Microsoft Intune Reviews

I enrolled devices with Microsoft Intune and applied policies and pushed applications. The main use cases for Microsoft Intune involve device management and policy implementation.

It excels at endpoint management and security. When managing a large number of devices in an organization, it becomes easy to handle them on one platform using Microsoft Intune. For security purposes, we can push many applications through Microsoft Intune to numerous devices in our organization, making it the best solution.

For organizations with numerous devices, Microsoft Intune's application management is beneficial because IT administrators don't need to push applications to devices individually. This makes the process easier, more time-efficient, and cost-effective.

Microsoft Intune is best for Windows devices and security in Office 365 and Microsoft-related enterprise environments. It's a nice platform for endpoint management.

Microsoft Intune lacks live location tracking capabilities. Improvements should be made in terms of MDM platforms for other devices. Microsoft Intune could be enhanced for better implementation across various device types.

I have been working with Microsoft Intune for two years.

I don't have detailed information about specific downtime or performance issues, but these issues can be there on any platform.

Microsoft Intune is a good platform for scalability. There were many challenges, but with experience, the scalability improved.

Microsoft support is good. However, compared to SOTI MobiControl, Microsoft Intune needs more efficient technical support. SOTI MobiControl's technical support is superior to Microsoft Intune's support.

Neutral

I have worked with SOTI MobiControl. The choice depends on customer requirements. If the customer's needs align with the capabilities of Intune, we choose that option. Conversely, if the requirements fit better with SOTI MobiControl, we go in that direction. Ultimately, it all depends on the customer's input. Intune is best suited for enterprises using a Microsoft environment, especially for Windows devices. However,  SOTI MobiControl is more appropriate for Android devices. While Intune can also support Android and iOS, it is particularly optimized for Windows. For iOS devices, both platforms offer similar capabilities due to platform-level restrictions that limit endpoint management solutions. Therefore, we evaluate each option based on the specific needs of the customer and their device ecosystem.

I primarily work with device enrollment and am not certain about the complete initial setup process of Microsoft Intune. Device enrollment is easy. I've worked with iOS, Android, and Windows as well.

With one user base license, we can use Intune for up to five devices. However, with SOTI MobiControl, each license is tied to a single device, meaning one license is dedicated to one device only.

I would rate Microsoft Intune a seven out of ten. I find SOTI MobiControl to be the best, which I would rate a ten out of ten.

It is being used for device management. We have a couple of clients using it at the moment. They have Windows, Android, and iPhone devices that are managed by it. We have another client with only three devices, but they are Windows SE devices with the cut-down version of Windows.

They are using the latest version because it is always kept up to date online.

Microsoft Intune pretty much brings all of our endpoint and security management tools into one place. I cannot think of the ones where it does not do what we need. Apple Mac management could be better. It makes IT and security operations much easier and much more convenient.

We use the Enterprise Application Management features of Intune Suite. That is what the data manager is set to. These features are good. So far, we have had no problems with that.

Implementing applications is easier than MaaS360. There are definitely time savings. It is a lot smoother and a lot more well-integrated with Azure AD, etc.

The integration with Microsoft 365 and Microsoft Security for both cloud and co-managed devices is very important. That is the key thing for us. Almost all of the clients have Microsoft Office 365. We have only two clients who use Google G Suite, so this whole integration is very important.

It has helped us consolidate vendors.

Its benefits can be realized within a couple of weeks. It is very good because it works. Conditional access and compliance work from anywhere, so it is very good.

For our clients, the conditional access feature along with different compliance policies that they can set is valuable.

All the remote tools you can use on the mobile are also valuable. Features such as passcode reset for the device lock are helpful, so you can set a code and get people back into the device.

The Apple Mac management is a bit basic. The mobile management is good for iPhone and iPad, but the Apple Mac management needs improvement. That is probably because Microsoft does not have low-level access to Apple Mac hardware. If you are doing basic things, it is okay, but if you want to image Apple Macs and do things like that, then Jamf is much better.

Their support needs to be improved.

I have been using this solution for about eight years.

It is stable.

It is definitely scalable.

