Microsoft Intune Reviews

I use the solution across my full enterprise. That means for me roughly 4,000 devices, with 2,000 being desktops, 2,000 being laptops, and then maybe another 2,000 mobile devices.

The most valuable feature I have found is the access control. It integrates with Endpoint Manager. The reason for that is that it has allowed me to customize my organization's policies.

The security posture is very good. It's very customizable. 

Overall, my user experience with Microsoft Intune has been great. It's offered a very smooth transition and I'm very positive on the product.

I am just starting with Microsoft Security Copilot. My experience with Copilot, and Microsoft Intune Copilot in general, has been incredibly positive as it's a skill multiplier for daily operations.

It's an absolutely critical application that I use every day. 

Intune helps with app discovery. It's a game changer as it provides so much overall visibility.

I have analytics available. It's a wonderful tool, and I love the amount of data it's able to extract. 

Intune is reducing our attack surface and improving our security posture.

Microsoft Intune has potential for improvement; I would like to see a lot more customization in the reporting tools.

I have been using the solution for four years.

My assessment of stability and reliability is that the uptime is fantastic, and I haven't had any issues.

Compared to my previous solution, it's incredibly easy, and it's scaled to the entire organization. Within a month, I had gone from zero to full deployment.

My experience with customer support or technical support is that they have been nothing but excellent.

Previously, I was using IBM to address the same issues. I made the switch since it was both more cost-efficient and Microsoft is best in breed.

The deployment was incredibly easy, and it's scaled to the entire organization; within a month, I had gone from zero to full deployment.

Intune has been helping us reduce the cost of devices per user and offers trusted effectiveness for maintaining the accuracy of those devices.

I don't have specific ROI data points. 

The licensing has been fantastic and the support we've received from Microsoft has been impressive.

I wasn't involved in the RFP process. 

I do not use PKI yet; it is on our task list, and it's on the list to get done, but it hasn't been completed. The reason it's on the list to get done is that I want everything in the same platform, just so everything integrates and supports each other.

My assessment of endpoint analytics is that it's a wonderful tool, and I love the amount of data it's able to extract; I can provide examples of how these features work.

On a scale of one to ten, I rate Microsoft Intune a ten.

Previously, when dealing with COVID-related issues, we had to bring laptops to the office network to resolve problems physically. However, with the introduction of Intune and autopilot, we can now build and manage machines remotely. Intune allows us to upload our operating system and create a tenant, enabling users to enroll and build machines anywhere with an internet connection. This eliminates the need for physical device management and reduces downtime. Additionally, Intune simplifies application management by providing a centralized platform for accessing and deploying applications without requiring multiple servers. Overall, Intune offers significant improvements in device management, flexibility, and efficiency compared to traditional methods.

Currently, we operate Intuneas as a hybrid model. While devices are enrolled in cloud-based Intune, updates are still being deployed from our on-premises SCCM. A complete migration to the cloud will take time, especially for larger organizations with tens or even hundreds of thousands of machines. This transition is hindered by legacy applications that are incompatible with Intune. To facilitate a smooth migration, Microsoft must either enable the use of these legacy applications within Intune or provide equivalent cloud-based alternatives.

Historically, application management involved installing software on users' machines. However, many organizations now utilize software-as-a-service models that are accessible through web portals like Intune. We also employ App-V to virtualize legacy applications, allowing access to any physical or virtual machine. Our current methods include direct endpoint installation, SCCM deployment, and App-V server hosting applications. We introduced App-V as a virtual application platform to address challenges like developer environment inconsistencies and license costs. By centralizing applications and implementing a first-come, first-served licensing model, App-V reduces costs, improves accessibility, and simplifies management.

Intune consolidates our endpoint and security management tools into a single, user-friendly platform. It seamlessly integrates existing on-premises policies, allowing for easy creation or upload. Organizations migrating to Intune or replacing on-premises Active Directory can effortlessly establish new policies. Unlike the complexities of on-premises management, Intune simplifies policy creation and implementation through a click-based interface, eliminating registry changes. Additionally, Intune's cloud-based architecture ensures consistent policy application across devices, avoiding the delays and potential bandwidth issues associated with on-premises servers. Microsoft's robust infrastructure provides reliable performance, making Intune an efficient and effective solution for managing endpoints and security.

Intune users appreciate its flexibility compared to traditional on-premises Active Directory systems. For instance, with on-premises AD, policy implementation requires the user to be physically present in the office. In contrast, Intune enables remote policy management, as demonstrated by the scenario where a user's account is locked on an Intune-managed laptop. Even if the user cannot log in to the device, unlocking the account in Azure AD automatically unlocks it on the laptop, regardless of location. This significantly improved over previous methods involving complex workarounds like sharing local profile passwords. Intune's integration with Azure AD simplifies account management and provides seamless access for remote users.

We manage multiple users who use Azure AD and Azure VDI machines but often prefer using the VDI machines over their laptops. To address this, we proactively contact users whose laptops haven't reported to Intune in 20-30 days, informing them of potential removal and providing additional notifications through tools like Nexting or SysTrack. We also send emails to users whose assigned machines are inactive, warning of removal if usage doesn't resume within 30 days. Additionally, we monitor machine downtime, login times, and compliance status while pushing necessary policies and updates. Our organization utilizes a hybrid model combining Intune for machine management and BitLocker encryption with SCCM for software updates due to the ongoing migration from on-premises to cloud-based solutions. While Intune enrollment and management are in place, we anticipate a full transition to Intune in the future.

