Microsoft Intune Reviews

Around 90 percent of our platforms are in the cloud, and our company uses them to manage access to various platforms. In our company, what we used to do when we were on an on-premises setup was to use group policy to basically manage access and authorizations to various services, which can be quite challenging because not everything you want to do on GPO even though it is available in it. You can use or manage VBScript and PowerShell, but it was a bit challenging. With Microsoft Intune, you already have specific processes and platforms that have several things you can do with it in terms of security and in terms of making everything standardized, sort of a standard desktop, or even a customized one based on the user's job title, ranging from executive management to basic back-end staff. Microsoft Intune allows you to customize everything, like security, the availability of some features, and even updating particular systems or where and which system can access which service from a geographical location, which we couldn't do with GPO. Microsoft Intune allows us to be very flexible.

Applications have a feature that allows you to deploy applications remotely to different systems. They can be Windows-built, some business applications, small scripts, or even custom applications. The tool can even deploy fixes, and it has been one of the features we use quite frequently to troubleshoot and fix issues.

The tool brings all of our company's endpoint and security management tools into one place.

Speaking about the impact of Microsoft Intune on our company's IT and security operations, I would say that the tool has done a good job in terms of centralized management, but there is still a lot it can do. Microsoft Intune is just a mobile device management platform. It doesn't really implement security, specifically in terms of endpoint security for ransomware and other attacks, so our company has to supplement with other solutions.

If I assess Intune's user experience, I would say it is perfect and simple. In general, the tool is very easy to use. Every feature or domain, ranging from compliance to security to DLP, integrates very well with Microsoft's other modules.

I am using certain aspects of Microsoft Intune Suite, which involves the new collection of advanced endpoint management and security tools.

If I assess Microsoft Intune for securing hybrid work and protecting the company data and the data on my own devices, I would say that it works very well in handling BYOD cases. For all the corporate business apps, you can't share data outside Microsoft Intune or the enrolled devices. It has to go through all the approved suites of Microsoft Project and then into OneDrive so that we can tell where that information passed, making it basically a DLP type of thing. You can't copy and paste anything into an external product since it must be within Microsoft's suite. The tool really helped our company keep certain information confidential within Microsoft Office Suite, and it doesn't go outside, which is helpful.

I use Intune's Endpoint Privilege Management feature in Microsoft Intune. Speaking about how Intune's Endpoint Privilege Management enables our company to enforce the least privileged access that affects user productivity in our organization, I would say that all our users are at the basic level. Depending on the function users need to do, privileged access might be required, and we can basically elevate them to do it, and then we don't have to do anything beyond that.

In terms of how important it is in the context of our company's journey to the cloud that the capabilities of the Intune Suite are integrated with Microsoft 365 and Microsoft Security for both cloud and co-managed devices, I would say that the integration part is the key since it has to follow everybody, whether they work on the company's premises or remotely with Microsoft Intune.

Improvements can be made by allowing server integrations since it is an area where the product currently has shortcomings. Currently, it is just endpoints, Windows, and mobile devices, but we would like to see the servers integrated into the tool as well so that the product covers everything.

The product currently lacks any features. For most of what we can't do with the features available in Microsoft Intune, we use PowerShell to address such areas.

I have been using Microsoft Intune for ten years. I work with one of the past versions of the tool.

My company hasn't faced any stability issues associated with the product since its deployment.

It scales up pretty much with ease. It reduces the work on the admin side. It is a very scalable tool.

With Microsoft Intune, my company covers more than 250 devices. I would probably say that it goes up to 300 devices. My company also has many remote staff members.

I have provided technical support for the solution once or twice, but all the information regarding the fixes is mentioned on the internet. I rate the technical support a ten out of ten. In my company, we haven't had any challenging situations that required a prolonged fixing process, and it was usually done in a day or two, within which it used to get resolved.

Positive

Before Microsoft Intune, I used a different solution for enterprise mobility management named VMware AirWatch. My company started using Microsoft Intune since it was bundled with the other services offered under Microsoft. I think my company moved to a new plan with Microsoft, and Microsoft Intune was present in it with Microsoft Enterprise Mobility + Security (EMS). My company thought about why we should pay for another service when we already have one.

VMware integrated with Microsoft like a connector, but every time there is a change or an upgrade to Microsoft's platform, it sort of disrupts VMware. My company then figured out that the closer we are to Microsoft's platforms, the better, which in turn helps us consolidate vendors.

My company involves two types of judgments to determine whether or not the consolidation of vendors my company deals with has affected our security posture. We have a Gartner evaluation, and we are trying to see if our current vendor is at least in the leadership quadrant. After that, we go for their products. Even if a tool is not at the top, it is a win-win situation for us as long as it is there. Gartner has been important in helping our company decide which vendor to consolidate products and services on.