Their support is absolutely useless. They used to be good, but now, there are separate departments. We had an issue with conditional access where the client did not like the fact that single sign-on was working and automatically logging them into everything. They found it to be a security issue. It was not a good thing. We were trying to disable that, but then conditional access would not work. Their support could not figure it out. They would say that it is Entra and then they would say that it is Intune. I found out what it was. It was a token that was coming from a single sign-on.

Negative

We use Jamf. We are still using IBM MaaS360 for some of the clients, but it is getting phased out for Intune.

MaaS360 does not integrate with all Microsoft products as well as Intune for obvious reasons. A lot of our clients want Intune for data protection, conditional access, etc. It is more about protecting their data and making sure that the devices are compliant and meeting certain policies. 

The user experience of Intune is good. It is a lot less clunkier than MaaS360. We do most of the setup, so the users are not really affected by it.

Jamf is mainly for Apple Mac management. Intune is mainly for Windows management and mobile management. Intune does not have the same level of integration with Apple Mac, so you cannot image them properly. It supports very basic imaging. Jamf is a much better tool for managing Apple Mac.

You have to use Azure because it is a part of the Microsoft environment.

I am the lead engineer involved in setting it up and configuring all the policies. It is straightforward.

From a maintenance point of view, there is no maintenance you have to do because Microsoft does it all in the cloud. You might need to tweak a few things on an app after you send it out, but those are general tweaks to make things run better. You do not have to put updates on or do things like that.

We do not use any external help. We just use Microsoft documentation.

We work in the charity sector, so a lot of our clients get Microsoft Premium licenses or Business Premium for free. They get ten licenses free, and a lot of our clients do not have more than ten staff members. They are getting the tool for free, so its cost is not an issue.

We did not evaluate other solutions.

It is good. If your clients want to protect their data and they are using Microsoft tools, then Microsoft Intune is definitely the one that they should be using.

We are not using it to its fullest. There is a lot more we could do. I work for an MSP, so we are bound by what the client wants to do. If the client does not want to advance anything, we will not advance it.

In terms of IT productivity, it does not benefit us directly because we are an MSP, but it is a lot easier to use than MaaS360 and other ones we have tried. Similarly, it does not save us costs because we are an MSP. We charge people to implement a solution, and that is it. If we are paid to manage it, we obviously try to manage it, but it does not save us any money.

It does not affect our security because we do not use it ourselves. We just install it for other people.

Overall, I would rate Microsoft Intune an eight out of ten.

I have worked in various roles with Intune. In my previous organization, I supported Intune on a job board. Currently, I am in a consulting role, responsible for development, deployment, and other aspects of Intune. This experience has given me a well-rounded understanding of Intune's support and implementation aspects.

We implemented Intune to manage devices across multiple operating systems, including Windows, Mac, iOS, and Android. My expertise lies in device enrollment, compliance enforcement, configuration management, Autopatch, Autopilot for Windows, and application provisioning through Apple Business Manager for Mac devices.

We have clients who have deployed Intune on a hybrid platform and others who are fully cloud-based.

Intune's security management capabilities effectively meet our compliance requirements. While there may be a few unique instances where our needs are particularly complex and don't perfectly align with Intune's design, it's clear that Intune comprehensively addresses the compliance standards and policies necessary for any organization.

Intune serves as a unified platform for managing endpoint and security tools. As a comprehensive management solution, Intune allows for centralized control of various aspects of device and security management. In terms of Microsoft Defender, Intune seamlessly integrates certain features of this advanced security product, providing an additional layer of protection. This integration streamlines incident management by centralizing relevant information and tools within a single platform.

With the advancements in Intune automation, the role of IT administrators has become significantly less complex than in previous years. Tasks that once required extensive manual configuration and monitoring, such as deploying security updates to Windows machines, are now streamlined through features like Windows Autopatch. This service automates the entire process, including policy creation, deployment, and monitoring. Additionally, Autopatch offers flexible deployment options, allowing for gradual rollout to pilot groups, IT staff, and the general workforce. As a result, IT teams can focus on higher-level tasks and reduce the time spent on routine maintenance.

Intune's user experience is generally seamless, with minimal user interaction required. While some applications might occasionally conflict, causing minor disruptions, Intune's compliance and configuration policies are typically applied in the background without significant user input. As a result, the user experience is generally straightforward, with few interruptions from Intune's administrative tasks.

