Microsoft Intune Reviews

Currently, we are using Intune to manage our iOS devices. We are planning to extend its use to our Windows computers. Initially, the immediate need was for a Mobile Device Management to support the iOS platform, and Intune fulfilled that requirement.

When it comes to iOS, Intune is quite limited. Since it is a Windows product, it is more tailored towards Windows devices. We noticed limitations, which is one reason we are trying to move away from it. Intune does consolidate all endpoint and security management tools into one place, making everything easier to manage.

Intune should support platforms other than Windows. We have encountered several limitations, especially when handling iOS devices. Features like unlocking devices sometimes fail, and the support offered for other operating systems is insufficient. Enhancements are needed based on my real user concerns.

We have been using Intune since we transitioned to Office 365, and that was over five years ago.

The product itself is fine. We have not experienced any connection issues or significant problems. However, we do encounter backend issues related to its administration.

Intune is not scalable enough to fully support other operating systems aside from Windows.

Microsoft support is alright; it is a standard experience. On a scale from one to ten, I would rate it a five.

Neutral

We did not use a different solution before opting for Intune.

The initial deployment was pretty straightforward.

The deployment was completed with an in-house team comprising about twenty people, where everyone had a small piece of the work.

We see ROI because Intune is bundled in our Microsoft agreement.

The pricing is fair. We get Intune bundled with our Microsoft agreement.

We did not evaluate any other options before choosing Intune.

If you are a Microsoft shop, then Intune is a good fit. If not, you might face issues because it primarily supports Microsoft products. We are planning to decrease its usage. Overall, I would rate Intune a five because we are not solely a Microsoft environment.

We use Intune specifically for device management and patching, as well as with Autopilot for device configuration and deployment.

Intune has significantly benefited our organization by providing comprehensive visibility into our device ecosystem. This enhanced oversight has led to cost reductions, improved operational efficiency, and a deeper understanding of our IT environment.

Intune's most valuable features are its device management capabilities, particularly its centralized integration with other Microsoft stack components. 

Intune could be improved by expanding its third-party patching capabilities for a more comprehensive solution. Currently, we must utilize external resources to manage certain tasks across our environment. Furthermore, user functionality and feature sets could be enhanced, especially as we prepare to deploy Intune on Mac devices.  

I have been using Microsoft Intune for over a year.

The stability of Microsoft Intune is good.

Microsoft Intune is scalable.

We don't rely on Microsoft for support because, as their top partner, our team possesses extensive Microsoft expertise. Generally, issues are minor and resolved efficiently in-house.

Positive

We currently use Ivanti for some patching and third-party solutions, and Jamf to manage Macs due to limitations in Intune. However, since Intune is included in our Microsoft 365 E5 package, we are motivated to consolidate our toolset.

We have seen a return on investment from the device deployment aspect, with less hands-on touch required when deploying devices.

I rate Microsoft Intune eight out of ten.

I would rate the Intune user experience an eight out of ten.

We plan to implement Intune's advanced endpoint analytics feature next year to gain deeper insights into our environment. This will enhance our understanding of its performance and health.

Our organization is currently deploying Intune's public key infrastructure for cloud applications.

We use Microsoft Intune for managing devices. We deploy our devices to users using Microsoft Intune Autopilot, which enables us to set up the device for the user and then ship it to them. When they log in, everything is there for them, including all the applications they need. We push applications through Microsoft Intune; for example, we install Zoom through it. 

We do not allow users to install their own apps. We use AppLocker, which prevents users from installing their apps. We can use remediation scripts. One script uninstalls Google Chrome if someone installs it because it hasn't been set up in AppLocker yet. If it were, AppLocker would prevent the user from installing Google Chrome. We use Microsoft Edge because it's easier to manage using Microsoft Intune and Microsoft Endpoint Manager. We can prevent users from installing extensions, which is beneficial because password and session token theft often occurs through malicious extensions. We can have a whitelist of extensions that users can install or push an extension to be installed using Microsoft Endpoint Manager. I'm using Microsoft Endpoint Manager and Microsoft Intune interchangeably here because they're practically the same product.

The best feature in Microsoft Intune is the ability to wipe a device if it gets lost or stolen. Even if the device goes offline, if you send the command to wipe the device and it appears online, you can still wipe it. If the device breaks or ruins the storage, it doesn't matter because the goal is to ensure they don't have the data. You can also keep the device locked to your tenant if desired. If someone steals the device and tries to install Windows again, it will display 'Welcome to X company' and they cannot proceed past that point.

Another notable feature of Microsoft Intune is application supersedence. For example, if we were using Microsoft Paint and we don't want it on the device but want another paint program, we can specify that Microsoft Paint will be superseded by this new application. It finds the application on the device, uninstalls it, and then installs the new application, providing two actions for the price of one.

Regarding the Enterprise Application Management feature for app discovery, deployment, and automatic updating, we utilize that functionality. We use advanced endpoint analytics with Microsoft Intune. Only one of the global admins needs the license, and the rest of the admins can manage without individual licenses.

