Microsoft Intune Reviews

I have worked on multiple projects during these four years and encountered various scenarios with Intune. The major issue I found is Intune's vastness; it has numerous features within a single MDM portal. We can deploy unlimited features from the Intune portal to manage devices and protect the environment. Intune's capabilities are extensive, but there is room for improvement in certain areas, particularly reporting. Intune's reporting functionality is still under development, and we can anticipate further advancements in this area.

I previously worked as a solution engineer and am currently a call center agent in IT. I have worked on all sorts of Intune-related issues, including those related to mobile devices, Windows devices, enrollment processes, and policies. My expertise includes Autopilot, GP enrollment, the enrollment process for Windows, iOS, and mobile devices, as well as configuration profiles for multiple devices and platforms. I have also worked on scripts. As an escalation engineer, I have dealt with a wide variety of user issues.

The primary benefit of implementing Intune is the ability to manage devices, including controlling access, deploying applications, and enforcing restriction policies. As administrators, we gain control over which applications and websites users can access on their devices. Additionally, we can seamlessly deploy applications and configure network settings according to our organization's or client's specific requirements. Intune enables us to manage devices, deploy applications, and enforce policies, ensuring that devices within our environment adhere to our company's standards.

My deployment is primarily cloud-based, but I also have knowledge of hybrid environments. I have limited on-premises experience, having only observed local Active Directory servers. I can configure them theoretically, but I wouldn't consider myself a trained engineer in that area. With hybrid environments, I understand how to implement and integrate the hybrid components with Intune for a seamless and error-free deployment.

We can integrate endpoints directly into Intune, enabling us to access the options on the Intune portal. Intune is a seamless feature that collaborates with various services within the Azure ecosystem, essentially relying on Azure for its functionality. An essential collaboration exists between Azure AD and Intune. Similarly, Defender, another Microsoft service, must be integrated with Intune to remediate threats. In essence, Intune is a unique entity that requires communication with other Azure services. Configuration and connectivity are necessary to achieve this integration. Once integrated, we can access other endpoints directly from the Intune portal.

The user interface is straightforward, and the configuration profiles are easily accessible to the administrator. There are multiple ways to implement a single setting or policy on a device, including the deployment of several policies. A new feature allows for the creation of policy sets that can be deployed to different locations within an organization, streamlining management for administrators across multiple regions. This is a valuable feature that saves time and increases efficiency. Policy sets can be created, and locations can be assigned to them, ensuring that any enrolled device or user within that location receives the predefined policies. Group tags further enhance this process by automatically applying policy sets to devices or users added to specific group tags. Overall, Intune offers numerous features that enhance administrator productivity, including the ability to efficiently manage and track policy deployments.

The enterprise application management feature is excellent. If we've deployed applications using the application management services, we can provide updates directly, eliminating the need to repackage them. With application management, if an application is deployed in a region with multiple devices, those applications automatically update once an update is available. It's one of Intune's best features and was recently integrated. While I need to explore it further, I've previously used it to deploy applications in a region, and any auto-updates from the store were applied seamlessly. This is a significant benefit of Intune.

The PKI process in Intune is excellent, though it can be complex for administrators. Intune's reporting has improved since last year's changes, and removing one PKI component has simplified the troubleshooting log collection. Once correctly configured, this reliable feature allows direct certificate deployment to users and devices, eliminating the need for constant password and user ID entry. Users can seamlessly log in with their certificate across various applications, such as email or VPN profiles, enhancing convenience and security. Overall, Intune's PKI capabilities significantly benefit streamlined authentication and access management.

How we use Copilot depends on the specific needs of the enterprise. For clients with an existing on-premises environment, which typically includes multiple servers and domain controllers, there's often a gradual desire to migrate to the cloud. In these cases, we recommend Copilot, where we can implement an Intune environment and facilitate the gradual transition of devices from SCCM to Intune. These scenarios represent the primary use cases for deploying Copilot for device management, as it offers an optimal solution for managing devices during the on-premises to cloud transition. For remote users unable to access the physical office, device enrollment ensures cloud-based management. In contrast, restricted environments necessitate on-site presence. While VPN offers an interim solution, enabling remote device management through on-premises connectivity, it incurs additional costs. Ultimately, we advocate for cloud adoption as a cost-effective and simplified approach to device management, aligned with the ongoing evolution towards cloud-based solutions.

Intune has significantly improved our organization. Firstly, it allows users to work securely from anywhere, as the device is managed and policies, settings, and restrictions are deployed over the cloud, regardless of the location. Additionally, we can deploy various policies and regulations for security, simplifying device management. From an admin perspective, Intune streamlines device management by allowing us to simultaneously deploy policies to multiple devices. Enrollment is also effortless, as devices can be shipped directly from the vendor to the user and ready for use. This eliminates the previous admin tasks of deploying custom OS images and managing policies via SSCM, ultimately improving productivity.

Intune's ability to secure hybrid work and protect data on company and BYOD devices involves security restriction and conditional access policies. These settings provide significant device security. For instance, we have unconditional access policies and app protection policies. These policies allow us to secure data users might share with other devices or native applications. With conditional access, we can require devices to be managed by Intune before accessing corporate data, ensuring they receive necessary restriction and protection policies to prevent sharing corporate data with unauthorized applications. This significantly enhances corporate data security. While user agents offer data security benefits, Microsoft Defender and Office 365's data loss prevention policies strengthen our overall protection.

Intune has helped save 90 percent of our costs.

The security provided by Intune is excellent. The security policies deployed through Intune significantly enhance device security, encompassing data protection, device restrictions, Wi-Fi settings, and proxy configurations. Additionally, Intune can deploy antivirus software if we have the appropriate licenses, further bolstering security. Overall, I'd estimate that Intune provides roughly 80 percent reliability in terms of security.