If implemented, Intune can significantly enhance data protection, compliance, and security. By implementing security codes, we can control user-level access to applications and ensure that only authorized individuals can access company data. In case of device loss, we can remotely wipe the device to prevent data compromise. Intune also plays a crucial role in productivity. Deploying and managing applications through Intune is straightforward, and it supports a wide range of applications, including built-in ones. These features make Intune a valuable tool for organizations seeking to improve data protection, security, compliance, and overall productivity.

Intune effectively secures hybrid work and protects data on both company-owned and BYOD devices. For company-provided devices, MDM enrollment ensures robust security. However, BYOD devices rely on MAM, requiring user interaction through the company portal or Authenticator. While most users comply, there are instances of resistance to installing the company portal app, making MAM management challenging. To address this, Microsoft could explore alternative solutions that avoid the necessity of the company portal on personal devices, accommodating user preferences.

Intune enhances IT efficiency by streamlining application deployment. Applications developed for Intune are directly accessible within the application list, eliminating the need for separate provisioning from third-party vendors. Microsoft's extensive collaborations with numerous applications ensure that features and upgrades are managed seamlessly through Intune. Overall, Intune offers a promising solution for current IT productivity needs.

Intune offers comprehensive compliance features, covering even the intricate registry aspects of Windows security. Through the settings catalog, we can configure virtually all desired settings. Existing templates can be customized, and we can delve deeper into the same settings previously configured in our on-premises environment. For those transitioning to hybrid or cloud environments, Intune provides numerous features that can be customized or replicated from on-premises, offering a seamless transition.

As an IT administrator, I appreciate Intune's ability to implement granular device-level policies for our organization's employees. This allows us to enforce company-wide regulations and ensure compliance while minimizing the risk of data breaches. Intune's user-friendly interface and straightforward accessibility make it a valuable tool for IT staff and employees.

The enterprise application management feature in Intune Suite for app discovery, deployment, and automatic updating is well-suited for Windows devices but is premature for Android and iOS. From an administrator's perspective, managing Windows apps with Intune is relatively straightforward. However, for Android and iOS, the feature requires further refinement due to their third-party operating system nature. While Android devices pose fewer challenges, iOS devices often necessitate using Apple Business Manager as an intermediary, complicating the management process. This is particularly evident when considering Apple's role as the primary manager of iOS devices.

Intune could be enhanced by automating application upgrades, similar to how it automates operating system upgrades. This would streamline the process and reduce manual effort, especially for organizations with multiple applications requiring regular updates. Additionally, the tenant dashboard could be more user-friendly by providing more customizable options and charts for monitoring various aspects of the Intune environment. This would allow administrators to easily access and track key metrics without navigating through multiple menus.

I have been using Microsoft Intune for three years.

I would rate the stability of Intune eight out of ten.

I would rate the scalability of Intune eight out of ten.

Regarding the frontline support we contact, they could be more responsive. While the support is essentially the same for all users, Intune customers' response times, reservation times, and overall service are influenced by their license agreement. There is room for improvement in this area. Ultimately, we use the same product and license, but premium customer service comes with an additional cost. For instance, clients with premium licenses and support add-ons typically have issues resolved within three to four days, compared to seven to eight days for those without premium or unlimited customer service.

Neutral

I have experience with Jamf and NBF solutions. While Jamf offers robust capabilities for managing iOS devices online and is user-friendly, it surpasses Microsoft Intune in its features for Mac devices. However, Intune remains a better choice for Windows devices.

The initial deployment of Intune can be improved by automating enrollment processes for Windows Autopilot. This would streamline the process and reduce the number of options IT admins need to manage. Additionally, automating the initial Intune procedures performed by IT would further simplify Windows Autopilot deployment.

The deployment time varies depending on the operating system. For Windows, it can take around ten hours. Android deployment takes 15 to 20 minutes. iOS deployment requires more time due to intermediaries between the device and Apple Business Manager. Setting up a connector between Apple Business Manager and Microsoft Intune, creating profiles on both platforms, and procuring licenses for the device on both ends are necessary steps for Mac deployment. Windows deployment is simpler, and methods like Windows Autopilot are less time-consuming.

The cost of the license and the features are justified for myself as a technical person.

I would rate Microsoft Intune eight out of ten.