I’m not sure if Microsoft can do anything to improve this situation. The most frustrating part for me is when we make changes to a device, particularly with our virtual machine setups and test users. These test users need an intern license, so we usually provide them with what the other users have, which is a business premium license—it's the best value for our needs. When we push an application, it’s usually manageable. However, when it comes to configuration changes, the waiting game can be tedious. Sometimes the change takes effect in just two minutes, but other times it can take up to two hours. It’s difficult to be patient while waiting to see if the change works. We could try restarting the Intune management service to prompt it to check for updates, but that’s hit or miss too. I really don’t know how the changes are pushed to devices—whether our changes go into a larger queue with others or not. What frustrates me the most is just waiting and tapping my fingers, uncertain about whether my changes will take effect. I honestly don’t know how they could improve this process, as I’m not familiar with the inner workings. But this delay is the most annoying part for me.

Sometimes, the menu system isn't very user-friendly. You'll find yourself digging through various sections, and the changes to the menu can be frustrating. For example, when you ask Copilot, "Where is this?" it might respond with a sequence of steps to follow, saying you need to go here, here, and then there. However, either Copilot is misunderstanding the situation, or the option has been moved, as it might no longer be where it used to be or it could have a different name. This is something that seems to change frequently. Microsoft tends to update things consistently; they do it with Windows and other products as well.

The most important thing is to stay patient while waiting for these changes to take effect. Additionally, not only do we need to wait for the changes, but we also need access to logs that detail what has changed. It's frustrating when you see the changes happening on the device, and maybe they fail, but then it takes twenty minutes to an hour for that information to be reflected in Intune. This delay hinders your ability to troubleshoot effectively. From Intune's perspective, while I can check the event logs to see why an application might not have installed, I'm more concerned about understanding why Intune itself failed. So, the two main issues are the time it takes for changes to be implemented and the time it takes to report on the effectiveness of those changes.

I have been using Microsoft Intune for approximately five years now.

There has only ever been one issue with Microsoft Intune, which they fixed quickly in less than a day. That issue concerned displaying incorrect access rights to users. It did not disrupt operations significantly; we simply couldn't test anything for a while.

It's a very scalable solution. You can have thousands of devices connected if you want. It allows you to manage numerous aspects effectively. This system has greatly benefited my company, as we were previously reliant on an inadequate VPN for connecting to our network infrastructure. Now, we have the flexibility to hire employees from places like Arizona and Washington, which wasn’t possible before due to the need for onsite presence. Using Intune has enabled our workforce to operate remotely. Since implementing this solution, our company has grown substantially, and our talent pool has significantly expanded. Although we only hire within the United States, we now have the ability to recruit from virtually anywhere in the country.

Our company has approximately 100 users working with Microsoft Intune, with a more complex setup due to our structure of five separate companies.

We contact our cloud service provider first, who escalates us to level two tech support if needed. Microsoft support can be very inconsistent, warranting a rating of seven out of ten.

Neutral

My last use of SCCM was about eight years ago. Microsoft Intune's interface is superior; SCCM appeared outdated at that time. While I cannot extensively comment on SCCM due to dated experience, Microsoft Intune remains a strong product despite its regularly changing interface.

Our deployment is entirely in the cloud. We used to operate on-premises, but I migrated everyone to use Entra ID instead of Active Directory on-site. I had to accomplish this while everyone was working remotely, which made the process more challenging since using Entra Connect or AD Connect was not feasible for many users. Currently, everyone is fully in the cloud. We do have an office, but people are rarely there. They only come in for meetings and such; most of the time, they are working remotely.

The deployment of Microsoft Intune is relatively straightforward to set up. It's more straightforward than SCCM, though SCCM lacks certain features that Microsoft Intune has, and vice versa. For beginners, completing Microsoft SC-900 provides a foundation, which is more oriented towards Entra. However, MS-900 might be more suitable as it focuses on the admin center.

For new companies implementing Microsoft Intune, setup can be quick with experienced personnel. Transitioning from on-premises to a hybrid solution depends on the number of users. It's crucial to ensure proper ID transfer and appropriate Entra licenses, particularly for write-back functionality. Without write-back enabled, users changing passwords outside the office might end up with two different passwords.

One essential step is onboarding computers to Microsoft Autopilot. A script pushed through Microsoft Intune can accomplish this, though it becomes more complex without automatic enrollment settings. Autopilot facilitates device building and shipping, ensuring everything is set up when users log in. For organizations with small footprints using Microsoft Office and minimal apps such as Zoom and SharePoint, the process is streamlined. When moving to the cloud, consideration must be given to migrating SharePoint from on-premises, for which Microsoft provides migration tools.

Maintenance involves running reports and managing stale devices. Setting up automatic removal of inactive devices helps maintain a healthy Microsoft Defender secure score. When reassigning devices, running an offboarding script ensures proper device management in Microsoft Defender.