We are using Intune Suites Cloud PKI to assign certificates to users. Previously, we managed Microsoft certificates on a hosted server. This process was manual. However, Intune now automates certificate management. Once a machine connects to Intune and authenticates, the necessary certificates are pushed without manual intervention. VPN login requires both a user and device certificate for compliance. Intune offers certificate management from both Microsoft and third-party vendors. Due to cost considerations, we are transitioning to a different certificate provider within our organization.

We have implemented Copilot in Microsoft Teams and Zoom to improve meeting efficiency significantly. Copilot automatically generates meeting minutes, including attendee lists, saving valuable time compared to manual creation. Additionally, it provides real-time meeting summaries, allowing latecomers to grasp discussed topics quickly. By automating these tasks, Copilot frees up approximately half an hour per meeting, enabling us to focus on more productive activities.

For IT and security operations, our company has implemented Copilot by hosting all ChatGPT features on-premises. As a financial company, we cannot access external AI tools directly. Therefore, our system interacts with our server rather than the Internet, allowing us to utilize ChatGPT capabilities based on our specific business needs.

Intune has significantly improved our device management process. Previously, we had to physically build machines on-site, requiring users to come to the office. Now, we can remotely push updates and assist users from anywhere, saving them time and eliminating the need for travel. Additionally, Intune's dashboard provides comprehensive insights into our device fleet, including compliance status, update failures, and application installations. This centralized view has increased our efficiency and proactivity in addressing issues compared to our previous reliance on SCCM reports.

When enrolling personally owned devices, Intune applies organizational-level settings. This prevents downloads to local machines when using Office 365 applications or Teams. We can restrict downloads to specific containers that cannot be copied to other folders. Alternatively, we can limit application usage to on-premises or organizational machines. While our current setup allows Office 365 access on handheld devices, downloads and uploads are blocked. Intune offers this level of control, preventing data transfer to or from the device, regardless of whether it's personally owned or a company-issued app.

We are upgrading our privilege management policies to mirror those already existing in our on-premises Active Directory. While we are not making substantive changes, Intune's endpoint privilege management offers significant improvements over our previous approach. By consolidating multiple policies into a few comprehensive ones, we can more effectively restrict user actions based on organizational hierarchy. This streamlined process eliminates the need for extensive group management in Active Directory and saves time overall.

Once implemented, our policies will reduce the attack surface by restricting service access only to users possessing an infrastructure organization certificate, which we have obtained. Additionally, we will enforce IP-level restrictions, preventing access from personal devices or those outside our specified IP ranges. We can implement these restrictions at the IP, device, or certificate level.

Intune has significantly reduced our costs. Previously, we managed multiple servers, but now we rely solely on a CCM server, which will be decommissioned soon. This eliminates the need for on-site server infrastructure, backup systems, dedicated staff, and extensive network support. With Intune, we can host the CCM server in a central location and avoid latency issues associated with multiple servers across different regions. Additionally, expanding to new offices no longer requires building additional data centers. Intune's cloud-based platform allows remote access from any location without needing on-premises infrastructure. As a result, many organizations, especially smaller ones, are adopting cloud-based solutions and eliminating the need for physical servers and laptops. Employees can leverage their own devices to access applications through Intune, further reducing costs and increasing flexibility.

We can primarily manage security posture through Intune. However, due to pricing, we will likely use a third-party solution for device certificates. Interestingly, Microsoft seems to be introducing third-party vendor options within their portal. Ultimately, the security team will evaluate all options, including Intune, considering factors like policies, pros, cons, and pricing before deciding.

Intune Suite's integration with Microsoft 365 and Microsoft Security provides robust capabilities for centrally managing both cloud and co-managed devices. Previously, managing Exchange, Active Directory, and applications required separate teams, but Intune has streamlined this process, enabling efficient management of all mailboxes across devices from a single platform. It's incredibly easy to manage, allowing for remote administration and policy creation. Unlike the previous process of manually creating and testing Group Policy updates, Intune simplifies policy creation and testing with just a few clicks. Additionally, Intune eliminates the challenges of server-based upgrades by providing centralized management and control.

We are currently utilizing multiple security solutions, leading to a complex environment. Due to cost considerations, we are transitioning from Microsoft's device certificate to a solution from a different vendor. Additionally, we are integrating this new solution with Intune and have replaced Jamf to manage our MacBook fleet. This change eliminates Jamf license costs while allowing us to manage Mac devices through Intune centrally. Similar to our previous use of Jamf, we incurred costs in a previous company but have successfully eliminated them by consolidating management within Intune. Furthermore, we are exploring Microsoft's evolving Office 365 licensing options. The latest E5 license offers integrated phone capabilities, replacing the need for separate devices like Cisco or Avaya phones. This consolidation allows users to make domestic and international calls through Microsoft Teams directly.

Previously, we relied on third-party applications like PointSec for mobile device security before Microsoft introduced BitLocker. PointSec required complex management, including console login, authentication, and handshake processes. BitLocker offered a cost-effective solution, initially used independently of Intune. However, Microsoft integrated BitLocker and Active Directory into Intune, simplifying management. While our previous company used an outdated AD environment that was difficult to migrate, Intune's integration with AD FS eliminated these concerns. Intune now allows us to easily manage BitLocker, including remote device wiping, providing enhanced security and control over mobile devices.

We currently aren't building any data centers. Previously, we did, but now we're facing a tenant-related issue. When accessing a US-hosted Azure machine from India, latency is a problem regardless of whether we're using a data center, our own, or Intune. I believe Microsoft could offer a feature to create a nearby tenant, allowing users in India to create one there rather than dealing with multiple tenants, policies, and groups for different regions. For example, if a company with a US-based data center expands to India, they currently need to create a separate Indian tenant to provide machines for Indian employees. Instead, Microsoft could potentially offer a peer-to-peer connectivity solution or similar approach, enabling access to US-based machines from India without requiring additional tenants or administrative overhead. This would simplify management, as administrators wouldn't need to handle separate tenants for each region.