The consolidation of affected vendors has not reduced our company's licensing costs. We recently discovered that Microsoft is basically unbundling several parts of its products. People can now choose Microsoft's models, but you cannot choose what you want as an add-on. In such a phase, we are going to have to compare apples with apples. If Microsoft unbundles Purview, for instance, we have to look for a similar DLP and compare it in terms of price and performance.

I was involved in the tool's initial setup process. Initially, my company faced some complexities with the product's initial setup phase, especially in terms of how to deploy it remotely. We basically had to have every device in front of us physically to do the deployment.

Considering that the deployment phase was an ongoing process, it took three months to be completed.

The product's deployment phase was carried out with the help of our in-house team with the help of the information in the tool's manuals.

The solution was deployed with the help of three people in our company.

From a cost-saving perspective, my company has no information associated with the tool. When we get the budget approved in our company, there is an additional buffer, causing us to have more of an overcapacity scenario rather than an undercapacity one.

My organization is still in the process of discovering several of the overall benefits that we have experienced from the use of the product. My company keeps discovering new features when we use Microsoft Intune's capabilities.

My company has not done any evaluations to figure out whether the product could generate any return on investment. It is something we should do in the future.

In my personal opinion, the product does offer value for money since it offers good security.

It is not difficult to maintain the product. Once the configurations are set at a basic level, the tool just keeps modifying itself and keeps on improving.

In terms of the product price and licensing costs, my company finds the product to be reasonably priced. As long as our budget is approved for it, everything is fine with the pricing part.

My company did not evaluate any other options against Microsoft Intune.

I am not using the enterprise application management features of Microsoft Intune Suite. For applications management, we are basically doing SaaS for most of our applications, so they are on the cloud. The least we do in our company is MFA or two-factor authentication and single sign-on into the enterprise applications, but they are basically on Amazon AWS or SAP.

I am not using the advanced endpoint analytics in the tool.

My company doesn't use Microsoft Copilot in Intune. I would say that my company is waiting for Microsoft Copilot to reach an advanced stage. When I say advanced stage, it means handling business cases that apply to our company's type of business. What we have seen in our company is that in areas like customer relationships and retail banking solutions, Microsoft Copilot works. With Microsoft Copilot, our company hasn't seen any business case related to our work. Microsoft Copilot is mostly for chatbots in CRM and other things, but that is not what my company wants. My company is waiting and hoping that we will see advanced features in Microsoft Copilot by next year. I am working with the basic capabilities of Microsoft Intune.

Intune's Endpoint Privilege Management's least privileged access doesn't affect our organization's attack surface since it is handled by a different platform named Symantec.

My company has not measured if Microsoft Intune has affected IT productivity in our organization, but I believe that it is something that we should do.

I would suggest those planning to implement Microsoft Intune in their company start with a pilot group and implement every aspect they want to implement with that group across different devices, ranging from Androids, iOS, Google, and everything else. In my company, when we did encryption, we found that Android already has an encryption feature, which is basically for Android, so we couldn't turn on the encryption feature. If we did turn on the encryption feature, we would lose information because it was already encrypted by Android.

I rate the tool a ten out of ten.

We use the product to enroll devices, install configurations, and manage apps across our infrastructure. We address issues related to app protection policies, conditional access, and custom policies with its help.

The solution has significantly improved managing a diverse range of devices. We have observed enhancements across Android, iOS, and Windows devices.

One of the product's best features is its ability to integrate company policies and configurations into applications directly.

There could be more competent processes and improvements in the policy space. If devices follow the rules, it will benefit the company. If they do not, it will lead to non-compliance. We have been able to implement some common policies, such as data sharing, handling rooted devices, and managing cyber-available data. We are working on latency and permissions, including PIN tests and direct access to information, to enhance the overall process.

I have four years of experience working with Microsoft Intune.

The product is stable. I rate the stability a ten.

I rate the platform scalability a ten.

The technical support services are satisfactory. 

Positive

The product can be deployed on the cloud or on-premises. 

First, we access the Azure portal by browsing the URL and searching for Intune. Later, we can directly log in to the endpoint management section.

We create and assign licenses to use these tools and then provide users with instructions. Users have to download the company portal and follow the setup steps, which include entering necessary personal information, accepting terms, and managing settings.

Next, we handle the installation process within the company. We need to trust the application by selecting the appropriate option. If applicable, we enable settings on mobile devices. Following that, users must log in and configure settings as required. These options and settings are available through the company portal. The process is straightforward, and it doesn't require maintenance.

The product has helped save money. I would estimate that it has saved around 20% of the investment.

The product is expensive. 

Microsoft Intune provides everything in one place and streamlines our security operations significantly. It has impacted IT productivity across different devices, including Android, AWS, and Windows.