Regarding return on investment, Microsoft Intune's value becomes apparent when comparing it to licensing costs of other management tools. Since it comes bundled with Microsoft Business Premium, it serves as a powerful tool that proved more valuable than initially anticipated. The overall ROI is positive, and the solution effectively meets our needs. Additionally, we can now deploy Global Secure Access, a VPN solution that protects remote workers and filters internet traffic, adding further value.

The pricing of Microsoft Intune rates around four or five out of ten. The cost structure varies based on requirements. We utilize licensing bundles such as Microsoft 365 Business Premium, which includes the Microsoft Intune license and provides good value. Microsoft Intune alone costs approximately $6 monthly, but considering its device management capabilities, application installation features, and Microsoft Autopilot deployment functionality, the price is reasonable.

The user experience has been good. There is some crossover with Microsoft Entra ID. You can access groups and users from Microsoft Endpoint Manager when onboarding a device. This can be set up using Microsoft Endpoint Manager. If someone receives a new device, they can sign in for work purposes, and if you are familiar with Microsoft Windows, they will have the option to choose whether the device is for home or work use. Once we see the device in Microsoft Endpoint Manager, we can begin assigning profiles and encrypting the drive, making it easier for us to remain compliant. We utilize the CIS framework for compliance, which provides guidelines on tasks such as drive encryption and ensuring all settings are appropriately configured.

Additionally, we implement conditional access policies. For instance, if someone is outside the United States, we can require them to re-authenticate using Microsoft Authenticator for security verification. This measure ensures that if an unauthorized person managed to steal someone’s MFA token and attempted to sign in from outside the country, they would be prompted to complete another MFA session, which adds an extra layer of protection. Furthermore, we can restrict actions on mobile devices. For example, we can prevent users from copying and pasting content from Word documents into applications like Apple Notes. This feature is particularly useful for maintaining security.

If you are a Microsoft shop, these processes streamline operations significantly. However, for larger enterprises, costs may escalate. In such cases, it would be necessary to contact Microsoft to establish a suitable arrangement, similar to agreements made with Microsoft Azure for their resources. For small to medium-sized businesses, getting set up with these systems is straightforward and can assist in achieving compliance. It's important to note that this information pertains to Microsoft Purview and is distinct from Intune, which I will not discuss further.

We do use Copilot, but we have it turned off for email due to a current exploit. There are hidden Copilot commands that can pull data from sources a user might have access to and then email it to someone else, which is why it's disabled for mail. We only have a handful of licenses, and they are primarily for people who have limited time during the day and receive a lot of emails. It's a time-saving feature for them. Sometimes, they use it to write scripts quickly, like in PowerShell, which I then review to understand what it does. You can trust it, but you should always verify its output. Copilot is also helpful for creating a basic outline for documents, such as policies, where you can simply fill in the blanks. However, the pricing is not great. Additionally, you are locked into a one-year subscription with no month-to-month option. The cost is around $360 a year per person, which adds up quickly, so you have to be sure the person really wants it. Consider purchasing one license first to let someone try it out. If they find it beneficial, they can keep it, and we can buy additional licenses for others who express interest. Currently, we have very limited licenses due to the high cost. If they were half the price, I believe everyone would have access to it.

For those implementing Microsoft Intune, if you plan to have remote workers, consider whether you want to provide them with actual physical devices or if you can offer cloud PCs instead. Cloud PCs can be managed through Intune, and anyone with access to a Chrome-based web browser can use a desktop from anywhere with an internet connection. This approach also helps you avoid issues with retrieving physical devices from users, as they are not legally obligated to return them, potentially leading to a loss of significant investment.

Additionally, there are compliance issues to consider when providing devices. For instance, if you give a physical device to a contractor, they may be legally considered your employee under laws in certain states, such as California. Therefore, think carefully about your deployment strategy. Decide whether you'll be using physical devices, which may require more effort to manage, or cloud PCs, which might save you headaches in the long run. You also need to be proficient in PowerShell, as you may have to write remediation scripts. If you're not comfortable with PowerShell and prefer a simpler solution, be aware that there may not be many alternatives. This also aligns well with Microsoft Windows.

If you prefer to use Apple products, keep in mind that you can't just purchase a MacBook from a store. You'll need an Apple business account to obtain a certificate required for managing the device through Microsoft Intune. This rule applies to iPhones and iPads as well. In contrast, with Android devices, you don’t have these management restrictions. So, before making any decisions, consider your deployment strategy and the existing device ecosystem you have in place. I'm not familiar with using SCCM or other management tools, but be sure that with Microsoft Intune, simply buying a MacBook will not allow you to manage it without following the necessary procedures.

I would rate Microsoft Intune overall as an eight out of ten.

Its price is reasonable. It is a part of our M365 suite.