Intune's ability to integrate with Microsoft 365 and Microsoft Security for both cloud and co-managed devices is crucial because, in isolation, Intune is limited. To make its features work reliably and meet specific requirements, integration with Office 365, Defender, and local AD is necessary. This integration enhances security on devices and enables advanced features like data loss prevention through Office 365. While Intune offers security policies, integration with Office 365 unlocks their full potential for comprehensive device protection.

What I like most about Intune is its seamless enrollment process, particularly the Autopilot method. Autopilot allows bulk enrollment of devices, making it easy for end users, even those without technical expertise, to use their devices immediately. While there might be occasional error messages during configuration, when done correctly by the administrator, Autopilot is the best feature currently available.

Intune is excellent. It is constantly evolving, from the legacy portal to the current endpoint management; we are seeing a gradual number of changes, and many features have been implemented and added to the Intune portal. The interface is great and user-friendly. Even someone without much MDM experience but needing access to the Intune portal would be able to understand that these are Windows devices and these are the policies they can deploy. The portal's overall UI is user-friendly. Furthermore, the categorization of devices and policies on the portal is excellent. We can categorize devices, look for conditional access, and check for configuration compliance in a specific location. The categorization is the best way currently available.

The worst aspect is the reporting. We are still in the development phase of reporting, and it is not always accurate. Sometimes, we don't receive the correct report, devices aren't listed as they should be in the Intune portal, or deployed applications and user policies aren't reported by Intune even though they are present on a device. There is room for improvement in Intune's reporting capabilities.

If my organization has sensitive data we don't want to leak, deploying the policies can present technical challenges and potential loopholes. While 90 percent of end-users are not technical enough to find these loopholes, a user trained on Intune who understands the background processes and policy weaknesses could pose a security risk to the organization.

App protection policy and compliance state. Recently, I encountered a user scenario similar to one I've experienced as an administrator. If my device is enrolled in Intune but not through a corporate method, some loopholes allow administrative control of the device itself. We can un-enroll the device and remove the management profile, yet the Intune portal will still show the device as compliant because it captured the last compliance state. As long as the device reports to Intune, its compliance status in the portal remains unchanged, regardless of its actual state. Only when the device stops checking in with Intune will the last compliant state be displayed, with no indication of non-compliance. The device's Intune compliance state will show the last check-in time. We can leverage the newly integrated data loss prevention feature in Intune to improve the app protection policy, which is currently inconsistently effective. With the appropriate licensing, deploying data loss prevention policies can enhance our protection strategy.

I need to delve into reporting and analytics. The policies, restriction policies, enrollment limitations, and everything else are great. However, one current limitation is that we can't roll back security baseline policies deployed from the Intune portal to a device. Those changes are permanent if a security policy changes the device's registry. If an administrator mistakenly deploys settings from a baseline policy instead of a restriction policy, the only recourse is to reimage the device. In my opinion, baseline settings shouldn't be permanent. However, as developers of the Intune portal, there must be some significance to these clients.

I have been using Microsoft Intune for four years.

I would rate the stability of Microsoft Intune seven out of ten.

I would rate the scalability of Microsoft Intune eight out of ten.

I was the Microsoft Intune Closure Engineer, working in a global support group. My role involved providing solutions for Microsoft, addressing tickets created by users or administrators worldwide. I would rate the overall Microsoft support an average of eight out of ten. The support process begins with a ticket being assigned to a junior engineer with basic understanding, which I'd rate a six. If the user's issue remains unresolved, it escalates to a level two engineer, improving the rating to an eight. In rare cases, unresolved issues are escalated to a senior engineer which would drive the rating up to nine out of ten.

Positive

Before Intune was introduced, we had to use Office 365 for MDM, which had limited options. Then came the legacy Intune portal, followed by the endpoint management folder, the most recent portal we've used. I've also used Jamf and AirWatch a bit, but I'm not as proficient with them as with Intune.

The initial deployment of Intune was complex, with deployment time dependent on the specific environment. For organizations with multiple sites, Intune deployment is particularly challenging and can take four to five months. The migration itself is not a simple task and can be time-consuming. Based on past experience, assessing existing security policies and applications from the on-premises environment is crucial before identifying what can be achieved with Intune, given its limitations compared to SCCM. While Intune can replicate some functionalities achieved through group policies, the migration process can still take a considerable amount of time, ranging from seven to eight months to even one and a half years, depending on the environment's complexity.

Microsoft licenses are costly. Organizations should determine the best license to get the maximum features based on their requirements. Intune comes with multiple licenses, including E3, E5, standalone Intune, and a few more. Microsoft 365 is also an option. There are almost seven license lists where Microsoft Intune is present, except for the standalone license. It's definitely costly. Microsoft could look further into providing some cost-cutting measures for the licenses.

I would rate Microsoft Intune eight out of ten.

Intune includes various features and categories, allowing management of operating systems like Linux, Windows, iOS, macOS, and Android. Its user interface, departmental organization, and enrollment process are all straightforward. However, based on my six years of experience with Microsoft products, including four years specifically with Intune, its reliability is around 80 percent. Occasionally, it doesn't report correctly, or devices fail to receive deployed configurations. In comparison, AirWatch seems more reliable. Despite this, considering my overall experience with Microsoft, it still offers one of the best management solutions. Intune's predecessor, SCCM, which manages devices on-premises, is more reliable because Intune is still developing.

I'm working on two accounts. Under one account, I have a growing number of devices. So far, there are approximately 300,000 Windows devices, 100,000 Android devices, and 250,000 iOS devices in one environment. The number of users is similar. In another environment, which I've been using, there are a large number of devices. It's taking time to load, but I would say there are approximately 400,000 to 500,000 Windows devices in this environment.

