system from a distance.

In this way, once properly set up, Microsoft Intune significantly alleviates the headaches and hassles faced by Level 1 tech support staff when addressing end user issues. The system is not only designed for setting up computers but also for maintaining them and assisting in troubleshooting. Without Microsoft Intune, it would be extremely challenging, if not impossible, for a large company to send out computers to users and have them set up and ready to use right out of the box in a remote location. If a vendor needs to ship a brand new computer to a user whose previous computer has broken, the process becomes much simpler. The user doesn’t need to be on the phone for setup; the computer connects to Microsoft servers remotely and sets itself up automatically.

Our client has around 300 machines, and initially, their goal was to complete the setup of one or two machines each week. However, after implementing Intune for them, they have been able to set up and install approximately 30 machines per week. This has significantly exceeded their expectations, allowing them to accomplish far more than they initially planned.

The best feature of Microsoft Intune is that since it's working with Microsoft servers and the Microsoft operating system, it's tightly integrated. There's a lot of documentation and resources for training. It's the first step to remote managing a Windows-based laptop or machine that you want to use out of the box. Even if you use a third party, they're still built on Microsoft services.

There are some cases where features of Microsoft Intune have changed, and sometimes it's tricky to find the answer. It's such a mass amount of information that searching for the solution to why something isn't working as expected is sometimes tricky or daunting. That's where the AI searches with ChatGPT and CoPilots come in because those AIs are helping us search a vast amount of data all at once. We can type in our question and formulate it to get the steps to the problem, the answer, and then verify it or write a script. We're leveraging AI to search the vast amount of old solutions, new solutions, and potential solutions all at once.

We've been learning Microsoft Intune for a year and a half and have just started to use it.

We haven't used their support. The documentation has been pretty good so far. It has allowed us to meet our clients' needs and deadlines and remotely manage, install their software, remove software, and ensure compliance.

When it comes to the IT department, regardless of individual skill levels, setting up and using these systems requires dedication. It's not something one can merely "hack" their way through; you need to start from the basics and understand the complexities involved. This isn't necessarily Microsoft's fault; rather, it's a reflection of the intricate problems and challenges that Intune addresses.

Intune is designed to handle complex issues, and Microsoft has made it as user-friendly as possible given the many options and components involved. It interacts with various parts of the computer, including group policies, on-premises servers, hybrid systems, and cloud-based solutions like Azure. With such a wide range of capabilities, it's not something you can simply learn by watching a single YouTube video. To effectively use Intune, you need to read and study the material. In summary, it requires a highly skilled individual to properly implement and manage this technology.

The deployment model is what's called a hybrid join with Microsoft Intune. The client has an on-premise server and an off-premise Azure cloud server. Because some of their software is still local and the way they have their network set up, we have to do it as a hybrid, which is one of the more complicated ways to do it, but we've been able to get it done. That's considered a temporary solution by Microsoft. Once you get it all working, there are some changes that you make where it's no longer hybrid.

We've just started taking a look at CoPilot in Microsoft Intune. We use a combination of ChatGPT and CoPilot to get answers and help write scripts quicker or to search for problems quicker. 

I would recommend Microsoft Intune to others because it's the industry standard for doing what it does. There's not really another option.

I would rate Microsoft Intune an eight out of ten.

We are using various security solutions and implementing a Zero Trust framework for our organization. Intune is part of this framework.

We are transforming our flat network by adopting different cloud solutions, and our own applications are hosted in the cloud. Intune ensures our security throughout our entire cloud-based system, improving our security posture.

Intune is valuable for managing various endpoints and integrating with the Azure cloud, which is essential for our organization. The user experience is good because we only use Microsoft solutions, which are user-friendly.

We have Intune's enterprise application management in our pipeline, and our infrastructure and hybrid cloud team are working together to deploy applications using Intune. It has security analytics, and more exciting features are on the way. 

Cloud PKI helps us manage the complexity of certificate infrastructure. Previously, we hosted all the VMs in our own data center, but now we're on the cloud, helping our user base and VMs grow. 

Copilot helps our engineers work better by making suggestions and offering resolution metrics. We can understand and push those patches or fixes from that side.