We use application management within Intune Suite. For instance, on Windows devices, we create and manage applications through a structured process. It involves configuring firewall settings, managing OS types, and ensuring that PC applications are updated regularly. We typically make monthly changes and create and manage application packages to maintain quality and compliance.

Copilot has simplified our operations by streamlining the issue management process. For instance, we can efficiently address and resolve issues when we receive tickets. It assists with authentication and other Intune-related tasks, which helps us handle hardware-related issues more effectively.

Intune helps secure hybrid work environments by managing both company-owned and bring-your-own devices. You can enforce policies to convert personal devices into compliant company devices, ensuring that data is protected regardless of whether the device is company-owned or personal.

Endpoint privilege management is integrated into our endpoint management system. It helps us manage and control permissions for various applications and endpoints. It allows us to enforce least-privileged access, which helps minimize security risks. I use it in my organization to enforce the least privileged access. It involves managing access through various channels and ensuring users sign in and complete necessary audits. The process is designed to act as a mediator.

I recommend it to other users and rate it a ten.

We use it to a small extent for approximately 1,100 devices. The biggest portion of it is used in the Aviation department, which is one of our departments. They have invested heavily in some customized software that they've developed in-house. It is put on the devices, and the devices are primarily used by field staff. It's basically a mixture of work order assignment and work order management, as well as record keeping. For example, I could have a technician who is assigned to go and do a preventive maintenance inspection on an HVAC component in one of the terminals. That request or work order is submitted to his device. When he gets there, he scans barcodes for the room he is in and for the piece of equipment that he is working on. So, they track their actual work order, work order status, workloads, and equipment life cycle, and that's all done through Intune.

It helps us in securing devices. It has eliminated a lot of paperwork. It has simplified record-keeping and maintenance of equipment, life cycle management, staff workload, work hours, et cetera. That's the biggest impact on us, and that's also where most of the devices are used.

Its security is most valuable. It gives us a way to secure devices, not only those that are steady. We do have a few tablets and other devices, and it is a way for us to secure these devices and manage them. We know they're out there and what's their status. We can manage their life cycle and verify that they're updated properly.

It doesn't economize when you scale up. We have over 14,000 employees, and we have between 7,500 and 8,000 city-owned or personal devices being used to conduct city business. Its price can be improved. It is not a cheap solution.

It has been years since it was implemented.

Its stability has been fine. We've had no issues at all.

I don't see any issues with it. We currently have only about 1,100 users and licenses for the Intune product. The largest portion or over 50% of usage is by our Aviation department for tracking and managing their work order, workload,  equipment life cycle, etc. Other users are scattered in small numbers throughout a number of departments. 

Our Parts department also uses it. One thing that's a little bit unique is that they also have these assigned to temporary workers. So, we provide the licenses for a number of temporary workers for the summer or for the winter, and then we take them back and reassign them to somebody else. 

The other departments mostly use it for educational or small use cases where they think this will be a good fit, and it is the product that is available to them. I've heard nothing bad about it, and I have no problem at all with Intune.

In terms of future growth, we're currently looking at another product, but that doesn't mean we're going to go with that other product. We're working with a vendor on another solution, and that vendor also has a mobile device management product, but we're not yet ready to go there.

I've no direct input on it. Right now, we're on unified support, but we've always had their premier support. If we ever have a problem with any of our Microsoft products, including Intune, we do have a way to reach out and get additional assistance.

I'm not aware of any other solution being used. I know there were one or possibly two failed mobile device management project implementations. I was not a member of the department then, so I don't know the details. I only know that both of the deployments failed. In other words, either the vendor promises were not met, or we found a function that was supposed to exist but did not exist. 

It was pretty straightforward. It was not a very long, complex, and involved process. It was fairly easy to set up.

It was done in-house. For its maintenance, we have no one dedicated to it. Our client computing side takes care of that.

I've never tried to quantify an ROI for the program. We have just a small number of devices. At some point, we will look at implementing large-scale mobile device management, and that'll be a different case where we may look at Intune, Workspace ONE, or another product.

It is not a cheap solution. The price for a device when you start using it at a large scale can be improved.

It is covered under our enterprise agreement. We pay once a year. I am not aware of any additional costs.

It meets the basic security needs and management needs for most organizations. It allows you to monitor the security of devices and manage those devices if they're organization-owned. It is fairly easy and straightforward to manage. It is not difficult. Some of the other solutions are a little bit more difficult.

I would rate it an eight out of 10. It meets all the basic needs that most organizations will have for device management and device security. I am not sure if it can provide the required level of security for different business scenarios that require additional security, which means you'd have to run two systems in tandem.

Nowadays, we've seen more evolution towards Autopilot for Windows 10 and then in a hybrid or cloud-only setup. After the Windows devices, we use it with Android, the most frequent mobile, and then iOS. I have five or six projects regarding Microsoft.

