What needs improvement with Microsoft Intune?

Microsoft Intune is doing well. They're adding endpoints, so it's good that they're covering that, and they're more stable. What I'd like to see in their next upgrade is more in the context of today's security policies and what's needed, for them to keep adding features based on that, e.g. boosting security, so they can keep on adding security features, and that is the best they can do.

The biggest improvement could be in the implementation, the ease of the implementation of it. They should make it easier to order it, however, that's generally true for everything from Microsoft. I'd love to be licensed in Microsoft. I'm trying to do that, however, I can't find a training program that will fit with my schedule. Everything requires you to be on-site for a week, as opposed to on-demand training. A big improvement would be having some on-demand training that is quality and not just a sales pitch. I'd like to see mobile device wiping to be better. That feature is a critical feature. If that could be enhanced, I would be grateful.

There can be some added features, such as an improved dashboard. Any new feature that could be a benefit to our customers would be good.

In terms of what can be improved, I am looking for better enhancements regarding Apple management, not only on the mobile device, but also on the laptop. Other than that, it already has good capability with Windows, and it is already very good for the mobile device. The only area that is missing is for the Mac products.

The MacBook management could be better. They should have better integration with, for example, Apple. The synchronization could be improved. They need to work on providing better troubleshooting techniques.

One big problem with Microsoft is that they're changing the names of the products quite often, or they're quite consistently doing so. Intune is now Endpoint administration. Constantly switching the user interface or the administrative interface makes it quite hard to keep pace. If you are on a two-week holiday and you come back and look at the same screen you have looked at for the last couple of months, it looks different, which is annoying. Changing things around all the time doesn't make it easy. There are some elements where the integration isn't finalized. So, for some of the things, you use the user interface, meaning the administrative website, and for some of the things, you have to use PowerShell to make changes, and it's not quite clear why you have to do things at one point this way and at the other point that way. If they could improve that a little bit more, it would be a good thing. Other than that, functionality-wise, it, more or less, serves our purpose. I'm not really sure what I would wish more at the moment.

We would like to see support for Chrome and/or devices for Chromebooks.

We are always working with Microsoft on improvements. Improvement is not something that is static, we are always looking for a dynamic way of working with Microsoft. We have a support and enterprise agreement with Microsoft. Every quarter, we review the performance of all our solutions and then we ask for further improvement. In the next release, I would like a feature to be able to properly lock down the device. For example, if an attacker or somebody steals the phone, you can be sure that the pin cannot be broken.

It doesn't economize when you scale up. We have over 14,000 employees, and we have between 7,500 and 8,000 city-owned or personal devices being used to conduct city business. Its price can be improved. It is not a cheap solution.

It's a developing product, so there's lots of room for improvement. There's a lot of stuff we couldn't do because Google and Apple prevent you from doing a lot of the stuff you'd like to do. Microsoft documentation is a bit hard to get around, so having more control over devices would be good.

There is no option to do end-to-end macOS management. The second thing is that the actions or policies don't get applied immediately, so there should be much faster way of implementing the policies. If you wanted to implement some actions on the device, it doesn't happen very quickly. I'd also add more flexibility with the mobile device management part of it. At the moment, it's very limited compared to other MDM providers, so there should be more options.

The main disadvantage seen today is regarding Linux clients. We have a lot of development resources that have Linux on their clients, and we can't manage them on the same platform, as we do with other clients such as macOS and Windows. So, it should have support for Linux clients. It should also have better support for macOS.

There are a lot of small use cases where we realized that some technical solution was missing in Microsoft in comparison to other products. For example, it lacks something similar to sensing or location-based rules and configurations. We would like, for example, integrated remote control or a remote session tool or something like this. You must have TeamViewer and the integration with this is limited and it's extra money. Nothing is built-in. Some functionalities are really limited to fully managed devices and so on. It took a long time for them to integrate the big ECS infrastructure into the corporate devices. This is now done, however, it took a longer time than expected. Technical support could be h=better.

The major problem with this product is that there can be delays in the deployment of new policies.