Intune could be improved by organizing different solutions, like Defender and Sentinel, into a single package. This would allow us to focus on security while Microsoft manages other areas. Having a unified solution would drive better management of various sectors. Although the Intune user experience is good, we should continue enhancing it.

I have used Intune for one and a half years.

Since we started last year, it's relatively new, and I would need more time to fully assess it. However, I have positive thoughts about Microsoft Intune's stability and anticipate it will be beneficial for us.

Intune is scalable, and Microsoft is always focused on scalability, especially for business conglomerates like ours. Scalability has been ensured, and it's working correctly.

I rate Microsoft support seven out of 10. Technical support can be challenging when resources shift, requiring repeated explanations. Support from India sometimes provides information without the right solution. Given our premium support, expert-level service from Microsoft could be enhanced. 

Neutral

Before Microsoft Intune, we used regular security solutions. We chose Microsoft Zero Trust for full security.

The initial setup was aided by our partner, who guided us well. Although there was much to learn initially, current processes have simplified the experience.

We worked with a local reseller, Elevate Solutions, who is implementing the Zero Trust framework for us. They have been committed and focused on implementing the right solutions, which has been helpful.

Earlier incidents caused data loss and required reentry. Microsoft Intune has improved our processes.

We have a limited budget for security investments, so Microsoft should consider reducing pricing in our region. This would make investment more viable, especially since larger businesses in other countries can afford it easily.

We evaluated Google Cloud Platform (GCP) before choosing Microsoft Intune, but since our team is experienced with Microsoft, and Microsoft's clear vision for the future aligns with ours, we chose Microsoft Intune.

I rate Microsoft Intune eight out of 10. 

With Microsoft Intune, I can leverage all platforms including Mac, Linux, Android, and Windows, especially Windows and Android. Our organization uses the Windows environment and Android applications on Android operating systems, so Microsoft Intune is ideal for us.

I have experience with Jamf Pro and Microsoft Intune. Both Jamf and Microsoft Intune are separate products. When comparing Microsoft Intune to Jamf, Microsoft Intune is superior. Jamf is only for the Mac environment, however, with Microsoft Intune, I can leverage all platforms including Mac, Linux, Android, and Windows.

Sometimes as per our expectations as an IT person and decision-maker, I want to implement certain policies and spread them to all devices enrolled in Microsoft Intune. However, implementing some policies is not possible. For example, with BYOD enrollment, I install the Microsoft Intune application and enroll the machine. Once completed, I attempt to implement the BitLocker policy. Currently, BitLocker does not support BYOD enrollment, which is a product limitation.

We face multiple scenarios where IT decision-makers request specific policy implementations, however, due to product limitations, we cannot fulfill these requests. The limitation primarily affects BYOD enrollment and personally owned devices. While it works well with corporate devices, we cannot enforce multiple policies on BYOD and personal devices.

As per the customer perspective, some changes are needed as product limitations can be restrictive.

For example, with Teams, I am currently using the application in my company for communication. One of my clients in Europe uses Google Workspace, not Teams. When sending meeting links between platforms, synchronization issues occur. If they use Google Workspace and G-meet, they cannot open Teams meeting links directly. They need to open it in a separate browser or install additional software. Better integration between these platforms would be beneficial.

I have been using Microsoft Intune for the last two years.

Overall, the stability is good, although I occasionally face challenges. During those times, I raise a concern ticket with a Microsoft representative, and someone from the team helps resolve the issue.

Support overall is good. 

Sometimes we want extra features and capabilities. When I raise a ticket regarding these requests, someone from the team informs me that it is a product limitation and we must wait for potential backend changes to enable such functionality.

Positive

I am already working with both Jamf Pro and Microsoft Intune. In Microsoft Intune, both Jamf and Intune are separate products. When comparing Microsoft Intune to Jamf, Microsoft Intune is superior. Jamf is only for the Mac environment.

The setup is straightforward. From the portal itself, if I purchase the licenses from the partner, I will inform my partner who will raise it for me. If I purchase from Microsoft directly via credit or debit card, I can raise the ticket from the Microsoft Intune portal.

The pricing is more costly compared to existing players in the market.