It helps deal with conflicting policies. We do a lot of graph API calls toward Microsoft for reporting, et cetera. 

It simplifies the work of the IT admins in a company if you set it up right. The setup will take some time, obviously. However, if you set it up right, it will simplify the management of your endpoints. The enterprise app management is great. With Intune, you can shorten the time needed for handling the necessary updates so that there are no vulnerabilities on the applications or on the operating system side of things.

The Intune suite offers a lot of features. 

The AutoPilot feature is helpful.

Endpoint privilege management is very good. You can bring your own device setup. You can use it in combination with conditional access policies for encryption.

Migration from on-prem to cloud is good.

The settings catalog and configuration profiles are also very, very useful.

Intunes brings all of our endpoint and security management tools into one place. This is a good thing. We now have one portal to check instead of dozens. I'm really happy with that.

The overall user experience is quite nice. I have no complaints from end users regarding their devices enrolled in Intune.

We've used Copilot. We have nothing to complain about, however, it is very expensive. With Copilot, we summarized a few of our policies and devices, which were great. We check the properties of the devices, hardware, of the devices, and so on. Mostly, we played around with the summaries of the policies, however, we switched it off since it was running for a couple of days, and it was a few hundred euros for those few days. 

Witnessing the benefits of Intune happen quickly. Clients usually begin to see benefits after the kickoff meeting. Intune is an ongoing development product. It helps both greenfield and existing setups. It's not static. We'll work with policies and versioning, and after every quarter, we'll review our policies and update where necessary. If clients used Intune managed services, they get policy updates included in the managed service. 

Intune is good for securing hybrid work and protecting data of the company while bringing our own devices. We use device framework policies from Microsoft themselves with some minor adjustments. They have level one, level two, and level three policies. You can just fix the settings of their site, and that's also what we use. Then we just tweak and bring in our own experiences. 

The endpoint privileged management enables users to enforce privileged access and can positively affect user productivity. In in small environments, the end users are, in 99% of the cases, also local admins on their devices, which is obviously not good. In bigger environments, we get into that less often as it's more of an organized thing. That said, in small environments, everybody is a local admin and that brings certain risks with it. So users can install and download everything they want. With endpoint privilege management, we can set rules for specific applications, and then, a user can ask for approval to run a certain application, which is very good. 

Intune positively affects overall IT productivity in organizations. If users need to install it on a device that they need in their workday or day-to-day business, they can just grab it themselves from the company portal app. They do not have to wait. They do not have to enter a support ticket that goes to the help desk to request a certain type of software. They can do it themselves, so they save a lot of time.

Intune, when applied on the cloud, can save on costs. With the cloud, there's no on-prem infrastructure that needs service, electricity, space, or cooling, for example. 

There are a lot of features that need to be released. There is no copy-paste or fie transfer. There's more work to do. They don't live up to my expectations anymore. Microsoft has a history of releasing features that are not completely finished. 

Remote help needs to be better.

Reporting needs improvement. It's still lacking. The built-in reporting is pretty basic. In managed services, we have a lot more reporting. However, we had to develop it ourselves.

I've used the solution since the product launched, about 15 years ago. 

The solution is fairly stable. I cannot recall the last time that there was a health issue reported on the Microsoft side regarding Intune.

The scalability is perfect. I've had no issues with scaling. 

The communication between us and Microsft is good. They do come back with insights on what's to come. When it coms to support, if you are lucky, you will get a good tech that can help. The knowledge of some techs are insufficient. They may ask basic questions that are not relevant to the issue. You spend a lot of time re-answering questions you may have already addressed in the original ticket.

Neutral

I did not use a different solution previously. 

I've been in touch with MobileIron and AirWatch, however, that's very, very basic.

I work with both on-cloud and on-prem versions of the solution. 

The initial deployment is very simple and straightforward. I've been doing it for 15 years, so I understand the process. When people are new to Intune, there may be some complexity. There are many things that need to be considered. The learning curve can be steep. 

There is support from Intune for maintenance, like when an application fails to install. 

I tend to implement the solution myself. 

Some people have Microsoft 365 with a security add-on, and Intune is integrated. 

Copilot is expensive as an add-on.

It's a rather expensive solution, especially if you want to use all the bells and whistles. 

I've been involved with the solution as a customer, integrator, reseller and consultant. I'm a freelancer as well and use it myself. I'm selling licenses and doing greenfield setups for different customers. 

We've not yet used all aspects of Intune suite, which is a new collection of advanced endpoint management and security tools. We have demoed it, and we are showing it in workshops. However, we do not have it in a live environment. A lot of customers are hesitating to buy the Intune suite due to the price. Some users may be paying fifty euros per user per month and then would need to add another 10 euros for the Intune suite, and that's a big step since that would be a fifth of the license that they're already paying. 

It's helpful that Intune is integrated with 365. It's important that everything is integrated together so that the Microsoft ecosystem becomes seamless. 