Microsoft Intune could improve by being more user-friendly and having it geared toward device management. The graphic interface is not very good. The VPN option within Intune is not as intuitive as the one available in Workspace ONE. We're trying to implement a VPN tunnel for SharePoint sites. This will allow users trying to access internal resources, such as SharePoint, and other Office 365 data, but it doesn't work as well as Workspace ONE. We are in the POC stage of the VPN tunnel. We only have a development tenant for the tunnel. We plan is to implement that in production and get rid of Workspace ONE, if it meets our needs.

The solution could improve by having better integration with Apple.

The solution could improve its flexibility.

The most important thing is reporting. They should improve their reporting. They should give a free hand to users. In SCCM, I can create my own reports. For example, in SCCM, I can create an inventory report for my PC or for all PCs, but in Intune, we don't have an option to create any report. Microsoft claims that Intune is a successor of SCCM, but SCCM is more powerful than Intune. So, they should develop Intune more and make it equivalent to SCCM. Then, their product will be great in the market. If I want to deploy an application, I cannot add multiple schedules. I can add only one schedule, and I need to rely on that. Adding multiple schedules over a period of time is not possible at this time. I cannot evaluate any setting before deploying anything. In SCCM, we have the Compliance Baseline feature. If I want to check any service or anything else, I can do that, but in Intune, that is not available. There are very few compliance policies. They say whether your device is compliant or not, but if they don't provide enough and better compliance policies, why should I be compliant with those policies? They should give more options for the compliance policies so that we can choose something better, and we can make our devices comply with those policies. It lacks in terms of analytics. Analytics and all such things are not good, which again comes down to the reporting part. It should be better in terms of analytics and reporting. It also lacks in terms of automation. If we want to automate some of the things, we need to spend more time on automation. Other tools in the market are giving better automation graphically. So, they can work on that part. Their support should also be improved. They don't know about their own product.

If you could replace SCCM completely with Intune, that would be fantastic so that you don't have to run SCCM with Intune as an extension. They could also make it easier to use because there are some other products that may be easier to use in terms of the look and feel of the dashboard.

The documentation about the custom image setup could be better. Although Microsoft provides the steps to configure Intune or set up or deploy Intune, it doesn't have much information related to custom images. If you ask, "how can we deploy the custom image?" There is no information. The steps they mention ask you to connect to your on-premises environment or create your own image on the cloud itself once there is connectivity. But I needed to go to multiple websites to get all this information. I had to figure out how to upload the custom image if you want to use the on-premise custom image for Cloud PC. If you have the proper subscription, you must have the right access, like global admin or owner. Then you can add your custom image to that. There are no steps mentioned over there. Microsoft Intune doesn't have Chrome browser support. I would like to have that support because they will want it if we pitch the product to clients.

When Microsoft Intune is used with different android devices it does not always work as it is supposed to. The enrollment in Microsoft Intune is based on user accounts and not devices. It can be different to maintain different profiles for the same user. It cannot work together with other solutions. For example, if you have a normal user having a mobile phone, and they also have a tablet that they use that is managed from another MDM solution, such as Airwatch, the two can not cooperate if you are using the same Microsoft account on those two devices. They need to allow enrolment through the device IDs.

Regarding mobile devices, Intune is good, but there are other services that I would say are ahead of Intune from an administration and reporting point of view. These are a few things that could be improved from a mobile infrastructure point of view. From a reporting point of view, it could use some work. If I need to push a profile, it's a challenge with Intune because first I have to go ahead, remove a user, then add him back; only then does it allow me to push or sync. If it synchronizes, it exits on a cloud-based synchronization time. With AirWatch, there is a function where you can push a profile directly on a device. Overall, Intune has improved from MDM. They have become EMM and now they're moving towards Unified Endpoint Manager. They're just beginning to compete in the market from a mobile point of view, but regarding Windows, they're great.