I would rate Microsoft Intune an eight out of ten. 

I have concerns regarding Microsoft Intune. It needs to reshape features. In Office 365, I also have concerns that need to be addressed. 

Our main use case for Microsoft Intune is patching. We use Microsoft Intune for patching, specifically Windows patching.

The user experience of Microsoft Intune is quite good because there's not much disturbance in the background; it's just running in the background.

The most valuable features of Microsoft Intune include remote updates. The update runs in the background, so there's no need in most cases to go on-site to do it.

Based on my experience and my team's feedback, one thing that could be better in Microsoft Intune is the file size, as it is quite large at times. Sometimes the file size is too large. The space taken on some hard disks may be too large for the patches that run on them, as we're limiting all these local storage to encourage our users to store on OneDrive rather than on local drives.

For additional functionality, I suggest that Microsoft could expand on asset management. Since the platform is there, they could develop it into a full-fledged asset management system.

I've been working with Microsoft Intune for around a year.

It's stable. I would rate the stability of Microsoft Intune a nine out of ten.

Technical support from Microsoft is quite good, especially because we subscribe to the premium services.

We are currently working with a hybrid deployment model. It's a hybrid because our Active Directory is still on-premises, but other services are online.

As for advanced Endpoint Analytics in the Microsoft Intune Suite, we are still working on it. We only completed the implementation for the basic functions at the end of last year. We are moving in stages.

I'm not sure about the pricing of Microsoft Intune because I didn't buy it. My team members bundled it together with their Microsoft solutions, including Microsoft 365 and related products.

I haven't used different solutions similar to Microsoft Intune or made any comparisons with other products at the moment. In the past, the nearest solution would be BigFix, but you cannot compare it to Microsoft Intune because BigFix was an older system, and you needed more technical knowledge to run it. You needed to know how to do scripting and related tasks.

If they could also make Microsoft Intune a full-fledged asset management system, it would be the best.

I would rate Microsoft Intune an eight out of ten.

We primarily use Microsoft Intune for managing laptops, cell phones, and mobile devices. We aim to have control over corporate data when it is on personal or company-owned devices. This control is crucial for ensuring data protection, especially when a device is lost or goes missing.

Microsoft Intune helps us avoid issuing everyone company-owned devices. We provide a stipend, allowing users to bring their own devices. This approach gives us leverage against other MSPs. It also enhances collaboration because clients already covered by specific licensing can optimize their usage of Microsoft Intune.

Intune's integration with Microsoft 365 is exceptional. It allows a cohesive management experience for users, especially for a small MSP like ours. The automated deployment and configuration using Autopilot and the ability to secure data on lost devices are particularly helpful features.

The solution's user experience is so simple I can give a two-page PDF on how to enroll a cell phone or device, and they can follow it. Automatic enrollments help us migrate large numbers of users.  We take it slowly with them, but they are surprised at how easy it is to enroll a device.

We're still preparing to turn on Copilot in our environment for testing, but we need to sort our security more. We're doing a demo of Copilot, and we're checking out the features. We use another tool to pull the device data, but having everything in a single pane of glass makes more sense. We have to pull this information from four windows now, so having everything in one place is simpler.  

Training will be much easier for us than training someone on 20 different. Giving someone a few videos and having them start going through it will be more straightforward. I'm excited to see the growth of Copilot with Intune.

I would like Intune to natively support easier report generation. This improvement would enable less experienced staff to run reports more efficiently without relying on additional tools or functions.

We have been using Microsoft Intune for at least six years.

Microsoft Intune is reliable. Devices do not frequently go offline, and any connectivity issues usually stem from the user's side, such as a device being turned off.

Microsoft Intune allows us to scale device management efficiently. The system is easy for both technical and non-technical users to navigate, supporting a wide range of devices without complications.

I rate Microsoft customer service six out of 10. While some technicians go above and beyond, there is inconsistency, and connecting with the most helpful representatives is occasionally challenging.

Neutral

We initially used AirWatch for mobile device management before Intune matured. Eventually, Intune’s integration with Microsoft 365 became advantageous, allowing us to consolidate systems and migrate clients using alternative solutions back to Intune.