I'd rate the solution 8 out of 10 overall. 

It's a fund product. The possibilities are almost endless. It will make your life easier. 

We use Intune to deploy and manage applications to devices based on our client requirements and needs. We handle a lot of use cases, especially with regard to Microsoft Edge. Recently, we have deployed BitLocker and Docker encryption using Intune. We utilize Intune to patch and onboard Defender and Core Endpoint. We apply Intune to laptops, mobiles, and tablets, including iOS and Android.

Intune has automated the deployment of patches and applications, which is more efficient and easier. It allows us to deploy applications, packages, Windows updates, and security updates like BitLocker encryption more efficiently and easily.

The most valuable feature currently is the BitLocker encryption. Most clients in the Philippines are moving to BitLocker encryption via Intune, transitioning from any existing third-party encryption tools they may have.

The most significant challenge is reporting and monitoring. The reporting accuracy for deploying applications and all aspects of Intune needs to be improved. Intune is less admin-friendly than SCCM and WSUS systems. In WSUS and SCCM, you can classify the updates you want to deploy to the endpoints, whereas Intune only has quality updates, definition updates, etc. I rate the admin experience seven out of 10. It's not terrible, but there is room for improvement. 

We've used Microsoft Intune for nearly 10 years now.

I rate Intune eight out of 10 for scalability.

I rate Microsoft support eight out of 10. Microsoft's engineers provide varied approaches and knowledge about the product.

Positive

We are resellers, consultants, and they often refer to us as implementers. We handle the solution and technical support.

I can rate Microsoft Intune eight out of 10.

Intune is a cloud-based platform for mobile application management and mobile device management. We can deploy applications on user devices and enroll user devices. We can enroll devices as per the organization's security policies. The devices comply with all the policies of the organization. We can also change the policies at the backend via Intune.

Intune helps with enrollments and securities. We can control the access to devices and users. We can specify what users can do. We can give role-based access. For example, a person working as a normal user does not require the same access as a manager. We can give access to users based on their roles. For example, a manager can add users to a particular group, but users cannot do that. We can restrict a user from doing certain activities. For example, we can restrict the user from using a camera or microphone. We can do such a configuration at the backend and deploy it to the user device.

Intune is very helpful for IT and security operations. If Intune is not there, we have to manually connect to user devices and deploy the changes. If we have thousands of devices, doing this manually on each and every device is very difficult. With Intune, we just configure the required settings and deploy them to a thousand devices in a single group. In a single step, we can add devices to a group. We can apply configuration easily. It is very helpful. It saves time. Adding or configuring devices manually takes a few months, whereas the same thing can be done with Intune within minutes.

We have had a very good experience. It is a Microsoft product. Everything related to a user is available. We have user names, user devices' names, and user licenses. We can also check the device compliance. We can see whether the device complies with the company policies or not.

Application updates and patching are available through Intune. We can also change group policy settings and registry settings of a device via Intune. We can change these settings without connecting the device. We can do that by deploying the PowerShell script or configuration profiles. For example, a kiosk device should stay up for hours and hours. It should not go to sleep. You can configure such devices to not go to sleep until 999 minutes. It is a very long time. If we enable such settings and add a particular user device group in the configuration, after the device starts syncing with the policy, no device will go to sleep.

With the Advanced Endpoint Analytics, we can see the application installation status. If we deploy a script to the user, we can see the status. We can see if it is a success or if there is a conflict. We can monitor the changes in user devices and check the compliance status. We can see if any app such as CrowdStrike is not updated.

With the help of Advanced Endpoint Analytics, we can proactively detect and remediate anomalies in endpoints. We can then reach out to users.

Intune saves us a lot of time. If we package an application using virtual packaging or physical packaging, it will take nearly two to three hours to package a single application. If we do this in Intune, it takes just minutes to add applications and deploy users. We can also monitor the particular application status in Intune.

The devices that are linked with Azure Active Directory are automatically linked with Intune. That makes the enrollment and management of BYO devices easy.

Intune has affected IT productivity in our organization. By saving time, it has automatically improved productivity.

Intune certainly saves costs. Without a cloud-based solution like Intune, we would require more IT staff.

Microsoft releases updates every second Tuesday. We can deploy those updates from Intune. We can also do patching through Intune. We can do quality updates and feature updates from Intune. We can also monitor the application status in Intune. We can see which applications are installed, pending, or available to install. We can see these things in Intune.

It is user-friendly. We can also troubleshoot any issues.

Intune saves time, and it is very easy to use. It allows us to manage applications completely.

If we could remote into a device, it would be great. Currently, we cannot directly connect to the user device. We have to use other tools such as VMware for connecting to devices.

If there are any issues, we should be able to connect through the Intune portal. The administrator should not have to go anywhere from the portal. He should be able to do everything from the portal.