The Microsoft Intune Suite is a valuable tool for companies seeking a reliable MDM solution. Given the current structural and developmental trends in businesses, Intune has become essential for ensuring data security, protection, and compliance. It's a user-friendly platform that's relatively easy to learn, even for those with limited IT experience, such as support staff. For individuals aiming to enhance their skills and explore cloud technology, Intune offers a solid starting point before delving into Azure. By beginning with Intune and gradually expanding their capabilities, users can effectively leverage the Microsoft cloud ecosystem.

Our clients are medium size organizations.

Intune necessitates regular maintenance. To ensure optimal performance, we generate quarterly reports that inform our planning for the following quarter. These reports enable us to identify areas for improvement in compliance, non-compliant devices, configuration issues, and security and application upgrades. By addressing these concerns proactively, we can enhance Intune's overall effectiveness.

With co-managed devices, integrating the Intune Suite can be challenging due to the interplay of on-premises and cloud environments. Determining which controls have precedence—cloud-based or on-premises Active Directory features like organizational units or first levels—is crucial. Cloud-based management simplifies this process as Microsoft handles many aspects automatically, reducing the need for extensive customization. Creating user-level profiles in Azure Active Directory is essential for backend operations. On-premises management often requires more manual tasks compared to cloud-based solutions.

Intune is a viable solution for those seeking a mobile device management tool, especially if they primarily use Windows devices. However, if a Mac environment is the primary focus, Jamf offers more comprehensive capabilities and features. For organizations with a mixed device environment, including Windows, Mac, Android, and iOS, Intune is a strong recommendation. Additionally, individuals aiming to enhance their skills in cloud technology can consider Intune as a valuable starting point.

We use Intune to manage more than 5,000 endpoints. It has many powerful tools that enable an organization to manage its devices and applications securely. The main capability is mobile device management (MDM), which allows you to manage hardware and mobile applications. I'm also working with application management. That lets you manage deployments, protections, renewals, identities, and device integration.

Before implementing Intune, we had to manage devices, access, admin, and planning directly. Intune improves user productivity while reducing IT support costs. It enables IT to optimize the user experience by streamlining configuration changes. By avoiding password issues, we can secure hybrid work. It creates a profile for each user who is issued an Intune-managed device. The solution increases IT productivity at our organization. Intune has saved us money.

I like Intune's ability to install software to a device remotely and push policy through the Azure portal. Intune is good for Windows-based devices. It's also integrated with Windows security tools like endpoint protection, DLP, etc. 

You have the option of automatically updating and syncing an Intune device. You can click the sync button, and then your device is configured for automatic installation in Intune. The analytics feature can enhance the end-user experience by checking your device for things like battery health.

Advanced features are included in the Microsoft Intune Suite for an additional license cost. One of these is centralized access management. Let's say a project requires a device not to have WiFi access. We can go into that device and disable the WiFi option.  

One issue that Inutune can improve is password integration with the BitLocker key option. Another issue is assigning licenses. We can assign the licenses for some users on the BPM side, and our BPS users work on Outlook 365 but cannot access it there. A BPS person can go to the company portal and download Outlook 2016. They could improve the NDIS part to assign a license directly to the BPS person that allows them to install the Intune device manager directly on our system. 

Intune has been stable recently. One issue is that you cannot push the device's front image directly on the back end. If your WiFi is injected, the image isn't visible directly. The script can do through it slowly, but this is a problem. 

It's a cloud-based solution, so you can log in to your Intune device.

I rate Microsoft Intune 10 out of 10. 

I use Microsoft Intune to configure policies and manage devices.

We implemented Intune to manage devices for specific users and departments, including device ownership and access control.

I would rate the Intune user experience eight out of ten. About two years ago, I was a team leader with an apprentice. Before the apprentice arrived, we hired another employee who, on his first day, asked what Intune was. I was surprised he didn't know but was comfortable with it within a few days. In the last few years, Intune has been user-friendly.

Intune Suite provides robust security at the operating system level.

The enterprise application management feature is functioning well in its current state.

By leveraging cloud infrastructure instead of private systems, Intune has offered increased remote security and greater ease of access. While I still appreciate SCCM's capabilities, I am satisfied with Intune's performance.

I would rate Intune's ability to secure hybrid work and data on company devices as nine out of ten.