The setup, especially for mobile devices, has become entirely automated. Devices sync with accounts like Apple Business Manager or Samsung Knox, eliminating the need for hands-on configuration. From there, you can deploy everything by device or user login. 

Before, we used to bring them into our office. We would configure it and ship it out. We now pushed that back to the client and someone in charge of cell phone policy. Once they're powered on and signed in, everything else is taken care of.

We consulted Pax8, our partner, during the implementation for insights on licensing and Intune integration. Their support, coupled with information from Microsoft Ignite, helped address hybrid enrollment challenges.

We've seen a positive return on investment. The ease of use, along with automated features, proved beneficial when handling lost devices. A client successfully restored their wiped iPad and laptop, showcasing the system's efficiency.

Our company uses a flat rate model called stress-free IT. This model aligns with the necessary licensing, making it easy to cover features like Intune and conditional access, which are integral to our service offering.

We evaluated AirWatch (VMware AirWatch) and other mobile device management solutions before consolidating our clients under Intune due to its superior integration with Microsoft 365.

I rate Microsoft Intune nine out of 10. 

The primary use case is endpoint management.

The organization I'm with now is pushing towards cloud management. They want to move away from on-prem and hybrid to pure cloud.

We use some security management through Intune, but we have another product for that.

We were using a different product to manage machines. I had a lot of different organizations I was managing. I started seeing the benefits of machine level or the cloud management through Intune as we started pushing it to clients that were using the proper licensing, like 365 Premium. The management aspects of that were fantastic compared to what they had or didn't have at that point. So it was a pretty immediate benefit in using Intune.

The biggest asset is the range of device management options available with Intune, whether it is a Windows device, a Linux device, a Mac device, or mobile devices. There are numerous options available. Within Windows devices, the depth of management is very nice.

I grab the logs through the events in Intune. We do some of the security through there, but we're evaluating whether to migrate wholly into the Microsoft ecosystem for security or keep it separate.

We do manage some applications through Intune. I think they make that very simplistic and easy to maintain.

I only have under 400 endpoints that I'm managing right now with this organization. The reporting aspect of it has been very nice because I've been able to keep an eye on devices that may or may not be functioning properly. I need to explore some of that automation deeper.

We use Cloud PKI extensively for deploying certificates.

There are a lot of great functions that have been implemented, especially conditional access and zero trust. Intune really does nail that quite well.

We're more productive with Intune. The management of devices makes it a lot easier, and it's faster to deploy devices with Autopilot.

Intune helped us to consolidate vendors, which is helping reduce attack surface.

The reporting dashboard is really limited. You have to use something like Power BI and Graph to get better reporting. I wish they would implement new dashboards and widgets for the dashboard in Intune. The report updating period is very slow, taking upwards of over an hour to confirm if a policy is deployed after check-in.

The user experience is good. There are a few things that I wish could be tweaked. Whereas with other management systems like Jamf and JumpCloud, you can set the check-in interval times so you can push policy faster. We don't have that option with Intune, so I think that's the biggest failing so far. It can take a while for policies to push out to users.

I have been using Intune for about three years now.

Very rarely have I seen it crash, maybe twice. However, if Intune is not available, the 365 environment might not be available, causing a major ordeal.

Customer service used to be better. In the last couple of years, support has not been very good, even with Premier and Premium support. It's been very hit-or-miss. However, when you get a knowledgeable support engineer, they are very good and helpful.

Neutral

I've used Jamf, JumpCloud, Mosyle 360, and Automate. I switched when I started to see the benefits of machine-level or cloud management through Intune.

Intune from zero has a learning curve, however, it's not overly difficult. It's important to have a basic understanding of what you're doing.

I've set up environments by myself. It's better to have a small team to verify policies and come up with solutions.

I know what's included in 365 Premium offering, and it's a good deal. On an enterprise level, they break out features I'd really want, which complicates access. It is a good value, especially for smaller organizations.

I've used Jamf, JumpCloud, Mosyle 360, and Automate in the past.

Make sure you have a test environment or test devices. Don't push a policy out to all devices unless you absolutely understand what it's going to do.