Intune does not show whether a device is online or offline. It just shows the last login. It would be useful to know whether a device is online or offline.

We can see the issue related to updates in the Intune portal, but we cannot do anything from the Intune end. We have to connect to the user's device manually. We also need a better understanding of why the update is not happening on a particular device. It will decrease the time to troubleshoot the issues.

At times, there have been slowness issues with the company portal. It takes time to load and does not show the application status.

It would be great if there is a way to generate a PowerShell script to do certain things. Learning the PowerShell script is not easy, so such a feature would be helpful. Based on what we want, if it can automatically generate a script, it would be helpful.

It is not necessary, but it would be great if they added a messaging system in Intune. For example, when it is a shared device, a number of users log in to the device. In the case of any issue, it would be great to be able to directly message a user from Intune. Currently, there is no option for that, but if it could be done, it would be a very good thing.

I have been working with this solution for the last 18 months.

It is 100% stable.

It is very scalable.

We have about 12,000 devices and 20,000 users.

So far, I have not raised any questions with them.

I have worked with Microsoft SCCM. It is similar to Intune but not as user-friendly as Intune. Intune is very easy to understand. Its framework is very good. Microsoft SCCM is very old.

I have not worked with any other vendor. 

I am involved in the deployments, enrollments, troubleshooting errors, and monitoring in Intune. I take care of adding devices, users, and licenses, deploying policies, and configuring policies and scripts.

Its deployment does not require much. We just need a license to operate it. Our management takes care of that. There are a few licenses that are active only for nine hours. After nine hours, the roles are deactivated.

It does not require any maintenance from our end.

Intune is linked with Microsoft. We can deploy the Microsoft E365 license to users by Intune. There are different types of licenses, such as device administrator licenses, E5 licenses for device enrollment manually, and P1 and p2 licenses for device enrollment automatically. These are the licenses required for the administration.

I did not evaluate any other option. This was my first project, and I started as an Intune administrator.

It is a very good tool. It is easy to learn. You can expect quick assistance from Intune.

Before using Intune, I would recommend learning about Windows. Learn about the registry, configurations, and group policies. If you know these, it is easy to learn Intune.

You can face enrollment errors if the prerequisites are not met. For example, to upgrade from Windows 10 to Windows 11, you need to have some amount of free space or RAM. If you do not care about the prerequisites and just enroll the device, it causes issues. It will affect the device, and you need to enroll the device again.

I would rate Intune a nine out of ten.

I was using Intune with a customer. I had a long-term contract with a mining company, and then I moved to another organization. I am now in a different company. They all are large organizations. They are moving to the cloud, and Intune is one of the tools they are going to utilize.

In my previous job, Intune was being used for the cloud environment. We migrated fully from on-premises SCCM to cloud-only managed. We were utilizing all the benefits of Intune for cloud management, such as Windows updates, encryption, configuration, replacement of GPOs, etc. Moving away from the SCCM to Intune was a part of my previous job.

It is a modern tool. It is a cloud-based or software-as-a-service tool that gives you centralized management at one location. You have good dashboards. You have pretty much everything at a single location. You can manage different settings in one place. It is about manageability. It also gives you access from any place. It is a cloud solution, so as long as you have connectivity, you can do pretty much everything.

Intune brings all of the endpoint and security management tools into one place, but it is a lengthy process because I have been working for large organizations. They have been heavily dependent on on-premise services for years or decades, so the transition always takes time, but it is pretty successful. It is a good tool, but in security, there are dependencies, so it takes time for the transition to be successful. We have been using different security baselines and CIS or NAS methodology. It is a difficult process. Especially when you do GPO migration, not all settings are yet directly supported in Intune. Sometimes, you have to do a bit of workaround, power shell settings, and registry settings. It is tricky, but it is a key area for a successful transition.

Intune does not yet provide full endpoint visibility and IT control across device platforms. There is still a significant gap between all the systems we used on-premise and Intune. It is probably going to take time for Microsoft to fill the gap. Sometimes, you have to use third-party products, and sometimes, you have to use workarounds. It is a tricky one, but Microsoft is moving in the right direction, slowly but surely.

In terms of user experience, users do not use Intune. From the user perspective, it is about the performance and the impact, and there are some analytical tools to measure performance, reliability, etc. The built-in reporting is pretty good.

Intune affects IT productivity. From the IT operations perspective, things are much more simplified. The transition also enforces some cleanups, optimization, etc. It is definitely a great improvement for the IT organization.

Intune itself has probably not reduced the risk of security breaches, but there are many add-ons. There are many security products from Microsoft that integrate with Intune and Azure. Its reporting is great. By having the right knowledge and the right understanding, you can utilize this. There are some security baselines that you can utilize in Intune, which are coming out of the box. Microsoft is providing its own products for security, and this is probably an area we should explore.