I have not been satisfied with it, and I am planning to change it soon. There are a lot of updates coming from Microsoft that suddenly affect our security policies. With each update, a new feature is introduced. However, there's often no clear advice regarding these changes. If we encounter a problem, we have to rely on the Microsoft Community to discover that a new feature has impacted our security policy, at which point we need to make adjustments. That's why I plan to position our operations around an agnostic tool.

Overall, Intune is quite complex, especially if you have conditional access associated.

They can cover Apple iOS in the future to enhance its functionality.

I have been working with Microsoft Intune for more than 5 years.

The kind of issues I face include a lot of updates coming from Microsoft that all of a sudden affect our security policies.

Technical support by Microsoft is okay.

Neutral

We are not using Microsoft Intune for patch management. We are looking into Kaseya. I am satisfied with Kaseya, which is why I would like to further evaluate standardizing Kaseya across the organization. I don't want to utilize Microsoft Intune because I prefer an agnostic solution rather than one that is heavily reliant on a specific brand.

Its deployment was neither easy nor difficult.

I don't have any problem as far as cost is concerned. It is bundled with our license. 

I would rate Microsoft Intune a seven out of ten.

Mainly, the use cases I get are device migration and completely applying Microsoft Intune policies, security policies, Intune patches, deployments of applications, etc. I work as a consultant, and I guide companies. I consult companies on moving from one platform to another, specifically focusing on complete migration to Microsoft Intune.

I have used the Microsoft Intune suite cloud PKI. I am using Microsoft Co-pilot for my use but have not used it for customers.

There are many features in Microsoft Intune. For personal mobile devices, MDM is what I most prefer. Microsoft Intune is reliable, scalable, and user-friendly.

Currently, Microsoft Intune's focus is mainly on Windows, but they can make much more improvement in terms of other platforms. 

Automatic updating is a problem sometimes. When there are applications not from Microsoft, we have to upload updates every time to update those applications.

It can be improved in terms of reporting. There is a problem with reporting; if you want to extract a report, sometimes you have to use the Microsoft Graph API. Microsoft Intune does not provide as many reports as needed. The reporting needs improvement, as currently, we have to use other platforms or the Microsoft Graph API for better reports. If the Microsoft Intune console itself provides reports regarding device management, it would be much better.

I have been using Microsoft Intune for more than four to five years.

It is reliable.

It is scalable.

The support is not particularly good. Sometimes when you open a case with Microsoft, you end up resolving the issue by yourself. It depends on the type of support you have purchased. If you have taken the premier support, then you might get better preference; otherwise, it will take some time for the support to reply. I would rate their technical support a six out of ten.

Neutral

I have seen customers mainly switch from AirWatch to Microsoft Intune and also from Zoho to Microsoft Intune. Microsoft Intune is more user-friendly, but other platforms are better for creating certain policies.

It's not that difficult. It mainly depends on the device configuration. It depends on how the devices are configured and joined to the Azure tenant. It's more compatible with Windows devices.

On non-Windows devices, the policies that Microsoft Intune provides may be limited. For Linux, there are not many policy capabilities. For Windows, Microsoft Intune has full capabilities, making it easy to work with, even in hybrid environments.

The price of Microsoft Intune is reasonable. It depends on the capabilities you purchase and what features you want in Microsoft Intune, not only device management but also other security capabilities. If you want to have security features included in their licenses, then you have to buy the security license, such as the E5 license of Microsoft. There are different scenarios.

I am satisfied with Microsoft Intune. The enterprise application management features are fine, though they take some time to manage. I am not currently using the Advanced Endpoint Analytics in the Microsoft Intune suite, but I have seen them.

I would rate Microsoft Intune an eight out of ten.

Basically, I am using the whole family of Microsoft products regarding Microsoft Five. Intune is one part of these products. I started with mobile device management. Nowadays, I'm using Intune as a standard tool for managing endpoints - computers, laptops, mobile phones, cell phones, et cetera. I'm using Intune for managing all this IT equipment.

The best features include the management, which is quite good, and endpoints. 

When I want to publish some applications for my computers in a company or need to push some policy, I click several settings in the Intune console, making it very quick to publish on all computers and devices. 

The cloud base is perfect for me. I can use Intune in many ways. One very good way is when a company asks that all suppliers and colleagues can use their devices. Intune can be a benefit that allows your own device to work in a company environment via Intune. 

I can use Intune to set up their environment, and Intune will take care of company applications and security. This is something that could be beneficial for our employees.

When we implemented Intune, it would have been helpful if Microsoft had provided some videos or data about Intune. While there are lots of trials, having movies or guides on features would be very helpful for beginners.

I have been using Intune for more than ten years. In my previous job, I managed mobile device management through Intune. It's been around ten years that I've been using Intune.

There were several bugs with stability. I'd rate it nine out of ten.

Scalability is absolutely perfect. I'd rate it nine out of ten.

There is a local company in Slovakia, which is a platinum partner of Microsoft. When I have issues regarding Microsoft products, I raise a ticket with the local company, and they have a good relationship with Microsoft support. 