Intune is continually evolving. If a feature is currently unavailable or needs improvement, we typically provide feedback to the Intune development team, and they implement or enhance that feature in a future release. In new releases, developers add features, and if there's a need to further develop or enhance those features, we see those improvements in subsequent releases. Maintenance on the Intune portal is necessary to facilitate these dynamic changes. Additionally, the Intune environment itself requires maintenance. This includes managing user accounts and enrolled devices, as well as adjusting restriction and security policies as needed.

I recommend Intune because it offers multiple features within a single environment. Once deployed, you can manage iOS and other platforms from one location. However, there's a caveat: if you have a highly restricted or complex environment where security is paramount, such as in banking, federal agencies, or similar organizations, you might reconsider using Intune due to potential reliability concerns.

Public Cloud

I have used Microsoft Intune for six months. I used it for MDM solution and MAM, but for the packaging, Autopilot configuration, compliance profiles, compliance policy creation and configuration profile creation, I worked for six months because we were moving assets from SCCM to Microsoft Intune. It was a migration project where I was part of the team. In that project, I worked on the packaging side where I was responsible for creating new packages that were already present on SCCM for laptops. The main use cases for Microsoft Intune are for compliance policy deployment and application deployment for laptops.

I assess the user experience of Microsoft Intune as good. It's cloud-based with no need for on-premise infrastructure. You can access it anywhere and start working on it. You will have the record of data in your hand anytime if you need it quickly. The benefits that Microsoft Intune brings depend on what you are using. It's directly integrated with Azure AD. If you are using on-premise Active Directory, there is a process to integrate easily and use those resources. This tool works beyond the boundary, which is why organizations use it.

What I appreciate about Microsoft Intune are the detection method and the supersedence option, dependencies we can add on, and multiple software we can install with a single package. That's a plus point inside the solution. It's directly integrated with Azure AD, and if you are using on-premise Active Directory, there is a process to integrate easily and use those resources.

I haven't worked extensively with Microsoft Intune to identify many areas for improvement. However, one thing I would suggest is that servers are not getting managed through Microsoft Intune. If that feature would be added, everything would be improved.

I have used Microsoft Intune for six months.

When it comes to the stability and reliability of Microsoft Intune, I don't hear about any downtimes, crashes, or performance issues because it's server-based and those are managed by Microsoft only.

We can discuss Microsoft solutions, Intune or SCCM.

When implementing Microsoft Intune in my environment, it was straightforward. It's not as complex as other tools. It's easy to learn things, and I could easily work on it.

I was part of a team working on a migration project where we were moving assets from SCCM to Microsoft Intune. I worked on the packaging side where I was responsible for creating new packages that were already present on SCCM for laptops.

Everything about ROI and measurable benefits in terms of time saving, cost saving, and resource saving depends on the organization and their requirements. Products get acquired based on requirements. If you have maximum servers, you will go with a solution that patches the software most frequently and is good with compliance. If you are going to manage only laptops and workstations, you should go with a solution that is easy and very low cost to manage.

I don't have any information about the pricing of Microsoft Intune.

Regarding the key differences between Microsoft Intune and JAMF or Ivanti products, there are many things increasing inside Ivanti now. They are working on the cloud part and coming up with new features. I haven't worked on the new features and updates, so I cannot share much experience on that part.

My advice to others considering Microsoft Intune for their organization depends on the infrastructure they have in place. Based on that, they can determine if Microsoft Intune will be best for them. If they are going to manage laptops and desktops only, it will be beneficial for them. They can apply MDM and MAM on those devices if there are few and remote devices. Laptop, iPad, mobiles, Android, iOS, everything can be managed through it. MacOS and Linux can also be managed. On a scale of 1-10, I rate Microsoft Intune a 7 out of 10.

Public Cloud

The main use cases for Microsoft Intune are to manage all types of devices, especially Windows.

The selling points for Microsoft Intune are very good. You don't have to enroll the devices, however, you can still push an app through some policy and with a few restrictions. If you want to push one single app to end-user devices, once you push it, you can also push it along with the security that they cannot copy your data or misuse it. This is one of the key benefits.

Microsoft Intune can be used with co-management. There are clients who don't fully want to go with Microsoft Intune as they are already spending with SCCM or other platforms. They want to partially transition into Microsoft Intune, then later fully transition into it. That's when the co-management works, and that feature is available in Microsoft Intune.

The user experience of Microsoft Intune is good. It's a very old tool, and many engineers are available in the market. There are multiple knowledge articles and videos about this tool. The user experience is good since users understand their path and how to proceed. If users understand that, it's easy for them. In that way, it deserves ten out of ten as users know how to work on this tool.

Everything has remained the same in terms of Enterprise Application Management in Microsoft Intune. App discovery still requires user initiation for installation, whereas auto-installations occur silently and remain on the device screen.

The PKI tool is cloud-based, and they are doing excellent work. In terms of complexity, they reduce the task. You cannot keep giving certificates to all the devices one by one, and the PKI tool handles that. They provide the certificate and stamp on it for the device seamlessly, so you never know the device is secured with this type of certificate.

The granular support for other device types in Microsoft Intune could be improved. Microsoft Intune works well with Windows, however, we are not as well-suited for Mac devices. If you're looking to support Mac, consider other products such as AirWatch or Jamf. MobileIron is not that effective. That said, Jamf is good for Mac. Microsoft Intune offers numerous features for Windows, allowing for substantial customization; however, for Mac, it lacks this capability.

In the next releases of Microsoft Intune, a feature to renew the certificate automatically would be beneficial. Currently, for Wi-Fi certificates, we need to do it manually, which can cause most devices to disconnect and reconnect, resulting in big issues for clients facing connectivity problems. The renewal should happen automatically, and that is something they need to work on.