My advice to someone considering Intune is that if they're already using 365 products, then this is a great system to lean on and to deploy to your organization. If you're in another organization's ecosystem, like Google or Amazon, then I may not necessarily think it would be the best option.

I have worked on multiple projects during these four years and encountered various scenarios with Intune. The major issue I found is Intune's vastness; it has numerous features within a single MDM portal. We can deploy unlimited features from the Intune portal to manage devices and protect the environment. Intune's capabilities are extensive, but there is room for improvement in certain areas, particularly reporting. Intune's reporting functionality is still under development, and we can anticipate further advancements in this area.

I previously worked as a solution engineer and am currently a call center agent in IT. I have worked on all sorts of Intune-related issues, including those related to mobile devices, Windows devices, enrollment processes, and policies. My expertise includes Autopilot, GP enrollment, the enrollment process for Windows, iOS, and mobile devices, as well as configuration profiles for multiple devices and platforms. I have also worked on scripts. As an escalation engineer, I have dealt with a wide variety of user issues.

The primary benefit of implementing Intune is the ability to manage devices, including controlling access, deploying applications, and enforcing restriction policies. As administrators, we gain control over which applications and websites users can access on their devices. Additionally, we can seamlessly deploy applications and configure network settings according to our organization's or client's specific requirements. Intune enables us to manage devices, deploy applications, and enforce policies, ensuring that devices within our environment adhere to our company's standards.

My deployment is primarily cloud-based, but I also have knowledge of hybrid environments. I have limited on-premises experience, having only observed local Active Directory servers. I can configure them theoretically, but I wouldn't consider myself a trained engineer in that area. With hybrid environments, I understand how to implement and integrate the hybrid components with Intune for a seamless and error-free deployment.

We can integrate endpoints directly into Intune, enabling us to access the options on the Intune portal. Intune is a seamless feature that collaborates with various services within the Azure ecosystem, essentially relying on Azure for its functionality. An essential collaboration exists between Azure AD and Intune. Similarly, Defender, another Microsoft service, must be integrated with Intune to remediate threats. In essence, Intune is a unique entity that requires communication with other Azure services. Configuration and connectivity are necessary to achieve this integration. Once integrated, we can access other endpoints directly from the Intune portal.

The user interface is straightforward, and the configuration profiles are easily accessible to the administrator. There are multiple ways to implement a single setting or policy on a device, including the deployment of several policies. A new feature allows for the creation of policy sets that can be deployed to different locations within an organization, streamlining management for administrators across multiple regions. This is a valuable feature that saves time and increases efficiency. Policy sets can be created, and locations can be assigned to them, ensuring that any enrolled device or user within that location receives the predefined policies. Group tags further enhance this process by automatically applying policy sets to devices or users added to specific group tags. Overall, Intune offers numerous features that enhance administrator productivity, including the ability to efficiently manage and track policy deployments.

The enterprise application management feature is excellent. If we've deployed applications using the application management services, we can provide updates directly, eliminating the need to repackage them. With application management, if an application is deployed in a region with multiple devices, those applications automatically update once an update is available. It's one of Intune's best features and was recently integrated. While I need to explore it further, I've previously used it to deploy applications in a region, and any auto-updates from the store were applied seamlessly. This is a significant benefit of Intune.

The PKI process in Intune is excellent, though it can be complex for administrators. Intune's reporting has improved since last year's changes, and removing one PKI component has simplified the troubleshooting log collection. Once correctly configured, this reliable feature allows direct certificate deployment to users and devices, eliminating the need for constant password and user ID entry. Users can seamlessly log in with their certificate across various applications, such as email or VPN profiles, enhancing convenience and security. Overall, Intune's PKI capabilities significantly benefit streamlined authentication and access management.

How we use Copilot depends on the specific needs of the enterprise. For clients with an existing on-premises environment, which typically includes multiple servers and domain controllers, there's often a gradual desire to migrate to the cloud. In these cases, we recommend Copilot, where we can implement an Intune environment and facilitate the gradual transition of devices from SCCM to Intune. These scenarios represent the primary use cases for deploying Copilot for device management, as it offers an optimal solution for managing devices during the on-premises to cloud transition. For remote users unable to access the physical office, device enrollment ensures cloud-based management. In contrast, restricted environments necessitate on-site presence. While VPN offers an interim solution, enabling remote device management through on-premises connectivity, it incurs additional costs. Ultimately, we advocate for cloud adoption as a cost-effective and simplified approach to device management, aligned with the ongoing evolution towards cloud-based solutions.