There's a significant discrepancy in Intune pricing between tenants. Previously, my company assigned Canadian machines to Indian users due to a lack of Indian tenant options. This resulted in exorbitant costs compared to the drastically lower pricing for identical configurations in India. Given that Microsoft can determine the user's location based on IP address, they could potentially adjust pricing accordingly. For instance, a Canadian machine accessed from India could be charged a reduced rate similar to locally provisioned machines. This would align pricing with the actual location of use rather than solely relying on the tenant or data center.

Intune's lack of support for legacy applications is hindering rapid migration to Intune or Microsoft platforms. Organizations are reluctant to switch due to Intune's limitations and potential cost implications compared to alternatives like AWS or Google Cloud. While many organizations are using Intune and registering applications, they often rely on other cloud providers for specific services like storage or SQL. Given the extensive use and reliability of platforms like AWS over the past decade, Microsoft should consider offering competitive pricing and comparable services to encourage wider adoption of Intune.

I have been using Microsoft Intune for two and a half years.

I have never experienced any stability issues with Intune. If something occurs, it is resolved in a fraction of a second. I would rate the stability ten out of ten.

I would rate the scalability of Intune nine out of ten. The scalability is dependent on the configuration. To increase usage, we have to pay more.

The technical support is good.

Positive

Previously, we relied on SCCM and on-premises Active Directory, which was challenging due to manual account management and group assignments. Intune has significantly improved this by allowing us to implement policies upon user creation and automatic replication. Active Directory management was often problematic, with group removals due to scripts and inconsistent replication across different locations. Intune's cloud-based nature ensures faster updates and accessibility regardless of location or VPN status. This flexibility benefits both IT staff and end users. Intune's integration with Windows and potential for future enhancements, such as system health monitoring, make it the leading choice over third-party solutions.

Intune deployment is straightforward. Even end users can perform it. All organizational laptops have a built-in operating system. Resetting a laptop returns it to factory settings, automatically installing the enterprise OS, ready for Intune enrollment. The only requirement is internet connectivity. Enrollment is simple: log in to the laptop, press Shift, restart, and the device enters enrollment mode.

Deployment time varies based on the operating system's complexity. At my previous company, we deployed twelve applications within the OS. Currently, I manage the deployment of over forty applications through autopilot. The exact duration depends on the specific OS configuration, including the number of applications and other bundled components. Generally, it can take anywhere from two to three and a half hours to complete the process.

Microsoft's pay-as-you-go pricing model for Intune could benefit from a Google-like approach. While Microsoft charges for actual usage, it lacks discount options. In contrast, Google offers discounts based on usage duration, rewarding customers for extended service utilization. AWS also provides organizational-level discounts, demonstrating alternative pricing strategies. Intune's current focus on cost savings through service adoption is effective, but incorporating usage-based discounts could enhance its competitiveness and attract more customers. While the current pricing is market-competitive, additional discounts could position Intune as a more compelling option.

I would rate Microsoft Intune ten out of ten. Previously, we had to physically go to the office to build machines. Now, we no longer need to build them on-site, as Intune allows us to manage many aspects of devices remotely and easily without a VPN connection. It's truly a SaaS solution.

If someone is interested in using Intune, I would need to assess their enterprise's size, work location, and specific needs to determine if it's suitable. Intune is particularly beneficial for remote workforces and larger organizations due to its ease of management and scalability. I would evaluate their department structure, policies, applications, and existing infrastructure to provide tailored recommendations. Intune's cloud-based nature eliminates the need for on-premises infrastructure, reducing complexity and administrative overhead. Additionally, it consolidates management responsibilities, allowing for efficient oversight of various IT functions. Compared to traditional IT setups, Intune simplifies email management with cloud-based solutions like Office 365, offering increased storage, accessibility, and device compatibility.

Approximately 60 of our 100 employees utilize Intune, and the platform manages 100 percent of their devices.

Intune generally requires minimal maintenance, but this depends entirely on the complexity of our created policies, including allowed and restricted settings. While Microsoft offers guidance to minimize management efforts, adhering strictly to their recommendations is essential for full automation. Customizations may necessitate ongoing maintenance. Ultimately, closely following Microsoft's guidelines will optimize Intune management and minimize our workload.

We also use Bing Copilot, but I find Bing AI less effective than ChatGPT. Bing frequently requires multiple prompts before providing a response, whereas ChatGPT typically delivers accurate answers more directly. For instance, when asking for a Microsoft Outlook KB article, Bing requested clarification on the term "KB," while ChatGPT promptly provided relevant KB articles. It seems Microsoft's AI could benefit from further development to match ChatGPT's capabilities.

I recommend Microsoft Intune for larger organizations. Legacy applications may not be compatible with Intune, preventing their use. Smaller companies might consider Software as a Service solution like Office 365 instead, offering email, PowerPoint, and other tools without requiring Intune. Enrolling devices in Intune for small businesses might not be justified due to the costs and IT management overhead. However, for organizations with 1,000 or more employees, Intune can provide enhanced security and device management. If Intune pricing is scalable based on the number of enrolled devices, smaller companies could evaluate it. Ultimately, the decision depends on the organization's size, IT resources, and security needs.

Our main use case for Microsoft Intune is for laptops in remote situations where the client is remote and not where we are locally, as well as when the end user is not at the home office. When they get a new computer, they open it up out of the box and then it connects to the internet and it will automatically set up their username to the brand new computer. It'll download apps, it'll set up security policies, it'll connect, program in the company Wi-Fi, the network settings, mapping drives. This enables automated remote setup and management of the computer.