I have been working with Microsoft Intune for approximately five to six years.

Microsoft Tech Support is good, providing solid support. That said, it often depends on the representative. There are levels of support; level two and level three offer great assistance, while level one primarily collects data and doesn't provide as great of support.

The deployment is okay. It depends, from client to client. It's not like every console needs some time for deployment. So for example, if you're already on the on-prem margin of Intune, then we have a certified vendor who would deploy in the initial phase. I'm talking about initial deployment, where you configure Intune, you log in to a new Intune, and then you add users, and then you add the devices and things like that. So the initial deployment for that, we have certified vendors. Even our company is a certified company that does this deployment. We have certain tools for direct migration. However, if you're trying to deploy from a different console, like AirWatch or a mobile app or things like that, it may take maybe three months, for example. We need to be ready with all the profiles. We need to be ready with all the products. We need to be ready with all the app deployments. We need to be ready with multiple things. That way, once the device is enrolled, it gets what it needs. It gets the certificate. It gets the apps, and the user experience is seamless. 

Obviously, it needs some time. We have worked on two clients and it takes three months minimum.

The cost-effectiveness of Microsoft Intune is about 90%. Most clients, specifically with Windows devices, adopt it, so it's effective. The licensing model has advantages, as they bundle services such as Azure AD with Office 365, which many clients find valuable, leading to Microsoft Intune's dominance in the industry.

The pricing for Microsoft Intune has different types of packages. Currently, if you go with all the packages, the mid-variant of the top-level package such as E3 or E5 offers benefits such as AD and Azure AD. If you require all these tools, it could be cheaper, however, if you do not need certain tools and still want Microsoft Intune, it is not that cheap. It can be quite expensive. 

Additionally, if you are already on one cloud-based platform and moving to Microsoft Intune, the transaction will also involve some costs since deployment is necessary. 

Cost-wise, it varies from project to project. If the client wants to move, they may need to go for the E5 license; the difference between E3 and E5 is not significant. If your organization has a large number of Windows devices, Microsoft Intune is a valuable tool. But for Mac users, Jamf would be recommended.

If you're looking to support Mac, you need to look at other products such as AirWatch or Jamf. MobileIron is not that effective; however, Jamf is good for Mac.

Copilot in Microsoft Intune is a new tool used for answering questions, similar to ChatGPT or Gemini. There are two types of Copilot; even in Workspace ONE, there are similar tools. The licensed version is not used as it comes with a price, and our client doesn't want to go with that. The basic level of Copilot is given, which can answer a few questions, however, it is still under the learning phase. If I ask a question, it sometimes gives an exact answer, yet at other times, it suggests going somewhere else to find it, and there is no button available there. In the paid version, it can perform simple tasks such as pushing or adding devices to a group, however, it wouldn't truly help with the current level of AI. We may need more complex AI for this type of console.

On a scale of one to ten, I rate Microsoft Intune a nine.

I primarily use Microsoft Intune for device monitoring, security, and cybersecurity. My role involves working with devices, monitoring, and enforcing security measures using Microsoft Defender, and synchronizing different security aspects. Microsoft Intune is utilized for tracking device locations, which is crucial for understanding where users are connecting from.

The most valuable features in Microsoft Intune for me are the security features, including Microsoft Defender. I use the device location tracking feature often to determine where users are connecting from. It is greatly beneficial to be able to look for devices, enroll them into groups, and apply management policies. The advanced endpoint analytics feature is effective in detecting potential threats and anomalies, allowing me to share graphical information for better communication and understanding. These capabilities have made a significant impact in my work, providing a comprehensive view of all devices and features in a single platform.

The user interface should be more user-friendly, as it can sometimes be challenging to navigate. Microsoft often relocates features, making it difficult to consistently find what I need. Stability could also be improved, as features tend to move, requiring additional effort to locate them again.

I've been using Microsoft Intune for six years.

I did not encounter any significant deployment issues. The process is straightforward and takes only a few hours.

Microsoft Intune is relatively stable, but I rate it a seven out of ten because features sometimes move, creating additional challenges.

Microsoft Intune is quite scalable, and I rate the scalability aspect eight to nine out of ten, with no major problems encountered.

Customer service and technical support are generally good, with an eight out of ten rating. Occasionally, it takes a while to receive responses from Microsoft, which could be improved.

Positive

I used VMware's cloud solution before Microsoft Intune, but it lacked many features. It was not user-friendly and prone to mistakes, leading me to switch.

The initial setup was easy, earning a nine out of ten for ease.

We occasionally partnered with integrators from countries like Latvia for implementation.

Using Microsoft Intune helps save on management and security costs.

Microsoft Intune is not particularly expensive, especially considering the security features. It costs approximately forty euros per user per month.

I previously evaluated VMware.

I recommend Microsoft Intune because it consolidates many features into one place, making it an efficient solution. I rate the overall solution ten out of ten.

Hybrid Cloud

Other

Microsoft Intune is a comprehensive solution for mobile application management and mobile device management, securing various endpoints like Windows, Android, and Apple devices. It excels in managing BYOD scenarios, employing work profiles to segregate personal and company data, and ensuring device configuration and compliance with company policies.

Intune provides a centralized management solution, although its suitability depends on specific needs and comparisons with alternatives like Jamf, Kandji, or ManageEngine. Overall, Intune is a sufficient solution for general use cases requiring essential device management and data security.

The Intune Analytics section is quite useful, especially for Windows upgrades on remote devices. We frequently utilize it to assess compliance and gather analytics on upgradable devices, including TPM and Secure Boot support, and memory capacity. This allows us to identify devices that meet the requirements for Windows 11 and proceed with deployment accordingly. It's particularly valuable for managing Windows 10 to Windows 11 upgrade scenarios.