Intune helps to save costs. As a part of the transition from on-premises to Intune, you can decommission your legacy infrastructure such as SCCM and domain controllers.

Intune has helped to consolidate vendors. It is one product, and Microsoft is trying to fill all the gaps with the add-ons. Microsoft is constantly adding functionality pretty much on a monthly basis. Utilizing a single vendor or single tool set is always good. This consolidation affects the licensing costs. When you have a single vendor, you have more options for contract negotiation, license discounts, etc.

It is very important that the capabilities of the Intune Suite are integrated with Microsoft 365 and Microsoft Security for both cloud and co-managed devices. You have a single pane and the same toolset. It is always good to utilize a single product.

It is a modern desktop management tool. It is a replacement for SCCM and GPOs. When organizations are moving away from the AD to Azure AD, especially for devices, it is very useful. It is helpful for managing devices anytime and any place without requiring dependency on the local networks.

There is still a gap between SCCM and Intune, especially in the reporting, inventory, and software deployment areas. For people using SCCM, Intune seems to be very simple. It is a good thing, but sometimes, it is a bad thing. There is a significant gap, especially for large organizations in terms of functionality. Microsoft still has a lot to do.

I have been working with Intune for about 5 years. I am an endpoint management specialist. I am using it pretty much daily.

I would rate it an 8 out of 10 for stability. It is still under development, so there are issues. Sometimes, settings are not consistently applied everywhere, so they give unexpected results. It is probably because of the learning curve and also the ongoing development. Sometimes, there are bugs or some mistakes. It is a cloud environment, and sometimes, some settings are not applied. It is a matter of time. It will get fixed.

It is very scalable. It is practically unlimited.

I have been working with companies with different numbers of users and devices. In one company, there were 40,000 devices, and in another one, there were 300,000. The number of users is more than the number of devices because the companies I have been working with have different shifts, so they are sharing devices. That is why there are more users than devices. The average is 35,000.

The first and the second lines of support are quite poor. They redirect end users to publicly available documentation, which is not very useful because usually, the first thing you do is to check what is available publicly before you raise the ticket. Their support is not very good. I would rate their support a 6 out of 10.

Neutral

I have been mostly using SCCM. The move to Intune was a part of the cloud transition. Most companies are moving not only the MDM solution but all kinds of services to the cloud. Intune is just one of them. It covers one of the areas.

Its deployment and maintenance are easy. I would rate it a 9 out of 10 for both. It is generally deployed on a public cloud.

The number of people required for maintenance depends on the size of the organization. One person is never good enough because you need to consider various time zones, people going on leave, etc. 

Intune comes with the licensing that is common for large organizations. However, Microsoft has recently released many add-ons that are very expensive, especially for large organizations or corporations. They are not very happy. They are not willing to buy them. That is the problem. Microsoft should probably work on the strategy for pricing for the add-ons.

They probably did not evaluate other options. A lot of organizations are trying to use one vendor, and they have been using Microsoft for a long time. Intune seems to be the most complete as compared to others. I have been doing some research recently for a company, and I have been going through some Gartner reports. Intune is clearly number one in this area.

To those evaluating this solution, I would advise to be aware of the fact that this is a product that is still being developed. There are many features that are not available yet, especially as compared to a product like SCCM which has been on the market for many years. Do not expect everything to be available straight away. 

I have not used Intune much for BYO devices. The companies I have been working with do not allow that. They either provide their own hardware, such as laptops or desktops, or virtual desktops such as cloud PCs. They either have Azure virtual desktop or Windows 365, so I do not have much experience with BYO devices.

I have also not used Intune's Endpoint Privilege Management feature. It is probably a new functionality that is not free. For large organizations, it is a significant cost, so they are reluctant to go in this direction. They might use it in the future.

Because of its scalability and future-proofing, I would rate Intune a nine out of ten.

The solution is deployed on cloud. I'm part of the support team. There's another server team that works closely with Microsoft. They purchased an old 365 license, and Intune was one of the included features. We wanted to take advantage of the feature because it was part of the package. That's why our top management decided to save some costs by making use of Intune and not using AirWatch anymore.

We are enrolling through the Intune company portal, and then we are using the Outlook app to configure the email addresses of the company.

We are using the mobile feature, and we are also using MDM to lock the devices, to push restrictions, et cetera. Compared with AirWatch, I think it's easier to manage the devices and the profiles in AirWatch. Intune has a lot of options, but I've only been playing around with it for a few months.

In the past, I raised some tickets for the enhancement feature, which was missing in Intune. It can take a long time for these features to appear, or maybe they will just never happen.

There are certain things that I'm trying to replicate from AirWatch, and it's not possible.