We provide IT support through a managed service provider (MSP) model, offering both hourly work and contracted managed services. 

Once the initial setup is complete, which involves running PowerShell commands, programming, and testing, the product becomes very user-friendly for end users, particularly for Level 1 tech support staff. After Level 3 network engineers have configured everything, it becomes easy for frontline support personnel to manage the computers effectively. This system allows a Level 1 technician to address various needs without having to remote into the end user's computer. For instance, if a user requires a new printer, the technician can simply deploy the printer driver remotely. If access to certain resources is needed, that can also be pushed out without direct interaction. Additionally, the capability to remotely apply or remove settings is crucial. If a machine is lost or confiscated, technicians can lock it down or even wipe the data remotely. In the event of an operating system failure, they can instruct the computer to reinstall the system from a distance.

In this way, once properly set up, Microsoft Intune significantly alleviates the headaches and hassles faced by Level 1 tech support staff when addressing end user issues. The system is not only designed for setting up computers but also for maintaining them and assisting in troubleshooting. Without Microsoft Intune, it would be extremely challenging, if not impossible, for a large company to send out computers to users and have them set up and ready to use right out of the box in a remote location. If a vendor needs to ship a brand new computer to a user whose previous computer has broken, the process becomes much simpler. The user doesn’t need to be on the phone for setup; the computer connects to Microsoft servers remotely and sets itself up automatically.

Our client has around 300 machines, and initially, their goal was to complete the setup of one or two machines each week. However, after implementing Intune for them, they have been able to set up and install approximately 30 machines per week. This has significantly exceeded their expectations, allowing them to accomplish far more than they initially planned.

The best feature of Microsoft Intune is that since it's working with Microsoft servers and the Microsoft operating system, it's tightly integrated. There's a lot of documentation and resources for training. It's the first step to remote managing a Windows-based laptop or machine that you want to use out of the box. Even if you use a third party, they're still built on Microsoft services.

There are some cases where features of Microsoft Intune have changed, and sometimes it's tricky to find the answer. It's such a mass amount of information that searching for the solution to why something isn't working as expected is sometimes tricky or daunting. That's where the AI searches with ChatGPT and CoPilots come in because those AIs are helping us search a vast amount of data all at once. We can type in our question and formulate it to get the steps to the problem, the answer, and then verify it or write a script. We're leveraging AI to search the vast amount of old solutions, new solutions, and potential solutions all at once.

We've been learning Microsoft Intune for a year and a half and have just started to use it.

We haven't used their support. The documentation has been pretty good so far. It has allowed us to meet our clients' needs and deadlines and remotely manage, install their software, remove software, and ensure compliance.

When it comes to the IT department, regardless of individual skill levels, setting up and using these systems requires dedication. It's not something one can merely "hack" their way through; you need to start from the basics and understand the complexities involved. This isn't necessarily Microsoft's fault; rather, it's a reflection of the intricate problems and challenges that Intune addresses.

Intune is designed to handle complex issues, and Microsoft has made it as user-friendly as possible given the many options and components involved. It interacts with various parts of the computer, including group policies, on-premises servers, hybrid systems, and cloud-based solutions like Azure. With such a wide range of capabilities, it's not something you can simply learn by watching a single YouTube video. To effectively use Intune, you need to read and study the material. In summary, it requires a highly skilled individual to properly implement and manage this technology.

The deployment model is what's called a hybrid join with Microsoft Intune. The client has an on-premise server and an off-premise Azure cloud server. Because some of their software is still local and the way they have their network set up, we have to do it as a hybrid, which is one of the more complicated ways to do it, but we've been able to get it done. That's considered a temporary solution by Microsoft. Once you get it all working, there are some changes that you make where it's no longer hybrid.

We've just started taking a look at CoPilot in Microsoft Intune. We use a combination of ChatGPT and CoPilot to get answers and help write scripts quicker or to search for problems quicker. 

I would recommend Microsoft Intune to others because it's the industry standard for doing what it does. There's not really another option.

I would rate Microsoft Intune an eight out of ten.

As an administrator and user of Microsoft Intune, we have implemented several key features. Currently, we are using it for Windows updates across the whole company, pushing updates through Microsoft Intune. We also use it for the mass deployment of new applications.

Additionally, for security and access, we implement conditional access controls through Microsoft Intune. We have completed corporate device configuration and starting new journey on bring your own device (BYOD) management.

We use enterprise application management features in Microsoft Intune, with most applications integrated without multi-factor authentication previously. We need to control the number of devices accessing our environment to prevent data breaches or PII issues.

The most useful features in Microsoft Intune are the policy enforcement and conditional access. These features make our operations easier from a company perspective. Each company has its own policies, which are often only written in documents. By using Microsoft Intune, we can enforce these policies throughout the organization, binding everyone together instead of just having documented policies.

Microsoft needs to strategize its licensing structure. When using Microsoft Intune, we bought a small scale of controls, only controlling part of the devices, though Microsoft Intune can do much more. The Intune Suite offers more features, allowing extensive integration with either internal or cloud environments without requiring third-party licensing. However, each feature has a separate license, making logistics and cost management difficult if not strategically bundled together.

I have been working with Microsoft Intune for at least 2 years.

I would rate technical support from Microsoft a nine out of ten.

Positive

We previously used System Center Configuration Management (SCCM). With SCCM, out of 10,000 staff members, only 2,000 to 3,000 received updates and deployments. The updates were slower, and using SCCM caused more network congestion as updates were pushed through the internal network. With Microsoft Intune's cloud-based deployment, users can receive updates and application deployment almost everywhere, and they get updates almost daily. This keeps machines up to date and helps reduce vulnerabilities.