Intune has significantly improved our organization. Firstly, it allows users to work securely from anywhere, as the device is managed and policies, settings, and restrictions are deployed over the cloud, regardless of the location. Additionally, we can deploy various policies and regulations for security, simplifying device management. From an admin perspective, Intune streamlines device management by allowing us to simultaneously deploy policies to multiple devices. Enrollment is also effortless, as devices can be shipped directly from the vendor to the user and ready for use. This eliminates the previous admin tasks of deploying custom OS images and managing policies via SSCM, ultimately improving productivity.

Intune's ability to secure hybrid work and protect data on company and BYOD devices involves security restriction and conditional access policies. These settings provide significant device security. For instance, we have unconditional access policies and app protection policies. These policies allow us to secure data users might share with other devices or native applications. With conditional access, we can require devices to be managed by Intune before accessing corporate data, ensuring they receive necessary restriction and protection policies to prevent sharing corporate data with unauthorized applications. This significantly enhances corporate data security. While user agents offer data security benefits, Microsoft Defender and Office 365's data loss prevention policies strengthen our overall protection.

Intune has helped save 90 percent of our costs.

The security provided by Intune is excellent. The security policies deployed through Intune significantly enhance device security, encompassing data protection, device restrictions, Wi-Fi settings, and proxy configurations. Additionally, Intune can deploy antivirus software if we have the appropriate licenses, further bolstering security. Overall, I'd estimate that Intune provides roughly 80 percent reliability in terms of security.

Intune's ability to integrate with Microsoft 365 and Microsoft Security for both cloud and co-managed devices is crucial because, in isolation, Intune is limited. To make its features work reliably and meet specific requirements, integration with Office 365, Defender, and local AD is necessary. This integration enhances security on devices and enables advanced features like data loss prevention through Office 365. While Intune offers security policies, integration with Office 365 unlocks their full potential for comprehensive device protection.

What I like most about Intune is its seamless enrollment process, particularly the Autopilot method. Autopilot allows bulk enrollment of devices, making it easy for end users, even those without technical expertise, to use their devices immediately. While there might be occasional error messages during configuration, when done correctly by the administrator, Autopilot is the best feature currently available.

Intune is excellent. It is constantly evolving, from the legacy portal to the current endpoint management; we are seeing a gradual number of changes, and many features have been implemented and added to the Intune portal. The interface is great and user-friendly. Even someone without much MDM experience but needing access to the Intune portal would be able to understand that these are Windows devices and these are the policies they can deploy. The portal's overall UI is user-friendly. Furthermore, the categorization of devices and policies on the portal is excellent. We can categorize devices, look for conditional access, and check for configuration compliance in a specific location. The categorization is the best way currently available.

The worst aspect is the reporting. We are still in the development phase of reporting, and it is not always accurate. Sometimes, we don't receive the correct report, devices aren't listed as they should be in the Intune portal, or deployed applications and user policies aren't reported by Intune even though they are present on a device. There is room for improvement in Intune's reporting capabilities.

If my organization has sensitive data we don't want to leak, deploying the policies can present technical challenges and potential loopholes. While 90 percent of end-users are not technical enough to find these loopholes, a user trained on Intune who understands the background processes and policy weaknesses could pose a security risk to the organization.

App protection policy and compliance state. Recently, I encountered a user scenario similar to one I've experienced as an administrator. If my device is enrolled in Intune but not through a corporate method, some loopholes allow administrative control of the device itself. We can un-enroll the device and remove the management profile, yet the Intune portal will still show the device as compliant because it captured the last compliance state. As long as the device reports to Intune, its compliance status in the portal remains unchanged, regardless of its actual state. Only when the device stops checking in with Intune will the last compliant state be displayed, with no indication of non-compliance. The device's Intune compliance state will show the last check-in time. We can leverage the newly integrated data loss prevention feature in Intune to improve the app protection policy, which is currently inconsistently effective. With the appropriate licensing, deploying data loss prevention policies can enhance our protection strategy.