It's a two-level support system where the local company contacts Microsoft. This way of support is perfect for me, and all past issues were resolved. The support from Microsoft is excellent. 

Positive

In my previous job, we used MASP 60 from IBM. I had a good experience with another cloud-based management solution, however, I can't recall the company name. When companies use Microsoft products for computers, servers, and applications, it's the best option for these features.

The initial setup is quite easy. You have to pay only for the license, and you can start with the deployment. That's all.

This question is for the finance department, not for me. They do the calculations.

Every day, my colleagues and I manage mobile phones and computers with this tool, and we can't share our infrastructure without Intune. We manage computers remotely via cloud management. We do achieve a minimum savings of 20% with Intune since users can stay home. 

We use Intune for managing computers, cell phones, tablets, and more. However, there is likely a fifty percent potential usage in other areas within the company. This requires input from end users, not IT personnel. I find it crucial to communicate effectively with management and staff about implementing new technology. 

It's important to explain that while the users' cell phones are not personal, data on these devices is company-controlled. We set up the mobile application management bundle. Initially, users were confused and concerned about their phones. Strong communication with end users is vital for implementing new technology successfully. 

Overall, I rate the product nine out of ten.

Previously, when dealing with COVID-related issues, we had to bring laptops to the office network to resolve problems physically. However, with the introduction of Intune and autopilot, we can now build and manage machines remotely. Intune allows us to upload our operating system and create a tenant, enabling users to enroll and build machines anywhere with an internet connection. This eliminates the need for physical device management and reduces downtime. Additionally, Intune simplifies application management by providing a centralized platform for accessing and deploying applications without requiring multiple servers. Overall, Intune offers significant improvements in device management, flexibility, and efficiency compared to traditional methods.

Currently, we operate Intuneas as a hybrid model. While devices are enrolled in cloud-based Intune, updates are still being deployed from our on-premises SCCM. A complete migration to the cloud will take time, especially for larger organizations with tens or even hundreds of thousands of machines. This transition is hindered by legacy applications that are incompatible with Intune. To facilitate a smooth migration, Microsoft must either enable the use of these legacy applications within Intune or provide equivalent cloud-based alternatives.

Historically, application management involved installing software on users' machines. However, many organizations now utilize software-as-a-service models that are accessible through web portals like Intune. We also employ App-V to virtualize legacy applications, allowing access to any physical or virtual machine. Our current methods include direct endpoint installation, SCCM deployment, and App-V server hosting applications. We introduced App-V as a virtual application platform to address challenges like developer environment inconsistencies and license costs. By centralizing applications and implementing a first-come, first-served licensing model, App-V reduces costs, improves accessibility, and simplifies management.

Intune consolidates our endpoint and security management tools into a single, user-friendly platform. It seamlessly integrates existing on-premises policies, allowing for easy creation or upload. Organizations migrating to Intune or replacing on-premises Active Directory can effortlessly establish new policies. Unlike the complexities of on-premises management, Intune simplifies policy creation and implementation through a click-based interface, eliminating registry changes. Additionally, Intune's cloud-based architecture ensures consistent policy application across devices, avoiding the delays and potential bandwidth issues associated with on-premises servers. Microsoft's robust infrastructure provides reliable performance, making Intune an efficient and effective solution for managing endpoints and security.

Intune users appreciate its flexibility compared to traditional on-premises Active Directory systems. For instance, with on-premises AD, policy implementation requires the user to be physically present in the office. In contrast, Intune enables remote policy management, as demonstrated by the scenario where a user's account is locked on an Intune-managed laptop. Even if the user cannot log in to the device, unlocking the account in Azure AD automatically unlocks it on the laptop, regardless of location. This significantly improved over previous methods involving complex workarounds like sharing local profile passwords. Intune's integration with Azure AD simplifies account management and provides seamless access for remote users.

We manage multiple users who use Azure AD and Azure VDI machines but often prefer using the VDI machines over their laptops. To address this, we proactively contact users whose laptops haven't reported to Intune in 20-30 days, informing them of potential removal and providing additional notifications through tools like Nexting or SysTrack. We also send emails to users whose assigned machines are inactive, warning of removal if usage doesn't resume within 30 days. Additionally, we monitor machine downtime, login times, and compliance status while pushing necessary policies and updates. Our organization utilizes a hybrid model combining Intune for machine management and BitLocker encryption with SCCM for software updates due to the ongoing migration from on-premises to cloud-based solutions. While Intune enrollment and management are in place, we anticipate a full transition to Intune in the future.

We are using Intune Suites Cloud PKI to assign certificates to users. Previously, we managed Microsoft certificates on a hosted server. This process was manual. However, Intune now automates certificate management. Once a machine connects to Intune and authenticates, the necessary certificates are pushed without manual intervention. VPN login requires both a user and device certificate for compliance. Intune offers certificate management from both Microsoft and third-party vendors. Due to cost considerations, we are transitioning to a different certificate provider within our organization.