It's easy. In terms of cloud, I am mainly focusing on Azure. There are other divisions that handle AWS and also Huawei Cloud.

While managing Microsoft Intune, we experience some glitches in our hybrid environment with on-premises Active Directory. If the on-premises system has an issue, it can synchronize to the cloud with additional problems. This requires resolution on both sides, which is difficult. It's not Microsoft Intune's fault; it's due to our environment. For companies wanting to use Microsoft Intune, it's better to avoid a hybrid deployment and join everything to the cloud.

In terms of automatic updating with Microsoft Intune, users sometimes complain about needing to restart for weekly updates. Updates are automatically pushed to devices for security purposes. Microsoft Intune helps us manage these updates automatically, unlike SCCM, which requires manual work.

We conducted workshops with Microsoft to ensure we hosted management internally instead of paying third parties. We mobilized our internal team, which has allowed us to avoid additional costs related to external services.

All security solutions worldwide are expensive. Microsoft has allowed a small scale of features within Microsoft Intune for cost-efficient solutions. If you want the full suite, you need to invest more to gain better security features. It's not necessarily more expensive. You need to choose which features to buy. For basic features, Enterprise Mobility + Security E3 (EMS E3) is the lowest pricing Microsoft can offer.

We plan to explore Microsoft Intune Cloud PKI more, as it's not just a replacement for the CA server on-premises. It's a game changer for SSL certificates, eliminating reliance on third-party solutions such as GlobalSign and DigiCert. We plan to implement Wi-Fi with certificate integration, though this is currently just a vision, as we need to purchase it.

Microsoft Intune focuses on device management, including MDM (mobile device management) and MAM (mobile application management). Microsoft Intune can control various devices, but we currently focus on four operating systems: Android (with Google Play Store) and iOS for mobile devices, and Windows and macOS for computers. Our recommendation for Microsoft Intune would be to use it for managing device resources and ensuring policy enforcement according to company guidelines. Each device must maintain current security to prevent attacks or vulnerabilities.

I would rate Microsoft Intune an eight out of ten. I recommend Microsoft Intune and suggest purchasing it along with Microsoft 365 Suite or Azure, as the Intune Suite is essential for managing everything from antivirus to policies and accessing the environment.

Microsoft Intune policies, remote wipe, and using corporate and private profiles are valuable features, but MFA is the most valuable feature as it ensures that the end user is authentic. After authentication, logs can help us diagnose further. Previously, we didn't know who was using the devices, with every person having 3, 4, or 5 mobile devices registered to their email. We didn't know which device was live or not. With MFA, it is very helpful to identify which one is the last authenticated device. We can also restrict the number of devices using Microsoft Intune.

From an end-user perspective of Microsoft Intune, I haven't experienced any challenges since installation. However, some customers have reported experiencing slowness when using lower versions of the Android system. This observation has been reported to the distributor team, and they are working on it. Hopefully, this issue will be resolved in the next release.

As we have only been using it for six months, it might be too early to identify other areas for improvement. 

We recently started using Microsoft Intune. We just completed about six months of usage.

It is very stable.

We have plans for expanding our business at least 5 to 10% in the next financial year with Microsoft Intune. With most people opting for hybrid work and not coming to the office five days a week, working from home or branch offices, the requirement will definitely grow.

It is too early to provide comprehensive feedback regarding the technical support for Microsoft Intune. We have basic support included in the plan. We have not opted for the advanced support ticket facility. We haven't utilized support services as we haven't faced any issues in the last six months. Without any support scenarios, we cannot comment on response times or resolution quality.

Neutral

We were not using any other solution. The requirement for such a solution came from the data breach incident. After that incident, it was brought to our notice that we needed an MDM solution to protect our data. 

It's very smooth. It's done with two to three clicks. It's very easy.

After installation, Microsoft gave us a vulnerability assessment. Our IT administrators handled the necessary tasks based on the recommendations. The patch management, pushing of patches, and manually updating applications are helpful. They inform us when auto update is off, alerting us to turn on application updates when vulnerabilities are found.

We have not evaluated the measurable benefits since the deployment of Microsoft Intune. With only six months having passed, we need more time to observe and evaluate the returns.

It comes with the E5 plan. We bought the E5 plan from Microsoft.

From a price perspective, the E5 plan we opted for includes features we aren't fully utilizing. Our basic needs were offline Office for end users and cloud-based emails. When we inquired about MDM specifically, they offered separate plans, such as MDM Basic and others. We compared all options and migrated because paying separate license fees for Office and Microsoft 365 mailbox would be more complex. While it is somewhat costly, the major benefit is that we can select licenses only for those using personally owned devices rather than the entire organization.

We had an incident in our organization where we found a data breach in a mobile device, specifically on a personally owned device that employees were bringing in. To protect against this, we evaluated multiple products, including IBM, Microsoft, and ManageEngine. We chose Microsoft Intune as we were already existing Office 365 users. It was easier for us to upgrade the plan from our existing one to E5. It came with a bundle where we received all the services we wanted: private profile, secure download, prevention of sharing corporate data, and access to corporate data. It is easier for us to manage everything from a single console.

ManageEngine's MDM solution was less expensive and of good quality based on our evaluation. However, we couldn't proceed with it because their management console was different, and we were already using Office 365 with a 100 GB mailbox. Migrating all emails would have taken considerable time and risked potential email loss.

Microsoft Copilot is integrated with E5, and some users are utilizing it for writing emails and creating presentations. Copilot is an effective AI engine that helps predict known vulnerabilities and facilitates notification management and task scheduling. 

For endpoint protection, we use Acronis through a separate console, which we've been using for 3-4 years with satisfaction. We are not using Microsoft Defender Advanced Security as it cannot currently integrate with third-party solutions. 