Copilot for Microsoft 365 is a valuable tool that I use daily for creating proposals, summarizing Teams meetings, and generating content in Word and PowerPoint. It's even helpful in Outlook on occasion. Additionally, both Bing Enterprise and the standard Copilot in Edge are particularly useful when integrated with Customer Data Protection. This integration allows Copilot to securely access company data, including emails, presentations, and documents, to provide relevant recommendations and answers to queries.

Intune secures Bring Your Own Devices through network access management and work profiles, separating personal and company data. Additionally, it utilizes Defender for Endpoint for device security and facilitates deployment. Features like cloud app security, Microsoft Purview, and data loss prevention further enhance security and compliance, depending on the Microsoft 365 package, protecting both devices and data.

Privilege Access Management sits mostly on Entra ID and is deployed through Intune.

The primary challenge lies in managing employee devices, particularly differentiating between personal and corporate devices. Personal devices often face pushback against deploying security measures, while corporate-owned devices can be managed more securely and effectively. For instance, if a corporate device is lost or stolen, Intune enables remote wiping to protect company data.

Intune has helped in integrating Windows Update for Business to ensure machines are compliant. It provides functionality for workflow management on devices and separating company data from personal data. It is also used for deploying security and compliance capabilities depending on the Office 365 package used.

I find Microsoft Intune valuable primarily for its Windows management capabilities, along with its Android Enterprise and Apple device management for mobile devices. The mobile application management features enable BYOD support and work profiles on personal phones, enhancing security and control. Additionally, Intune excels in configuration and compliance management for Windows 10, ensuring devices receive timely updates and adhere to organizational standards.

While Intune effectively handles basic functionalities such as device management, data separation, and updates, it may present challenges with update times and limited advanced features.

Intune is not the most user-friendly mobile device management platform available. Compared to Jamf, AirWatch, or VMware Workspace ONE, it is not as intuitive or easy to navigate. 

The primary challenge with Intune's enterprise application management feature is its focus on the Microsoft application stack. This limitation makes managing third-party applications difficult, as there is no centralized store or streamlined process for batch operations. Intune lacks the robust support for third-party applications.

Microsoft frequently changes its offerings, so features previously included in Intune might now require Intune Suite. For example, managing device certificates, once an Intune feature, now requires this separate package. Essentially, Microsoft releases new features but places them in Intune Suite, requiring an additional purchase for functionality we might expect in the standard Intune license. This ever-evolving strategy means staying current with Intune can become costly.

I have been using Microsoft Intune for almost five years.

Microsoft's product support can be inadequate, with slow response times and unsatisfactory resolutions impacting the overall user experience. This contrasts with Jamf's support, which is generally perceived as superior due to its responsiveness and effectiveness.

Neutral

Microsoft Intune's costliness stems from licensing fees and the overhead associated with its management, user experience, and device remediation. While its licensing costs are high, the platform's limitations in manageability and user experience customization further contribute to the overall expense. Unlike Jamf, which offers greater flexibility and remedial capabilities, Intune's intrusive, yes or no approach limits user customization and potentially increases support needs. Therefore, determining Intune's true cost of ownership is subjective and depends on how these factors are measured.

I have evaluated Jamf, Kandji, ManageEngine, and VMWare Workspace ONE.

I would rate Microsoft Intune a six out of ten. Its management is not user-friendly, and device additions can take up to 24 hours to synchronize, unlike Jamf, which updates within 15 minutes. This delay is problematic for immediate remediation actions, such as removing harmful content or addressing device exposure, where a 24-hour wait is unacceptable.

It is advisable to prepare for the complexities of Intune and consider Jamf for better support and manageability if working alone. If you plan to use Microsoft Intune, be prepared for manageability and potential delays in changes and support responses.

We are a Dutch MSP delivering modern workplace solutions for all of our clients. We create tailor-made workspace environments for them.

It helps us to transform IT environments of our customers from on-premises to the cloud, focusing on both Azure and the modern workplace.

Windows Autopatch is the most valuable because it removes the burden of patch management. Intune's user experience is pretty smooth. The endpoint analytics works well if you know how to use it as a guess. Microsoft includes a little more added value by default. It's a great source of information. 

Intune should improve its software inventory to provide better metering of which software is used throughout the company. This is especially needed for reporting third-party software solutions.

I have been using Intune since 2017 or 2018.

Intune's stability is good and has improved a lot over the last year.

Scalability works well. It supports organizations with 200 endpoints and those with more than 15,000 endpoints.

I rate Microsoft support eight out of 10. Customer service is pretty good, partly because we have a contract with Microsoft. Transparency is good.

Positive

We used Active Directory group policies and ConfigMgr in the traditional way. However, most of our clients are already on Microsoft 365 Business Premium or the enterprise E3 or E5 stack, so it doesn't make much sense to use solutions from different vendors.

We are a reseller.

One of our clients migrated the model workplace based on Intune, achieving a 78 percent cost reduction, which is quite a lot. Even with the projects around it, they still gain cost benefits in the first year.

It's cost-effective because Intune is included in the E3 and E5 licenses. It's smart because it helps Microsoft sell the license.

I rate Microsoft Intune eight out of 10. There's always room for development.

Public Cloud

Microsoft Azure

Our primary use of Microsoft Intune is for device management and improve security. Initially, it focused on management for Windows devices. However, over time, its capabilities have expanded to encompass mobile device management in general, as well as management for other platforms like iPO, Android and Mac OS devices.

To ensure our devices are manageable regardless of location, we transitioned from an on-premises device management solution to Microsoft Intune. This cloud-based approach allows us to manage devices from anywhere, eliminating the need for them to be on our company network or VPN. Intune empowers us to remotely take actions on devices, including software installation, user identification, performance checks, and even triggering a remote lock if a device is compromised.