We have implemented Copilot in Microsoft Teams and Zoom to improve meeting efficiency significantly. Copilot automatically generates meeting minutes, including attendee lists, saving valuable time compared to manual creation. Additionally, it provides real-time meeting summaries, allowing latecomers to grasp discussed topics quickly. By automating these tasks, Copilot frees up approximately half an hour per meeting, enabling us to focus on more productive activities.

For IT and security operations, our company has implemented Copilot by hosting all ChatGPT features on-premises. As a financial company, we cannot access external AI tools directly. Therefore, our system interacts with our server rather than the Internet, allowing us to utilize ChatGPT capabilities based on our specific business needs.

Intune has significantly improved our device management process. Previously, we had to physically build machines on-site, requiring users to come to the office. Now, we can remotely push updates and assist users from anywhere, saving them time and eliminating the need for travel. Additionally, Intune's dashboard provides comprehensive insights into our device fleet, including compliance status, update failures, and application installations. This centralized view has increased our efficiency and proactivity in addressing issues compared to our previous reliance on SCCM reports.

When enrolling personally owned devices, Intune applies organizational-level settings. This prevents downloads to local machines when using Office 365 applications or Teams. We can restrict downloads to specific containers that cannot be copied to other folders. Alternatively, we can limit application usage to on-premises or organizational machines. While our current setup allows Office 365 access on handheld devices, downloads and uploads are blocked. Intune offers this level of control, preventing data transfer to or from the device, regardless of whether it's personally owned or a company-issued app.

We are upgrading our privilege management policies to mirror those already existing in our on-premises Active Directory. While we are not making substantive changes, Intune's endpoint privilege management offers significant improvements over our previous approach. By consolidating multiple policies into a few comprehensive ones, we can more effectively restrict user actions based on organizational hierarchy. This streamlined process eliminates the need for extensive group management in Active Directory and saves time overall.

Once implemented, our policies will reduce the attack surface by restricting service access only to users possessing an infrastructure organization certificate, which we have obtained. Additionally, we will enforce IP-level restrictions, preventing access from personal devices or those outside our specified IP ranges. We can implement these restrictions at the IP, device, or certificate level.

Intune has significantly reduced our costs. Previously, we managed multiple servers, but now we rely solely on a CCM server, which will be decommissioned soon. This eliminates the need for on-site server infrastructure, backup systems, dedicated staff, and extensive network support. With Intune, we can host the CCM server in a central location and avoid latency issues associated with multiple servers across different regions. Additionally, expanding to new offices no longer requires building additional data centers. Intune's cloud-based platform allows remote access from any location without needing on-premises infrastructure. As a result, many organizations, especially smaller ones, are adopting cloud-based solutions and eliminating the need for physical servers and laptops. Employees can leverage their own devices to access applications through Intune, further reducing costs and increasing flexibility.

We can primarily manage security posture through Intune. However, due to pricing, we will likely use a third-party solution for device certificates. Interestingly, Microsoft seems to be introducing third-party vendor options within their portal. Ultimately, the security team will evaluate all options, including Intune, considering factors like policies, pros, cons, and pricing before deciding.

Intune Suite's integration with Microsoft 365 and Microsoft Security provides robust capabilities for centrally managing both cloud and co-managed devices. Previously, managing Exchange, Active Directory, and applications required separate teams, but Intune has streamlined this process, enabling efficient management of all mailboxes across devices from a single platform. It's incredibly easy to manage, allowing for remote administration and policy creation. Unlike the previous process of manually creating and testing Group Policy updates, Intune simplifies policy creation and testing with just a few clicks. Additionally, Intune eliminates the challenges of server-based upgrades by providing centralized management and control.

We are currently utilizing multiple security solutions, leading to a complex environment. Due to cost considerations, we are transitioning from Microsoft's device certificate to a solution from a different vendor. Additionally, we are integrating this new solution with Intune and have replaced Jamf to manage our MacBook fleet. This change eliminates Jamf license costs while allowing us to manage Mac devices through Intune centrally. Similar to our previous use of Jamf, we incurred costs in a previous company but have successfully eliminated them by consolidating management within Intune. Furthermore, we are exploring Microsoft's evolving Office 365 licensing options. The latest E5 license offers integrated phone capabilities, replacing the need for separate devices like Cisco or Avaya phones. This consolidation allows users to make domestic and international calls through Microsoft Teams directly.

Previously, we relied on third-party applications like PointSec for mobile device security before Microsoft introduced BitLocker. PointSec required complex management, including console login, authentication, and handshake processes. BitLocker offered a cost-effective solution, initially used independently of Intune. However, Microsoft integrated BitLocker and Active Directory into Intune, simplifying management. While our previous company used an outdated AD environment that was difficult to migrate, Intune's integration with AD FS eliminated these concerns. Intune now allows us to easily manage BitLocker, including remote device wiping, providing enhanced security and control over mobile devices.