I would rate Microsoft Intune a nine out of ten. It is very stable. The GUI is very good and efficient. Everything is fine. The only issue is with the Android devices.

We use Microsoft Intune as an MDM solution for all of our Windows laptops and some of our company mobile phones. This serves as an endpoint solution we use so we can control the users' laptops or phones and have access to things on their devices.

Without Microsoft Intune, there would be a lot of cybersecurity attacks happening. We need to use Microsoft Intune so we know which devices can access all of our company resources. If they don't have Microsoft Intune, we automatically deny them from accessing company-sensitive information, so it serves as a layer to protect all of our assets.

I appreciate how easy it is to deploy certificates to end users to get control over their device with Microsoft Intune; that's what Microsoft Intune is known for, and that's what we use them for.

The user experience of Microsoft Intune is pretty easy. Initially, the user has to download a certificate, so when we first give them a certificate to download, they download it on their side, and once they verify themselves, we have access to their phone or laptop, which works pretty effectively.

We are using Microsoft Copilot with Microsoft Intune. Microsoft Copilot helps us with the deployment of Microsoft Intune. Previously, things were more difficult to manage, especially when certificates expire, as they need to be pushed out every year. Sometimes we forgot that, and then people's laptops stop working, so Microsoft Copilot helps us stay on track.

Microsoft Copilot is equally as important as Intune. The go hand in hand as it works in conjunction with Microsoft Intune to affect the deployment process.

Microsoft Intune can be improved by making it even more seamless for users to download their certificates. Currently, we have to push it out to their laptop and they have to do some work on their end, but if we could integrate it so it's seamlessly done and the end user doesn't even know that Microsoft Intune is on their laptop and it's just naturally there, that would be even better. This is especially true for Apple devices, such as Apple phones, where you have to push it out and the user has to accept or deny whether Microsoft Intune can have access to these applications. If it were easier for us to do it automatically without getting permission, that would be beneficial, but in today's environment, we have to get permission to access data.

To make it a perfect ten, it would be helpful if there was a better way to troubleshoot user issues, as I've had a few users with corrupt files before and had to redeploy it without knowing the root cause.

We have been using Microsoft Intune for eight years.

I would rate Microsoft Intune a nine out of ten for stability and reliability. We've never really had any issues with it in the past, and if we have, it's maybe one or two random people where their certificate is corrupt or something's wrong, so we just need to go back and redeploy it, which is not really a significant issue.

Microsoft Intune scales very effectively with our growing needs. The only requirement is more licenses, so once we get more licenses, we're able to deploy them more quickly.

I haven't needed to contact customer service or technical support, which is a good sign. Since I haven't had to use them, I have no experience with their quality of service.

Positive

We did not use a different solution. We started with Intune.

My experience with the deployment of Microsoft Intune was good. Initially, I didn't know much about it, so I had to review all the documentation, complete training, and watch videos to get familiar. Once I got a grasp of things, I tested it on my phone and laptop, and when it worked, I felt comfortable deploying it to more people. I eventually deployed it to about 7,000 machines as it scaled up.

The biggest return on investment for using Microsoft Intune comes down to protecting security. We are protecting all of our assets and using it as an endpoint MDM solution, which fulfills our needs.

Microsoft Intune costs about $7 per user per month, which is somewhat on the pricier end. That said, it's a reliable product, so it's fair. If it were less expensive, we would be able to roll it out to more people, so it's definitely something we're considering.

We use Microsoft Intune for Windows products and Jamf for Apple Mac products. I'm not sure if Microsoft Intune works for Macs. If they do, that's something we'd be interested in exploring.

I prefer Microsoft Intune because Jamf is not the most reliable solution based on my personal experience.

We do not use Microsoft Intune Suite's cloud PKI.

We also do not use the Enterprise Application Management features of Microsoft Intune Suite.

I haven't examined the Advanced Endpoint Analytics in the Microsoft Intune Suite yet. That said, we do have it; I just haven't had the opportunity to review it.

I rate Microsoft Intune a nine out of ten.

Microsoft Intune is primarily used for mobile device management (MDM) and mobile application management (MAM) to secure and manage corporate devices, applications, and data.

Microsoft Intune has proven to be highly effective in managing Windows, macOS, iOS, and Android devices. From inventory control and application management to security and compliance, Intune streamlines IT operations, significantly reducing management time. This efficiency allows IT staff to focus more on providing care and support to end users.

Microsoft Intune has significantly enhanced our organization's IT operations by streamlining device management, strengthening security, and improving overall efficiency. Key improvements include:

•  Simplified Device Management: Centralized control over Windows, macOS, iOS, and Android devices, reducing manual configurations and deployment time.

•  Enhanced Security & Compliance: Automated enforcement of security policies, including encryption, access controls, and compliance monitoring, ensuring data protection and regulatory adherence.

•  Improved Application Management: Seamless deployment and management of business-critical applications, reducing downtime and improving user experience.

•  Efficient Remote Work Support: Secure access to corporate resources for remote and hybrid employees, enabling productivity while maintaining security.

•  Reduced IT Workload: Automation of routine tasks, such as software updates and policy enforcement, allowing IT staff to focus on higher-value initiatives and user support.

From my expertise with Microsoft Intune, the most valuable features likely include:

1. Zero-Touch Deployment with Autopilot

• Why? It simplifies device provisioning, allowing new devices to be automatically configured with the correct policies, applications, and security settings. This reduces manual setup time and ensures consistency across the organization.

2. Endpoint Security & Compliance Policies

• Why? Enforcing security baselines, BitLocker encryption, and Defender settings ensures devices remain secure and compliant with industry standards, minimizing security risks.