While most of our devices are company-owned, we also manage a small number of personal devices. Regardless of location, Intune allows us to manage them all.

Intune streamlines mobile application management by offering a single pane of glass for all devices across platforms, including iOS, Android, MacOS and Windows. It integrates seamlessly with the respective app stores for each platform.

Intune is a key component of a zero-trust security architecture. With Intune, we can manage our entire device fleet from a single platform. This enables us to enforce compliance policies. Intune verifies if devices meet our organization's security standards. We can implement zero-trust access control. Non-compliant devices are blocked from accessing company resources. Secure devices are granted access. Intune helps consolidate security management. It simplifies device security by offering features like compliance checks, security posture assessments, and configuration management - all in one place. Finally, Intune reduces management overhead: Intune streamlines device management by eliminating the need for multiple tools for tasks like patching and application deployment. While it may not offer the full functionality of specialized tools, it provides a comprehensive solution for core device security and configuration needs.

Intune offers comprehensive visibility and IT control over devices across various platforms. This allows for remote management, although integration with additional solutions or configuration might be necessary in some cases. However, Intune provides a single point of control for all our devices. Key functionalities include remote device control. We can manage devices remotely and trigger various actions. As well as advanced features to locate devices, enforce data synchronization, and more. It's important to note that certain advanced functionalities, like admin-level remote control, require device approval and may not be as robust as solutions offered by competitors, such as TeamViewer. Additionally, to access features like privileged email access, privileged device management, and advanced remote assistance, additional licensing is required, resulting in increased costs.

For users, Intune offers a seamless experience. Once their devices are enrolled, they typically don't need to do anything further. This is especially true for end users. For administrators, Intune is also an easy-to-use solution. Being cloud-based, it's accessible from a web portal just like any other SaaS application. The company portal experience is straightforward. Once users understand the basics, they can easily check device compliance and install applications. Overall, the user experience is very positive. However, device enrollment might require some training. Not everyone is comfortable managing their devices themselves. Even though the enrollment process is fairly simple and intuitive, some user training and change management might be necessary, especially for mobile device management in Intune. This is because multi-factor authentication is sometimes required to enroll devices, and some users may need help understanding and completing this step.

It provides a centralized solution for viewing all our devices. It also simplifies enrollment for Windows devices. Once we enable automatic enrollment for on-premises devices or upon user sign-in to company applications, enrollment can be seamlessly done through mobile devices. The most significant benefit is undoubtedly patching. Intune automates the process of keeping devices updated with the latest Windows updates and feature updates. This significantly reduces administrative overhead. After setting up the policies, we can be confident that updates are being applied without needing to constantly monitor them. Intune also offers improved visibility into device compliance. Unlike traditional Group Policies, which may only show successful application but not actual implementation, Intune displays the real-time status of enforced policies on each device. This allows us to see if features like BitLocker encryption or security restrictions are truly active, providing greater confidence in our device security posture. In essence, Intune offers a significant improvement in terms of device visibility and configuration management.

Intune's device compliance policies offer organizations valuable visibility into device settings. This includes essential requirements like BitLocker password complexity and minimum Windows or OS versions. Additionally, these policies allow for the deployment of custom compliance settings. This lets us measure compliance against any specific criteria. For example, one of my clients uses Intune to verify if CrowdStrike is running on the required version and if devices have downloaded the latest updates. By ensuring compliance, we can be confident that devices are secure against the latest vulnerabilities and security risks. This provides an extra layer of assurance. When used in conjunction with conditional access, Intune can block non-compliant devices. This guarantees that only compliant devices can access our organization's resources and applications. From a security standpoint, this offers significant peace of mind.

Application deployment in Intune offers several features that streamline the process. These features include applicability rules. We can deploy applications only to devices that meet specific criteria, such as operating system version or name. This ensures users receive the applications they need and avoids unnecessary installations. Device filtering allows us to exclude devices that don't require the application, further optimizing deployment efficiency. While Windows Win32 applications require packaging, the process is straightforward. Although automation would be ideal, packaging becomes easier with practice. Microsoft could potentially improve Intune by allowing seamless import of SCCM application packages. This would eliminate the need for repackaging and streamline migration. Overall, Intune simplifies application deployment for administrators. Features like self-service installation through the company portal empower users and reduce administrative burden. Packaging requirements vary depending on the application type. Standard applications like Office 365 are straightforward to deploy. Additionally, Intune integrates directly with app stores for iOS and Android apps, eliminating the need for manual packaging for these platforms.

Intune excels at securing hybrid work environments and protecting data on both company-owned and BYODs. It allows for selective wiping of company data from these devices without affecting personal information. However, for data downloaded from company applications like OneDrive, additional security policies might be necessary to ensure its security on downloaded devices, especially BYODs. The good news is that Intune allows the management of BYODs, enabling the deployment of settings, configurations, and security measures to assess the device's security posture. Notably, it's very easy to deploy for BYODs with its mobile application management for iOS and Android. For securing data within applications on Windows devices, Microsoft's Windows Information Protection capabilities seem to have been replaced. There's now a category requirement, likely used to secure data accessed through the Edge browser on privileged devices. This ensures data remains secure when users access it through Edge. It's important to note that some aspects of data security on BYODs might require additional configuration to guarantee complete protection.

Microsoft security signals identify the settings configurations we need to enforce on the devices. Then, it's up to organizations to deploy those settings or configurations. So, it's a good thing. It helps us understand what additional security we need to enable on the devices. Microsoft signals do help us do that, but it may not be enough. We might have various other compliance requirements that not everything would be covered under Microsoft signals, I believe.