I need to delve into reporting and analytics. The policies, restriction policies, enrollment limitations, and everything else are great. However, one current limitation is that we can't roll back security baseline policies deployed from the Intune portal to a device. Those changes are permanent if a security policy changes the device's registry. If an administrator mistakenly deploys settings from a baseline policy instead of a restriction policy, the only recourse is to reimage the device. In my opinion, baseline settings shouldn't be permanent. However, as developers of the Intune portal, there must be some significance to these clients.

I have been using Microsoft Intune for four years.

I would rate the stability of Microsoft Intune seven out of ten.

I would rate the scalability of Microsoft Intune eight out of ten.

I was the Microsoft Intune Closure Engineer, working in a global support group. My role involved providing solutions for Microsoft, addressing tickets created by users or administrators worldwide. I would rate the overall Microsoft support an average of eight out of ten. The support process begins with a ticket being assigned to a junior engineer with basic understanding, which I'd rate a six. If the user's issue remains unresolved, it escalates to a level two engineer, improving the rating to an eight. In rare cases, unresolved issues are escalated to a senior engineer which would drive the rating up to nine out of ten.

Positive

Before Intune was introduced, we had to use Office 365 for MDM, which had limited options. Then came the legacy Intune portal, followed by the endpoint management folder, the most recent portal we've used. I've also used Jamf and AirWatch a bit, but I'm not as proficient with them as with Intune.

The initial deployment of Intune was complex, with deployment time dependent on the specific environment. For organizations with multiple sites, Intune deployment is particularly challenging and can take four to five months. The migration itself is not a simple task and can be time-consuming. Based on past experience, assessing existing security policies and applications from the on-premises environment is crucial before identifying what can be achieved with Intune, given its limitations compared to SCCM. While Intune can replicate some functionalities achieved through group policies, the migration process can still take a considerable amount of time, ranging from seven to eight months to even one and a half years, depending on the environment's complexity.

Microsoft licenses are costly. Organizations should determine the best license to get the maximum features based on their requirements. Intune comes with multiple licenses, including E3, E5, standalone Intune, and a few more. Microsoft 365 is also an option. There are almost seven license lists where Microsoft Intune is present, except for the standalone license. It's definitely costly. Microsoft could look further into providing some cost-cutting measures for the licenses.

I would rate Microsoft Intune eight out of ten.

Intune includes various features and categories, allowing management of operating systems like Linux, Windows, iOS, macOS, and Android. Its user interface, departmental organization, and enrollment process are all straightforward. However, based on my six years of experience with Microsoft products, including four years specifically with Intune, its reliability is around 80 percent. Occasionally, it doesn't report correctly, or devices fail to receive deployed configurations. In comparison, AirWatch seems more reliable. Despite this, considering my overall experience with Microsoft, it still offers one of the best management solutions. Intune's predecessor, SCCM, which manages devices on-premises, is more reliable because Intune is still developing.

I'm working on two accounts. Under one account, I have a growing number of devices. So far, there are approximately 300,000 Windows devices, 100,000 Android devices, and 250,000 iOS devices in one environment. The number of users is similar. In another environment, which I've been using, there are a large number of devices. It's taking time to load, but I would say there are approximately 400,000 to 500,000 Windows devices in this environment.

Intune is continually evolving. If a feature is currently unavailable or needs improvement, we typically provide feedback to the Intune development team, and they implement or enhance that feature in a future release. In new releases, developers add features, and if there's a need to further develop or enhance those features, we see those improvements in subsequent releases. Maintenance on the Intune portal is necessary to facilitate these dynamic changes. Additionally, the Intune environment itself requires maintenance. This includes managing user accounts and enrolled devices, as well as adjusting restriction and security policies as needed.

I recommend Intune because it offers multiple features within a single environment. Once deployed, you can manage iOS and other platforms from one location. However, there's a caveat: if you have a highly restricted or complex environment where security is paramount, such as in banking, federal agencies, or similar organizations, you might reconsider using Intune due to potential reliability concerns.