3. Conditional Access & Integration with Microsoft 365

• Why? Conditional Access helps control who can access corporate resources based on device compliance, location, or risk level, enhancing security without disrupting productivity.

4. Mobile Application Management (MAM)

• Why? It allows control over corporate apps without managing an employee’s entire personal device, making it ideal for BYOD environments while protecting sensitive data.

5. Remote Actions (Wipe, Lock, Reset, and Remote Assistance)

• Why? The ability to remotely wipe lost or stolen devices, reset user passwords, or assist employees in troubleshooting reduces downtime and enhances security.

6. Software & Patch Management

• Why? Automating Windows updates, deploying critical patches, and ensuring app versions remain up to date improves security and reduces IT workload.

Microsoft often updates and modifies the user interface without providing timely documentation for administrators. Changes such as relocating options, renaming settings, or removing features altogether can create confusion. As a result, administrators must search through Microsoft documentation— which may not yet reflect these updates— to identify and adapt to the changes.

I have been utilizing Microsoft Intune across various deployments of the M365 GCC, GCCH, and commercial platforms for approximately 8 to 9 years.

The system itself is great. It is on an enhanced platform that I do not have anything to worry about. The only part I need to worry about is my own redundancy on my side since if my circuit goes down, I will lose connectivity to the platform.

Intune scales effectively as your organization grows. As the user base increases, the cost per user decreases, making it a sustainable solution. Additionally, features like Windows Autopilot simplify zero-touch deployment and device provisioning, saving valuable IT time as you scale.

The need for Microsoft support was minimal due to our ability to rely on available documentation, even though some of it was somewhat outdated. We were able to effectively use this documentation to understand the functionality and features of Intune within our organization's operations. While there were occasional gaps in the documentation, our internal expertise and familiarity with Microsoft 365 allowed us to navigate and implement the necessary configurations without significant external support. This proactive approach helped streamline the deployment and ongoing management of the platform.

Neutral

No, switching is unnecessary. Microsoft allows for the integration of third-party solutions or the development of custom alternatives within Power Platform.

The initial setup of Microsoft Intune can be considered relatively straightforward, but with some complexity that requires an engineering mindset for full optimization.

At a high level, the process involves configuring the service, setting up device policies, integrating with Azure Active Directory, and applying security settings. For organizations that already use Microsoft 365 services, the setup is generally more streamlined due to the integration with Azure AD, which simplifies user and device management.

However, for an engineer, the complexity arises in designing the policies, determining which configurations and security measures are required based on organizational needs, and ensuring that devices across multiple platforms (Windows, macOS, iOS, Android) are properly managed. The setup process also requires thoughtful planning to align with compliance requirements, such as data protection, encryption, and remote wipe capabilities. Configuring these settings with precision is crucial to avoid security vulnerabilities.

Moreover, the engineering mindset is essential when working with advanced configurations, such as conditional access policies, application deployment strategies, or setting up integration with other Microsoft services like Endpoint Manager or Defender for Endpoint. Testing and fine-tuning these configurations to ensure they work as intended across various devices and user profiles can add complexity but is necessary for long-term success and security.

Overall, while the setup can be streamlined, a thorough understanding of your organization’s IT architecture and security requirements is essential to leverage Intune effectively.

I collaborated with our in-house team to deploy Microsoft Intune as part of the broader Microsoft 365 suite. Together, we leveraged our internal resources and expertise to integrate Intune seamlessly into our existing environment, ensuring smooth deployment and configuration. By utilizing our team’s knowledge of our organization’s infrastructure and security requirements, we were able to customize Intune settings to meet our specific needs, providing a secure and efficient device management solution across the organization.

The resources required to house and manage numerous physical servers, maintain various third-party software license bundles, and handle the upkeep of the infrastructure—including costs for cooling, electricity, and regular maintenance—would incur a significant financial burden. When compared to an all-in-one, secure Microsoft cloud-based solution, the contrast becomes clear. The cloud eliminates the need for extensive physical maintenance, providing built-in security and scalability. It offers the flexibility to seamlessly integrate additional products, reducing the reliance on physical devices. This not only simplifies IT management but also reduces overall operational costs, making the Microsoft cloud-based solution the most cost-effective and efficient choice for businesses.

For businesses, especially those in regulated industries, the cost of security features like encryption, data loss prevention, and multi-factor authentication can add up quickly if purchased individually. However, with Microsoft 365, particularly in environments like GCC High, these essential features are bundled together, providing strong protection without the need for additional third-party solutions. For example, $1,000 per year for an end-user on GCC High is a competitive price when considering the built-in compliance certifications and government-grade encryption.

Although the pricing may seem high at first glance, Microsoft’s licensing model is structured to scale with the growth of an organization. As the business expands, the cost per user decreases, making it a long-term investment that supports growth and adaptability. Features like Windows Autopilot for zero-touch deployment, MDM (Mobile Device Management), and MAM (Mobile Application Management) simplify the management of an expanding device fleet, reducing administrative overhead.

A key advantage of Microsoft 365, including Intune, is its seamless integration with the wider Microsoft ecosystem. From SharePoint and OneDrive to Azure AD and Microsoft Teams, these components work together as a unified solution. The pricing reflects this comprehensive value, streamlining the management of various enterprise functions from a single platform and saving time and resources in the process.

We did evaluate other options, which were developed within Power Platform. These alternatives offer the same level of security, as they are built within the same platform as Microsoft Intune.

Overall, Microsoft Intune is a powerful tool for managing devices, securing corporate data, and integrating with the broader Microsoft ecosystem. A 9/10 rating reflects its strengths and the few areas where it could further enhance its capabilities.

We are using various security solutions and implementing a Zero Trust framework for our organization. Intune is part of this framework.