Due to the infrastructure being used, Intune has helped save a minimum of 30 percent of our cost.

It is important that Intune is integrated with Microsoft 365 and Microsoft Security for cloud and co-managed devices because integrating user accounts is easy.

Intune consolidates endpoint and security management tools into a single platform, but its exclusive focus on Microsoft devices necessitates supplementary solutions for Android and iOS. While Intune simplifies numerous tasks, it doesn't provide a comprehensive, all-in-one solution, requiring access to platforms like Azure or AD for specific functions. Although valuable, Intune's primary challenge in a corporate environment is the complexity arising from overlapping rights and processes across departments due to its extensive management capabilities. As a global admin, I would implement changes to address these complexities and streamline the management process.

Intune's role structure is overly complex, with too many layers creating unnecessary access hierarchies. While users can mitigate this by limiting active roles, I suggest streamlining the menu structure to improve usability. For instance, combining device lists for Autopilot and Intune would be beneficial, as these functions are closely related but currently separated. Redefining categories and consolidating menu paths would enhance navigation and make finding features easier. Essentially, I propose simplifying Intune's interface by better organizing its components.

I would like to see more tooltips, such as those brief descriptions that appear when you hover your mouse over something. For example, when you move your mouse over the "delete" button, a small box could pop up explaining that the object will be deleted but can be restored. This is especially important for grayed-out options. Users should be informed why they cannot perform certain actions, such as requiring a different role, object unavailability, or access through a different part of the system. Tooltips would significantly reduce the time I spend explaining these limitations to others.

Intune Suite's remote command functions could be improved for security. Internet connectivity is required for remote resets, and other actions are limited. I propose a potential solution involving automatic device lock after a specific period without check-in, allowing access only upon reconnecting to the internet. This would enable remote management functions without a constant internet connection. Additionally, the current unreliability of remote command execution, often requiring multiple attempts or restarts, is frustrating and needs addressing.

While the ability to deploy applications at startup is reliable, the policy-based application deployment method has not reached the same level of consistency. This inconsistency between the two methods is a key area for improvement, as reliable startup deployment is a benchmark for the desired level of reliability in policy-based installations.

Though reluctantly, we are utilizing Advanced Endpoint Analytics as application installs and compliance policy issues plague it. Comm client policy errors frequently skew statistics, providing an inaccurate representation of our day-to-day operations. These misleading metrics are largely due to other Intune component problems. While we can access analytics, we often manipulate data to exclude irrelevant demographics and metrics, such as application install failures, to produce more accurate reports. Similarly, device compliance statistics are unreliable indicators of fleet performance. While Advanced Endpoint Analytics offers potential utility, it primarily highlights underlying issues requiring resolution rather than providing actionable insights.

We can rectify endpoint anomalies. However, we overlook many others unless issues are exceptionally critical and high-priority. While Intune Analytics is a system component we utilize, its performance metrics are underwhelming. Conversely, our other ITSM infrastructure metrics are quite positive. Intune Analytics requires significant troubleshooting.

Intune is not as streamlined as SCCM but offers greater accessibility. While Intune is more assured, SCCM ultimately proved more efficient in terms of time spent.

I have been using Microsoft Intune for six years.

I would rate the stability of Microsoft Intune nine out of ten.

I would rate the scalability of Microsoft Intune nine out of ten.

The technical support is good.

Positive

I would rate Microsoft Intune seven out of ten.

We are working to expand Copilot's utility beyond its current primary use case of text-based summarization, which offers limited business value. While it aids productivity in meeting contexts, it does not significantly contribute to tasks that generate value. Consequently, we are investing resources in improving Copilot's capabilities without seeing commensurate returns.

Intune is an accessible system and one of the industry standards, so there's not a lot that you'll be left wanting.

We use Microsoft Intune to manage our endpoint.

Microsoft Intune simplifies endpoint and security management by unifying app deployment, device administration, and security features under one cloud-based platform. This lets us easily generate reports, and even remotely wipe missing devices through the Azure portal, enhancing overall endpoint protection.

Intune's user experience has been fantastic! The flexibility, especially with the company portal, allows users to independently install applications. This eliminates the need to constantly request installations from IT, saving everyone time.