In AirWatch, we have a launcher, which is like a container. You can choose single-app mode or multi-app mode. But in Intune, for example, you need to factory reset the device and then apply the MDM. If we choose multi-app mode, which is the kiosk multi-app mode in Intune, I cannot lock the application on the screen. For example, in the set mode, you have the option to set the leave Kiosk password. You can exit the kiosk. But if you choose Intune multi-app mode, you don't have this leave kiosk option. For us, it's very useful.

If you have this leave kiosk option in the multi-app, you should also have it in the single-app mode. We need this because we have an application that you run on a tablet in hotel rooms, and we want to lock the application in a single-app mode, but besides the application, we also need to have some background applications running, like we need to do some configurations in Knox from Samsung, and eFolder. 

We have three applications that we need to push, but the guests will only be able to see one. Because I don't have the option to leave the kiosk in the single-app mode, I cannot do any configuration in the background apps. We have one app we cannot migrate to Intune from AirWatch because of this issue. This applies to more than 2,000 devices.

I think we need the leave Kiosk option available for the Kiosk single-app mode, because we are stuck with at least 2,000 devices or more because we want to completely retire AirWatch, but we cannot until this feature is available. The applications that we are using in our hotel rooms are not compatible with Intune. My bosses are not really satisfied because we still have expenses with purchasing a license with AirWatch because Intune cannot really fulfill our requirements.

This option is already available in the multi-app mode. It should not be a new feature. This feature already exists. They just need to apply the single-app mode the same way they're applying the multi-app mode.

Compared with AirWatch, Intune is not very stable because I haven't had to deal with these issues. With AirWatch, I would try to fix something and I would need to fine tune the settings, et cetera. But once I fine-tune and push everything, it will run and be stable. With Intune, we are new with this product, but it took some time for me to create a profile and test the devices. It has been working for a few months, but then suddenly this weird issue happened. It affected all devices at once.

In the Outlook application, the scalability is good so far. But there are some differences between on-premises mailbox users and cloud users. For example, let's say I'm my boss's assistant and I'm able to view my boss's calendar on my Outlook desktop. Let's say I want to view a shared calendar on my Outlook app. For the cloud-use mailbox, I'm able to do this, but if I'm an on-premises mailbox user, this option is not available. Usually the cloud mailbox users have more options than on-premise users.

We have around 2,000 users enrolled in Intune so far, not counting the MDM device. That includes just email, the one that I have enrolled in the Outlook email app.

Our plan is to keep the solution because our primary solution for email mobile is now Intune because we are retiring AirWatch. We have already retired the email for AirWatch, and we are just using AirWatch for MDM devices. Of course, the plan is to keep increasing usage. If more users request email on their mobile, we are going to offer Intune.

Technical support is very responsive and helpful. There's another issue that I raised related to Adobe Acrobat. I'm not sure if it's a region issue, but I'm in Macau, and we also have some users in Manila, Hong Kong, and Cyprus. All of us are using the same profile. I make the Adobe Reader application available on the manage app store, but somehow the users in Macau, when they go to the manage play store, are not able to see Adobe Reader on the list. It's only happening in Macau.

I raised this issue. Support dragged the issue on for two months. Support said, "Because all the applications go through the Play store, maybe you need to reach out to Google." The issue was not really resolved because the issue might not be related to Microsoft but Google, et cetera. I just gave up.

Compared to AirWatch, I can upload APKs or I can just redirect the Play store link to push the apps. But in Intune for example, I'm forced to upload all the applications through the managed app store. To make it available is a different process, basically. There are some things that don't really stretch forward. 

If I upload a custom APK in the manage Play store and then I want to remove it, I cannot remove it myself. I need to send an email to Google and ask them to remove it. Then they will ask me to unpublish the app for 24 hours first. These are very simple things that I should be able to control myself, and it wastes a lot of time.

I think if you have the money and want something more stable, you should go for AirWatch. I don't think Microsoft is offering the same stability as VMware at this point. On other hand, I think the support from Microsoft is better, particularly the support in Asia. In VMware, all the support is from India, and sometimes I have a hard time with them.

Now that I'm starting to be familiar with the profiles, it's starting to get easier. A few weeks ago, there was a very odd issue that happened also related to MDM devices where we were using the manage home screen application to lock down the apps that we wanted to allow only the users to use, like the kiosk application.

We have configured the profile and have deployed to 200 or 300 devices. Some of our users called and said suddenly all the mobile devices were flashing. I don't know what happened, but it happened at the same time. The workaround that I had to do was to remove the manage home screen from the profile. Then all of the devices were kicked out and went back to the home screen of the devices. That was the only way they could resume the mobile devices. I don't know what happened, but something was wrong with the manage home screen app on that day because a few days after, I pushed back and everything resumed.

We have ROI because we are retiring AirWatch, so we're spending less and making the most of the free stuff.

The licensing is on a yearly basis.

I would rate this solution 7 out of 10.