Currently, for a new customer or when a device refresh occurs, I can introduce Microsoft Intune as a unified endpoint management solution. However, for an existing customer who has an SCCM it would need to be upgraded to an MECM first before I can introduce Microsoft Intune. Microsoft even recommends it as a co-management solution because even if I need to go for UVM as a unified endpoint, I need to rebuild all the missions, which is not practical. So, they need to look into it and provide an easy and flexible moment to UEM.

They need to add more group policies. I know that they are already working on it, but this is something that I would like them to do quicker. Intune currently does not have many group policies that you can deploy. It is quite limited in terms of group policies. For example, if I want to disable the password manager on my browser, I can get support in Google Chrome, Internet Explorer, and Edge, but not with Firefox. It would be ideal if they can add some of these things. Its reporting, which is very limited at the moment, also needs improvement. I can see basic information, such as how many devices are enrolled, but I can't get customized information. It will be great if they can add report customization. Its stability needs to be improved. Sometimes, when you register a device in Intune, it doesn't show up instantly on the engine portal on the admin side. There are sync issues between the admin side and the user side. They need to provide better support for complicated issues. They also have a long turnaround time for resolution in regards to overall escalation.

There is improvement needed in integrating with the installed Office solutions versions, such as Office 2019. The Office 365 integrates fine. While using the solution, you have to test and validate a lot. This is not really a solution issue but more of a configuration issue but still worthy of noting. We have experienced an issue while deploying a Windows 10 machine, once you get the user profile applications installed, it does not always integrate well with third-party multi-factor authentication solutions. This is something that can be improved in the future.

The legacy system management could use some improvement. Reporting could be improved. It needs to be more expensive and robust. Technical support could be a bit quicker to respond.

I find the solution quite old school with not many features. Managing devices is a little complex when they are not Microsoft projects. Additional features I'd like to see would include Wi-Fi and network security.

The configuration and pricing can be improved. It would also be better to meet with people in the country and teach us how to manage personal information because we will not look at or touch any personal information. They should teach us about managing personal information and make it really easy for us.

It would be better if Microsoft can reduce the cost of the license. as we know the Intune device subscription is licensed per device at a cost of $2 a month. but for the best to enhanced security and feature we must added add-on license or buy/upgrade to bundling license such as M365E5.

I'm still playing around with it and haven't had any issues with the product yet, but support can definitely be improved.

An improvement would be if we were able to leverage more iOS device management internally. My goal is to manage all the tools in one centralized tool. Intune does 30 percent of Mac management, but if it could have complete management including patching and automating for Mac devices, that would be good.

There needs to be more support for Mac operating systems. Support for patching, because we have very few, or minimal options from Intune for patching Mac operating system. In the next release, I would like to see better compatibility for Mac operating systems — that would be really helpful. Also, if the support for Mac was as flexible as it is for Windows, that would be really appreciated.

Once it's configured it is unobtrusive, but it does take some hands-on to configure and deploy it properly.

There are some enrollment features that could be improved, possibly some other tools that do almost the same job with alternative ways to enroll the device. Intune doesn't have those features. Additionally, I think they could try to invest more on macOS devices making it more manageable, and making the management more accurate. A solution like Jamf, for example, gives you the greatest capability - more capability on management, on policy enforcement, wiping devices, locking devices, and many other things. This is the main reason I'm not using Intune for all the contractors now and the reason we're planning to have Jamf implemented at the beginning of 2021. If they could improve the support on the macOS devices, it would be great. Then we wouldn't need to buy Jamf. I'm not sure it's possible because of the relationship the enterprise has with Apple, but if they could improve the macOS management, that would be great.

Intune, in their port description, for me is still pretty infantile. I will say in the next 18 months to two years, they'll start becoming a bit more major, I hope. It's pretty straightforward to implement as long as you've got a Microsoft subscription. However, it's kind-of convoluted how they explain it and what you are paying for. Obviously, we know that the more money you pay, the more features you get. I think that they can lay it out a little bit better, sometimes it's pretty hard to follow what their offering actually is. There's quite a lot of development that they can do within their Intune dashboard. I think there are too many lines hyperlinked to move you around. Others, in contrast, give you a simple dashboard and an intuitive administrative walkthrough. The solution looks too technical. Even though it is a technical feature, it comes across as too technical to navigate through. They can certainly work on the overall dashboad and the layout, to simplify everything. They can do a lot more with Enterprise Firmware over here to give it full support. Coming from a Samsung perspective, they need to comprehensively support the Android provisioning methods.