Intune's endpoint privilege management is a valuable feature. It allows granting privileges to specific applications instead of giving local admin rights to users or entire devices. This can improve security by minimizing the attack surface. While EPM requires an additional license, it's a worthwhile consideration for many organizations. I've experimented with it in a lab setting, but we haven't deployed it for production use yet.

It has significantly boosted our IT department's productivity by automating many tasks. For instance, we no longer need to create custom images with Autopilot; we can simply deploy application settings configurations. Additionally, Intune seamlessly handles Windows updates and feature updates once they're configured. It's a set-and-forget system. Application deployment is also significantly simplified, saving admins valuable time. Overall, Intune improves IT productivity and empowers users with self-service features. Once trained, users can handle tasks like application installation, device compliance checks, and remediation actions for non-compliant devices.

While Intune isn't designed to identify security breaches directly like Defender does, it plays a crucial role in minimizing our attack surface. This is achieved by deploying the latest updates, configurations, and endpoint security policies. In my experience, Intune has significantly improved our overall security posture by reducing vulnerabilities, but it's not a replacement for breach detection tools.

Intune helps save costs by consolidating multiple endpoint management solutions. For instance, we might have separate solutions for iOS devices, Android devices, and Mac devices. By bringing everything together into a single solution with Intune, we can save on both platform licensing costs and administrative costs. Additionally, Intune reduces the need for additional per-device licensing fees that may have been incurred with separate solutions.

The user interface is well-designed and easy to navigate. It has a simple and well-structured layout, which makes it a pleasure to use. I'm very happy with the overall experience of the Intune portal. They also seem to be continuously improving it, with updates made on a monthly basis.

It streamlined our mobile device management by allowing us to manage both iOS and Windows devices under a single solution. This consolidation reduced the number of consoles and overall management tools required.

The integration of Microsoft Intune with Microsoft 365 and Microsoft Defender for Cloud strengthens cloud management and support for hybrid environments. This unified approach bridges the gap between cloud-based and on-premises device management, allowing organizations to leverage existing infrastructure while transitioning to cloud solutions.

One of the biggest advantages is that it brings the management of Windows, macOS, iOS, Android, and even Linux under a single pane of glass. This means we can manage all our devices from one central location.

A particular advantage is its tight integration for managing Windows devices. Since Intune is a native Microsoft product, it offers a more comprehensive and streamlined experience compared to many third-party solutions.

For mobile device management, Intune includes all the capabilities and features we'd expect from other vendors. However, it goes a step further by allowing us to secure Office 365 apps without needing full device management. This is a significant advantage when compared to other MDM solutions.

We package Win32 applications and import existing packages using solutions like SCCM or third-party tools. While Intune doesn't currently offer third-party application patching, we rely on third-party solutions for that functionality.

A new Intune feature - Enterprise App management allows to deploy Microsoft and Third party apps and keep them up to date but it incurs additional licensing costs. Ideally, this feature should be included in the base license. Similarly, the privilege endpoint management feature also requires additional licensing.

Intune would benefit from offering some core features at no extra cost. The most valuable improvement, in my experience, would be the ability to identify inactive devices through reports. Customizable reporting capabilities within Intune would simplify overall management and allow us to track device activity and inactivity more effectively.

I have been using Microsoft Intune for over 10 years.

Microsoft Intune is an extremely stable product with a small amount of glitches over the years.

I would rate the stability 10 out of 10. 

Intune is cloud-based and therefore highly scalable. I have clients with over 40,000 devices.

The quality of Microsoft's technical support varies based on the level we have. Premium support offers faster escalation for complex issues, while basic support may have longer wait times for a response. However, there's a strong online community around Microsoft Intune. Searching questions online through Google can often lead us to solutions from this community.

Neutral

I have used Jamf, Microsoft Configuration Manager, Altiris Symantec Endpoint Management Suite, and Cisco Meraki Systems Manager. Microsoft is considered a leader in endpoint management solutions. While Jamf excels in specific areas, Microsoft Intune is generally recognized as the market leader due to its comprehensive capabilities. Intune also integrates seamlessly with other solutions such as compliance checks, conditional access policies, and mobile application management. Microsoft Intune offers several advantages over competitors, providing a comprehensive suite of mobile device management capabilities.

The time it takes to implement Intune depends on two factors: the features we want to enable and the size of our organization. Enabling basic management features for common devices like iOS, Android, Mac, and Windows typically takes one to two weeks. This includes enrolling devices and setting up core functionalities. For a full Intune implementation with all its capabilities, the timeline can vary depending on the organization's size. However, simply enrolling devices and exploring basic features can be done in a couple of days.

While the step-by-step guided scenarios make the initial deployment process easier, it still requires familiarity with Intune and some experience using it.

It is available for individual purchase at a low per-device cost. However, it's also included as part of the Microsoft 365 suite license. Additionally, Intune offers various tiers with advanced features at an extra cost.

I would rate Microsoft Intune 9 out of 10.

We have around 20,000 users on Intune and 4 people who work directly with it.

Intune requires annual maintenance to renew push certificates and tokens for business managers. For Windows devices, we might also need to deploy the latest application. Additionally, it's recommended to periodically review devices that are inactive, outdated, or haven't reported to Intune for a set amount of time. While Intune offers a "set and forget" approach for initial configuration, some ongoing maintenance is necessary to ensure its smooth operation.

I recommend Microsoft Intune to others.

Public Cloud

Microsoft Azure

Microsoft Intune serves as our central platform for device management, ensuring timely patching and secure access through conditional controls.

We leverage Intune to automate device onboarding, ensure patch deployment and device compliance, and generate compliance reports. We prioritize patching devices identified as non-compliant through these reports.