We currently aren't building any data centers. Previously, we did, but now we're facing a tenant-related issue. When accessing a US-hosted Azure machine from India, latency is a problem regardless of whether we're using a data center, our own, or Intune. I believe Microsoft could offer a feature to create a nearby tenant, allowing users in India to create one there rather than dealing with multiple tenants, policies, and groups for different regions. For example, if a company with a US-based data center expands to India, they currently need to create a separate Indian tenant to provide machines for Indian employees. Instead, Microsoft could potentially offer a peer-to-peer connectivity solution or similar approach, enabling access to US-based machines from India without requiring additional tenants or administrative overhead. This would simplify management, as administrators wouldn't need to handle separate tenants for each region.

There's a significant discrepancy in Intune pricing between tenants. Previously, my company assigned Canadian machines to Indian users due to a lack of Indian tenant options. This resulted in exorbitant costs compared to the drastically lower pricing for identical configurations in India. Given that Microsoft can determine the user's location based on IP address, they could potentially adjust pricing accordingly. For instance, a Canadian machine accessed from India could be charged a reduced rate similar to locally provisioned machines. This would align pricing with the actual location of use rather than solely relying on the tenant or data center.

Intune's lack of support for legacy applications is hindering rapid migration to Intune or Microsoft platforms. Organizations are reluctant to switch due to Intune's limitations and potential cost implications compared to alternatives like AWS or Google Cloud. While many organizations are using Intune and registering applications, they often rely on other cloud providers for specific services like storage or SQL. Given the extensive use and reliability of platforms like AWS over the past decade, Microsoft should consider offering competitive pricing and comparable services to encourage wider adoption of Intune.

I have been using Microsoft Intune for two and a half years.

I have never experienced any stability issues with Intune. If something occurs, it is resolved in a fraction of a second. I would rate the stability ten out of ten.

I would rate the scalability of Intune nine out of ten. The scalability is dependent on the configuration. To increase usage, we have to pay more.

The technical support is good.

Positive

Previously, we relied on SCCM and on-premises Active Directory, which was challenging due to manual account management and group assignments. Intune has significantly improved this by allowing us to implement policies upon user creation and automatic replication. Active Directory management was often problematic, with group removals due to scripts and inconsistent replication across different locations. Intune's cloud-based nature ensures faster updates and accessibility regardless of location or VPN status. This flexibility benefits both IT staff and end users. Intune's integration with Windows and potential for future enhancements, such as system health monitoring, make it the leading choice over third-party solutions.

Intune deployment is straightforward. Even end users can perform it. All organizational laptops have a built-in operating system. Resetting a laptop returns it to factory settings, automatically installing the enterprise OS, ready for Intune enrollment. The only requirement is internet connectivity. Enrollment is simple: log in to the laptop, press Shift, restart, and the device enters enrollment mode.

Deployment time varies based on the operating system's complexity. At my previous company, we deployed twelve applications within the OS. Currently, I manage the deployment of over forty applications through autopilot. The exact duration depends on the specific OS configuration, including the number of applications and other bundled components. Generally, it can take anywhere from two to three and a half hours to complete the process.

Microsoft's pay-as-you-go pricing model for Intune could benefit from a Google-like approach. While Microsoft charges for actual usage, it lacks discount options. In contrast, Google offers discounts based on usage duration, rewarding customers for extended service utilization. AWS also provides organizational-level discounts, demonstrating alternative pricing strategies. Intune's current focus on cost savings through service adoption is effective, but incorporating usage-based discounts could enhance its competitiveness and attract more customers. While the current pricing is market-competitive, additional discounts could position Intune as a more compelling option.

I would rate Microsoft Intune ten out of ten. Previously, we had to physically go to the office to build machines. Now, we no longer need to build them on-site, as Intune allows us to manage many aspects of devices remotely and easily without a VPN connection. It's truly a SaaS solution.

If someone is interested in using Intune, I would need to assess their enterprise's size, work location, and specific needs to determine if it's suitable. Intune is particularly beneficial for remote workforces and larger organizations due to its ease of management and scalability. I would evaluate their department structure, policies, applications, and existing infrastructure to provide tailored recommendations. Intune's cloud-based nature eliminates the need for on-premises infrastructure, reducing complexity and administrative overhead. Additionally, it consolidates management responsibilities, allowing for efficient oversight of various IT functions. Compared to traditional IT setups, Intune simplifies email management with cloud-based solutions like Office 365, offering increased storage, accessibility, and device compatibility.

Approximately 60 of our 100 employees utilize Intune, and the platform manages 100 percent of their devices.

Intune generally requires minimal maintenance, but this depends entirely on the complexity of our created policies, including allowed and restricted settings. While Microsoft offers guidance to minimize management efforts, adhering strictly to their recommendations is essential for full automation. Customizations may necessitate ongoing maintenance. Ultimately, closely following Microsoft's guidelines will optimize Intune management and minimize our workload.