The configuration could be better by consolidating options and making it simpler. I would like to have one option in one place that corresponds to one feature, which I can check off and move onto the next one. As it is now, there are a lot of options. For example, when configuring security, I find that it is too much because you have to configure one task in one place, then switch and it is against in another place, and so forth. In the future, I would like to see support for security and compliance management. I would also like to see iOS management options.

The user interface should be improved because it is a little bit slow. It does not have support for containerization. There is no catalog for mobile access management (MAM) security.

The generic answer to what can be improved is that I hope that the reporting needs to be a bit more interactive.

There are differences in protecting the data on a mobile device and on iOS. When you protect the data on iOS, you protect the entire device. From an Android, you can select certain applications to protect. What this means is that the employee who uses Android devices are protected only from emails, and the personal data on the device is not protected. When the employee uses the iOS they control all of the devices, which is not convenient. There are items that require improvements. One is the controls from iOS.

In terms of what is missing on the solution, I can't really think of anything right off the top of my head. It's doing everything we need it to do. It would be helpful if there was proactive remediation. In terms of some of the reporting, I find that it takes too long for some of the reports to display actual data.

Microsoft really needs to improve the reporting in Intune. It doesn't come anywhere close to VMware Workspace when it comes to their reports. I am sure that Microsoft will improve but at the moment, they are underperforming in terms of reporting. There is a feature called dynamic groups, which populates users and computers based on a query that is written, and it runs at some interval. I would like to see this updated more frequently so that the users don't have to fair for too long before computers appear in the group. I would like to see the ability to deploy custom packages as a Windows 64-bit package, as opposed to the Windows 32-bit, which is the only one available now. Although it can run in 64-bit mode, I would like to see this supported natively.

This type of question may be premature because we have just started rolling it out now. We have not had a chance to work with it to capacity at this stage. I think, so far the implementation is all a bit shaky and should be better planned and better supported. The deployment seems to not be as simple as what I would have hoped that it would be considering it is a Microsoft product. When it is fully rolled out, we will see where the other shortcomings actually are. However, this difficulty in rolling the product out is a significant stumbling block.

Most of the customers expect that most of the policies will be there for Android, to implement the policies. Unfortunately, most of the policies that I found are for Samsung knox devices, that is specific to a device or specific to a vendor. That's why most of the customers have a hard time with Intunes, because most of the policies they see is for Samsung knox. They want Intunes to support Android devices. If it is supported by other Android devices, then it's very complicated because if you want it implemented, you have to use some custom equipment. There are a very limited number of policies that are applied, and all generate other devices like Samsung knox devices. Most of the customers in the business do not use Intune because it doesn't support that much policy for Android. Here in Pakistan, most of the end users are using Android devices. Windows is out of the question. They don't use Microsoft mobile phones. Most of the popular devices are iOS, and the ultimate users are Androids. I think 80% of the users are using Android devices here and less than 20% are using iOS devices. So, the customer is expecting to apply policy on Android devices and it's not generated specific to a vendor like Samsung knox, so they don't buy it, and they don't consider it.

I would like to be able to track the phone. I am not sure this is a feature that is readily available.

I think that there is room for improvement with the reporting. If this is done, it will be a better product.

I think that in the future Microsoft Intune should have an EMS (Enterprise Mobile Security) feature added.

The MAM feature could be improved. In addition, the security of photo sharing could be improved.

I would like to see micro VPN. I like the way that some of the other providers have done something similar where, as you open that app on an end-point device, it creates a micro VPN straight into your device, which is quite a nice little feature. Also, Microsoft Intune relies heavily on its fellow products in the suite. It would be nice if Microsoft Intune could stand on its own two feet.

It needs incorporation of Knox, ZeroTouch, etc.

It needs certificate provisioning for S/MIME purposes.