Microsoft Intune has played a crucial role in enabling remote work for our facilities under our BYOD policy. It has been essential for our success.

Consolidating all our endpoint security management tools into a single platform significantly improves our IT and security operations. This streamlined approach provides us with the advantage of using only one reporting stack, and it yields synergies that surpass the capabilities of individual solutions from separate vendors.

Integrating Intune with other Microsoft services has streamlined authentication through single sign-on. We're now transitioning to passwordless authentication for enhanced security and convenience within our unified environment.

Last week, for example, someone traveling to China had their laptop stolen. Fortunately, thanks to Intune, we were able to remotely wipe the device, protecting their data.

The incident reporting and analytics tools enable us to monitor our devices' compliance status near-continuously. As licensed customs brokers subject to Department of Homeland Security inspections, this allows us to generate reports quickly and efficiently, reducing inspection time from thirty minutes to three to four minutes.

Intune gives us full visibility into our devices and IT control across all platforms. This has significantly streamlined our management process. Previously, two people in our ten-person department spent their entire time monitoring platforms and fixing issues. Now, only one person devotes 75 percent of their time to these tasks. This means we're accomplishing more with fewer people and less time overall.

It's great, but the issue with any platform like it is the delay between deploying something and it rolling out remotely. However, it's probably the best option available in terms of keeping us informed about what's happening outside our server room or hosting environment.

Microsoft Intune has been instrumental in securing our hybrid work environment and protecting data on company-owned devices (BYOD). Before Intune, if someone lost their phone, wiping it meant erasing all their personal data - photos, documents, everything. Today, with Intune, we can selectively remove only our applications and data. This allows users to recover a lost phone and restore their personal information. Intune empowers us to be more proactive, eliminating the worry of accidentally wiping a misplaced device.

Microsoft Security Signals has become an invaluable addition because it provides centralized reporting capabilities. This one-pane-of-glass view empowers us to easily communicate our security posture internally to management and externally to regulatory agencies and auditors.

I'm impressed with the Intune endpoint privilege management feature. It's allowed us to reduce even the admin team's permissions significantly. Now, they typically lack access to most things, but the system elevates their privileges just in time for them to complete specific tasks and then demotes them again afterward. This least-privilege approach has been fantastic, and the built-in integration across the entire Microsoft stack is a major advantage. It saves us the hassle of purchasing and integrating a separate solution – it's simply there and works seamlessly.

Implementing least privilege access through Endpoint Privilege Management has significantly improved our organization's attack surface. For example, our Microsoft Secure Score was around 60 percent before adopting the solution, and it's now up to 98 percent. This reduction in the attack surface has also enabled us to implement various remediation measures and establish context-based security. For instance, even if users enter the correct password and complete two-factor authentication, we can require additional authentication if they log in from an unfamiliar location, such as a new country or state. This multi-layered approach provides us with an enhanced sense of security.

Intune has helped reduce the risk of security breaches in our organization.

We had another deployment solution for Apple iOS and Mac devices. Additionally, we also managed a few Linux boxes with an unsupported management architecture. We were able to migrate all of those devices to Intune.

Intune has helped consolidate vendors. 

The integration with macOS and mobile devices specifically iOS, iPhones, and iPads was challenging in the past, requiring separate solutions and manual processes. Fortunately, now everything is streamlined into a single, unified platform.

I would like some integration with the Microsoft reporting platform Power BI.

I have been using Microsoft Intune for five years.

Microsoft Intune is stable.

The scalability is good.

We used System Center Configuration Management, and we did it all on-prem. When Covid hit we switched to Intune.

Microsoft documentation has traditionally been criticized for its complexity and search difficulty. While some improvements have been made, many users still rely on online forums and YouTube videos for basic setup and troubleshooting. As a result, the onboarding experience can feel less polished compared to competitors like Malwarebytes, which offer more hand-holding during installation and configuration. Unfortunately, navigating Microsoft products often requires independent research and trial and error, which can be a barrier for new users.

Consolidating vendors has lowered our licensing costs. However, some features included in Microsoft's Intune might be 50 percent more expensive if purchased separately from another vendor. Specifically, if we consider upgrading Azure Active Directory or Entra to the P2 level, adding Intune capabilities, and acquiring the full Intune suite, Microsoft offers a significantly lower per-user cost compared to external vendors. With Microsoft, it's just a couple of dollars per user, while external vendors typically charge $10-$14 per user for similar functionality.

I would rate the price a four out of ten with ten being the most expensive.

We evaluated several options, primarily security solutions like Malwarebytes and Sophos, which offer remote management capabilities. Ultimately, we opted for Intune.

This is a case where remote management was initially implemented as an afterthought, primarily driven by anti-phishing and anti-malware threat response needs. Subsequently, it became the sole platform for endpoint management, despite limitations in its functionality and granularity compared to solutions like Intune.

I rate Microsoft Intune an eight out of ten.

I'm conflicted about consolidating our vendors. On the one hand, it would simplify things considerably, which is appealing. However, I worry about relying solely on one supplier, preferring a layered approach with multiple vendors. Ideally, we'd maintain a multi-vendor setup, but the current complexity makes it challenging. There are currently vulnerabilities related to Microsoft's primary factor authentication, including several unpatched zero-day exploits. These represent ongoing security concerns.

It's crucial for our organization that the Intune suite integrates seamlessly with Microsoft 365 and Microsoft Security, both for cloud-based and co-managed devices. This is especially important considering the recent trend of moving data back on-premises. We believe a hybrid environment offers the best of both worlds, but many tools are cloud-only, making them incompatible with our on-premises servers or unable to manage them effectively. Thankfully, the Intune suite has addressed this gap, providing us with much-needed flexibility and functionality.

Public Cloud

Microsoft Azure