We've experimented with and deployed Autopilot for building and deploying software through Intune, utilizing Intune policies to modify Azure AD joined systems, now referred to as Entra joined. This covers the entire scope of Intune that we've explored and implemented.
We are a consulting company with extensive experience in deploying Intune. We utilize Intune for hybrid join Entra machines. For clients who have the necessary licenses, while Intune is not a full-fledged Remote Monitoring and Management solution, it can serve as an effective replacement for RMM if you are a Managed Service Provider.
While more mature tools exist for securing hybrid work and protecting data on BYOD and company devices, Intune is a viable option for clients who want to leverage MDM with their Premium or E3 license, especially if cost is a major concern. Despite some challenges with Samsung Knox and iOS devices, Intune has shown improvement, and these issues are less frequent. As Microsoft doesn't have a native phone, limitations are inevitable.
The Mobile Device Management in Intune is a valuable feature.
Microsoft recently separated Defender into Security. Intune does not centralize all endpoint and security management tools into one place. It used to be more centralized.
The Microsoft support has been subpar for some time now. Troubleshooting issues often require us to involve a partner, which isn't an ideal or easily manageable solution given the challenges with Microsoft support. We need a reliable partner, but that partnership might still require Microsoft's assistance.
We've faced significant pushback with Copilot as our clients aren't seeing a favorable cost-benefit analysis. Many are opting for ChatGPT Enterprise instead of integrating Copilot into their workflows. We initially expected significant value from Copilot, but Microsoft's pricing is excessive, and the product itself is not exceptional. It remains quite rudimentary in its current state.
Microsoft should not rely on partners to fix issues. While users can open tickets with Microsoft, they often cannot resolve the problems themselves and must engage a partner. This is not an à la carte solution. Perhaps when Copilot eventually becomes available, it will address this. It's not Intune's fault, as it is used frequently.
I have been using Microsoft Intune for ten years.
The technical support is not good.
We tried numerous solutions prior to Intune, but Microsoft's inclusion of it within their licensing model incentivized us to adopt it. Since we were already paying for the license, it made sense to leverage its full potential and maximize our investment.
If you're subscribing to Premium or E3, there are no additional costs for Intune, it's included. However, with lower-tier plans, you don't get the full suite of security features. Depending on your specific licenses, you might have some level of Advanced Threat Protection, Endpoint Detection Response, or other Defender tools, but not the complete package. Generally, for around 300 users, you get decent protection with Defender for desktop and server – it's a good value. But with E5 licenses, you're at the enterprise level, and you get what you pay for, so expect add-ons. I don't think Microsoft would position Intune as a primary security product anymore, given their recent cloud changes and the focus on Defender. Intune is useful for patching, but it's not a comprehensive security solution in itself. That's why Microsoft has rebranded their security offerings under security.microsoft.com.
I rate Intune six out of ten.
Many of our clients with premium or E3 or above licenses use Intune because it's included in their Microsoft solution. They prefer to leverage a Microsoft product over a third-party alternative. Additionally, Intune allows us to maximize the value of our clients' existing licenses. Therefore, if a client has a premium license, has under 300 users, or is on E3 or above, there's no reason to use another solution when Intune is readily available.
Microsoft recently transitioned from Intune to Endpoint, then back to Intune. Additionally, they moved certain security aspects of Purview into a separate deployment, as is the case with their ATP Defender Suite. This shift signifies a move away from a single, unified management interface to a more distributed model.
We use the enterprise application management feature to roll out apps. While there are better tools available for app discovery, deployment, and automatic updating, Intune's inclusion in the Microsoft bundle keeps costs down. Although Intune may not be the ideal solution for automated application deployment or MDM, its integration with Microsoft licenses makes it a worthwhile option, especially with the expectation of future improvements from Microsoft.
We use the Advanced Endpoint Analytics but it is no longer in Intune. It's been moved over to the security portal for Defender.
The endpoint analytics feature, which helps proactively detect and remediate anomalies and endpoints, is now part of Microsoft Defender formerly known as Advanced Threat Protection. Gartner rates it very highly. To perform threat hunting, we need the appropriate licensing, such as a P2 Defender license. This functionality is not available within Intune. We are transitioning from the older Advanced Threat Protection to the newer Microsoft Defender platform. Previously, configuration was done through Intune, but now we manage it through the Microsoft security site.
My advice for any organization that is already paying for a Premium or above Microsoft license is to deploy Intune because it makes financial sense. Intune is not a bad tool but if they run into any issues, the Microsoft support is no good so they need to rely on a good partner to help resolve the issue.
Microsoft cannot fully replicate the functionality of a Remote Monitoring and Management tool. However, it could incorporate certain RMM features into its existing products or develop new tools that complement RMM solutions.
By implementing Intune, we are exposing aspects of our infrastructure to the cloud that traditionally would remain on-premises. This means relying heavily on Microsoft's infrastructure and security. As we saw a few years ago with the Department of Justice's issues, which were clearly Microsoft-related, placing all our trust in one provider can lead to potential problems. However, despite these concerns, we have not encountered any security issues with Intune to date. But at the end of the day, we are maximizing our license.
Intune deployment is straightforward if you're well-prepared, whether for a hybrid setup or a purely Azure-based one. Packaging new apps is generally well-documented, but troubleshooting can be trickier. There are helpful PowerShell scripts available, though they might not be easy to find.