We are transforming our flat network by adopting different cloud solutions, and our own applications are hosted in the cloud. Intune ensures our security throughout our entire cloud-based system, improving our security posture.

Intune is valuable for managing various endpoints and integrating with the Azure cloud, which is essential for our organization. The user experience is good because we only use Microsoft solutions, which are user-friendly.

We have Intune's enterprise application management in our pipeline, and our infrastructure and hybrid cloud team are working together to deploy applications using Intune. It has security analytics, and more exciting features are on the way. 

Cloud PKI helps us manage the complexity of certificate infrastructure. Previously, we hosted all the VMs in our own data center, but now we're on the cloud, helping our user base and VMs grow. 

Copilot helps our engineers work better by making suggestions and offering resolution metrics. We can understand and push those patches or fixes from that side.

Intune could be improved by organizing different solutions, like Defender and Sentinel, into a single package. This would allow us to focus on security while Microsoft manages other areas. Having a unified solution would drive better management of various sectors. Although the Intune user experience is good, we should continue enhancing it.

I have used Intune for one and a half years.

Since we started last year, it's relatively new, and I would need more time to fully assess it. However, I have positive thoughts about Microsoft Intune's stability and anticipate it will be beneficial for us.

Intune is scalable, and Microsoft is always focused on scalability, especially for business conglomerates like ours. Scalability has been ensured, and it's working correctly.

I rate Microsoft support seven out of 10. Technical support can be challenging when resources shift, requiring repeated explanations. Support from India sometimes provides information without the right solution. Given our premium support, expert-level service from Microsoft could be enhanced. 

Neutral

Before Microsoft Intune, we used regular security solutions. We chose Microsoft Zero Trust for full security.

The initial setup was aided by our partner, who guided us well. Although there was much to learn initially, current processes have simplified the experience.

We worked with a local reseller, Elevate Solutions, who is implementing the Zero Trust framework for us. They have been committed and focused on implementing the right solutions, which has been helpful.

Earlier incidents caused data loss and required reentry. Microsoft Intune has improved our processes.

We have a limited budget for security investments, so Microsoft should consider reducing pricing in our region. This would make investment more viable, especially since larger businesses in other countries can afford it easily.

We evaluated Google Cloud Platform (GCP) before choosing Microsoft Intune, but since our team is experienced with Microsoft, and Microsoft's clear vision for the future aligns with ours, we chose Microsoft Intune.

I rate Microsoft Intune eight out of 10. 

I'm using Microsoft Intune for user rights and management of groups. I need to make profiles easy for the company while regulating security management of devices like laptops and mobile phones. I create profiles for them, deploy the devices, and manage everything from users to groups, profiles, and deployment.

I appreciate how clear Microsoft Intune is. However, I dislike how it lags sometimes. I cannot work on multiple processes at the same time. For example, I cannot work on one screen to find a problem on a user's account, on another screen to deploy a phone, and on a third screen to work on a profile to make adjustments simultaneously. Microsoft Intune lags and is not responsive when attempting this.

A better and more friendly user interface would be helpful because at first sight, things appear easy. However, it is not immediately clear how profiles work together with groups and why a laptop appears on one device for Windows and at the same time appears on a group separately. If I delete it from a device, it is not deleted from the group. I have to perform multiple checks in order to wipe a device.

Including a profile for Zebra technology devices such as PDAs or printers would be beneficial. I would like to manage these kinds of devices in Microsoft Intune as well.

Incorporating an AI such as Gemini could be valuable. I could ask it questions such as "I have this thing to solve in Microsoft Intune" or "I need to include this new option in a profile for a device" instead of searching for where I need to put it or searching on Google or forums about how to program it. The AI could do it for me.

I have been using Microsoft Intune for almost two years.

I am fine with both stability and responsiveness.

I really do not know because Microsoft Intune is managed from another country. I work from a step below.

I have not had any interactions with customer service.

I am not currently working on developing another solution with Microsoft Intune. I am using the existing one. I am not using any other product for managing my devices.

I do not know at all because I work in IT and the cost and licensing costs are managed by management.

The aspects I have already mentioned include the introduction of AI for some modifications on profiles. I was telling them to spend some time researching how things are working behind the screen, specifically how it works and how I have to think about them working in a backend part.

Before Microsoft Intune, I did not use any other product for device management or EMM remote access. I did not search about them and have no problem because I have more focus on how to improve the existing solution in Microsoft Intune for deployment to make it faster.

I do not know anything about the technical support and have not escalated any questions to them. My overall rating for this review is 8.

Its price is reasonable. It is a part of our M365 suite.

I have not been satisfied with it, and I am planning to change it soon. There are a lot of updates coming from Microsoft that suddenly affect our security policies. With each update, a new feature is introduced. However, there's often no clear advice regarding these changes. If we encounter a problem, we have to rely on the Microsoft Community to discover that a new feature has impacted our security policy, at which point we need to make adjustments. That's why I plan to position our operations around an agnostic tool.

Overall, Intune is quite complex, especially if you have conditional access associated.

They can cover Apple iOS in the future to enhance its functionality.

I have been working with Microsoft Intune for more than 5 years.

The kind of issues I face include a lot of updates coming from Microsoft that all of a sudden affect our security policies.

Technical support by Microsoft is okay.

Neutral

We are not using Microsoft Intune for patch management. We are looking into Kaseya. I am satisfied with Kaseya, which is why I would like to further evaluate standardizing Kaseya across the organization. I don't want to utilize Microsoft Intune because I prefer an agnostic solution rather than one that is heavily reliant on a specific brand.

Its deployment was neither easy nor difficult.

I don't have any problem as far as cost is concerned. It is bundled with our license. 

I would rate Microsoft Intune a seven out of ten.