We also use Bing Copilot, but I find Bing AI less effective than ChatGPT. Bing frequently requires multiple prompts before providing a response, whereas ChatGPT typically delivers accurate answers more directly. For instance, when asking for a Microsoft Outlook KB article, Bing requested clarification on the term "KB," while ChatGPT promptly provided relevant KB articles. It seems Microsoft's AI could benefit from further development to match ChatGPT's capabilities.

I recommend Microsoft Intune for larger organizations. Legacy applications may not be compatible with Intune, preventing their use. Smaller companies might consider Software as a Service solution like Office 365 instead, offering email, PowerPoint, and other tools without requiring Intune. Enrolling devices in Intune for small businesses might not be justified due to the costs and IT management overhead. However, for organizations with 1,000 or more employees, Intune can provide enhanced security and device management. If Intune pricing is scalable based on the number of enrolled devices, smaller companies could evaluate it. Ultimately, the decision depends on the organization's size, IT resources, and security needs.

We use Intune to manage devices and configurations on all platforms, including Windows, iOS, iPad, and Android. It also provides conditional access from the Azure portal. We have also used Intune to bifurcate data and data transfers. We have an Intune entry list that shows the device count and bandwidth of each, so we can manage the data flow from every device based on whether it's corporate or personal. 

Intune is flexible. If you want to move a device that was previously on-prem, we can bring it to the cloud and apply all the policies. This is helpful for even those organizations that were on-prem and not on the cloud. They can also come and use these features, which are pretty cool and would be handy to protect the data and manage the devices as well.

It's handy to manage all the hybrid devices that are on-prem and in the cloud. If a user accesses company resources on their work profile or their personal devices, they can register the device in Intune and access the company data. Intune is a crucial part of the overall structure because we can use it to analyze risks and threats coming into our organization and predict what will be vulnerable. It's necessary to analyze all those things from a security perspective.

Intune's advanced endpoint analytics require a separate license. We are keen to use that one because it comes with more features, flexibility, and control for admins over the devices. We haven't used it, but I've tested it on my tenant with a few devices

It is much easier for admins to use that cloud PKI infrastructure compared to when we had to set up all those things using our Skype profile from Intune. It's quite handy. It takes a little work on the admin side, but the whole structure is the same.

Intune drastically improved our productivity. Work that was previously completed in four hours could now be finished in one. It saved our IT admins many hours of work. Once we migrated from our on-prem servers to the cloud, the Cloud PKI saved us a lot of money. I don't know the numbers, but we are saving so much money because of this. 

The best part of Intune is application deployment. We can deploy an application to several users with a single click. We can use conditional access, granting access to users based on certain conditions, such as location, platform, etc. 

With the help of Microsoft Defender, we can bring each endpoint or node under  Intune's umbrella and manage it through Defender. The most effective feature for managing mobile devices is the compliance policy, which mandates that any user on a particular device should be compliant. It should meet the requirements the company sets and be upgraded. The user should meet all these security criteria we have implemented. 

Intune's app management can support our business operations. For example, if a user wants an Android app, we can deploy it through the Android store, but if we're talking about any MSI on a public-facing platform, we can convert it into Win32 and deploy it to the whole enrollment. Intune is quite flexible.

Compared to another Indian MDM tool I use, Intune provides more flexibility for security. The Microsoft name assures us that our data will be protected. Control over data is the main concern on the cloud.

The reporting causes problems because we're trying to gather data to present to the management, but we can't get the data they request. If a user has removed an application from his device, but it won't report it at exactly the right time. It takes time to sync from the device to the portal. Let's say we are preparing a list or deck for the number of compliant devices that meet all of the organization's requirements. In a real-time scenario, that device could be compliant, but it is showing as non-compliant on the portal. It sometimes hampers the overall decisions that we make on our end.

I have used Intune for four and a half years.

I rate Microsoft premium support nine out of 10. Their premium support is top-notch. They build a bridge to resolve the issues. Standard support varies, depending on the engineer you get. It could range from six to eight out of 10. 

Positive

Previously we used SCCM. It's a Microsoft solution, but Intune's user experience is much better because it's cloud-based and it's more cost-effective. 

Deploying Intune is pretty simple for someone who is experienced with the program. The admin needs to know the basics. Otherwise, it's user-friendly. The time needed to deploy depends on the network, but if everything is perfect, it only takes five to 10 minutes to deploy an application on a Windows device. An Android device is in a similar range. In some weird scenarios, it may take 15 minutes. It doesn't require much maintenance after deployment because it's cloud-based, so we don't need to update anything.

Intune cuts the amount of time we spend on these tasks in half.

Intune is a better value than SCCM or other management tools because we can integrate more with Intune. 

I rate Intune eight out of 10. I would recommend Intune to others. Microsoft offers many new handy features, such as the ledger and the ability to locally administer managed devices. It doesn't require much hassle to set up these things. It's worth the price.