Initially, some resistance and a learning curve slowed our adoption of Intune, but its benefits became clear during the shift to a remote workforce because of COVID-19. After initial deployment in 2020-2021, Intune simplified onboarding for new hires with remote access, allowing them to sign in to their laptops and gain immediate access to company resources.

Microsoft Intune helps with hybrid work models to secure company data by allowing employees to access work resources with BYOD while enforcing security measures on those devices.

Intune has positively affected our IT team's productivity. Everything is automated so their workloads have been reduced by 50 percent.

Intune has allowed us to consolidate other vendors. 

Microsoft Intune simplifies device management by replacing the traditional method of installing OS, joining a domain, and configuring everything manually. With a central management portal, we can easily group and manage all devices, eliminating the need to physically join them to a domain. This allows for seamless enrollment from anywhere, making Intune a user-friendly and flexible solution.

Manually syncing devices to enforce policies is cumbersome. Automating this process in Intune would significantly improve efficiency.

The licensing cost has room for improvement.

I have been using Microsoft Intune for three years.

We experience occasional delays with Intune, especially during updates, software deployments, and device syncs. While changes on the Intune portal should ideally reflect immediately on all devices, restarts or repeated syncing might sometimes be necessary for policy updates to reach endpoints. However, Intune functions well once everything is up-to-date.

Microsoft Intune is scalable as long as we have the licenses.

While SCCM offers a lower upfront cost with a single license, Intune's cloud-based subscription model provides greater flexibility and more features. Although continuous subscription fees make Intune more expensive over time, its functionality outweighs the cost factor for many users, especially those who don't require constant network connectivity for updates.

The initial deployment process was straightforward. We followed the on-screen instructions, downloaded the necessary software from the cloud, and our device was ready to use.

The time it takes to deploy Intune depends on our internet speed and location. On a fast network, deployment can be completed in ten to 20 minutes. Slower connections with high latency can take 30 to 45 minutes, and remote offices with limited bandwidth may require up to an hour or two.

Two people were required for the deployment.

The implementation was completed in-house.

Using the Cloud is expensive. Perhaps in five to ten years, we will see some cost savings.

The Intune license model is costly. We need to have an enterprise mobility license to use Intune. 

I would rate Microsoft Intune eight out of ten.

Our organization is currently piloting Microsoft Intune Copilot, which includes its AI functionalities. We're evaluating its features and functionality to determine its suitability for broader deployment across the entire organization.

Microsoft Intune simplifies mobile device management with BYOD for businesses, reducing the total cost of ownership. Intune's user-friendly interface eliminates the need for extensive IT expertise, making it a strong recommendation for most organizations.

We use Microsoft Intune to automate the onboarding and maintenance of our customers.

Before using Microsoft Intune, we struggled with software deployment and remote device wipe capabilities.

Most of the Intune is for all the remote devices, so it's all on-prem. For cloud, it wouldn't make too much sense.

Microsoft Intune brings all our endpoint and security management tools into one place. We use both Mac and Windows devices. Having all our endpoints and management tools in one place is helpful. I have a single place to check for current status and add and remove assets.

Microsoft Intune provides full endpoint visibility and IT control across device platforms. Having full endpoint visibility and IT control across device platforms allows us to deploy and manage the systems more effectively.

Intune works well and is seamless for the users.

Intune has allowed us to standardize better.

Intune's use of Microsoft security signals has improved our security because we can now take remote action on these systems as well as have a more common deployment.

It has helped to reduce the risk of security breaches in our organization because of the standardization and single sign-on.

It has also helped us reduce the number of IT staff, saving us costs.

The Asset Management and Auto Pilot are valuable features.

One of the other features we leverage is the single sign-on that Intune facilitates.

The Mac integration has room for improvement.

I have been using Microsoft Intune for two years.

I have not had any stability issues with Microsoft Intune.

Microsoft Intune is highly scalable.

Although I have not used the technical support for Intune, I am not happy with Microsoft's technical support in general.

Negative

The initial deployment was complex until we understood the process. We went through a simple dev test and then prod methodology. 

Two to three people were required for the deployment.

We implement Intune for our customers.

For organizations that are a Microsoft shop, the pricing is compelling. To buy it outright, it's two dollars a seat, which is cheap. The price is worth it.

I would rate Microsoft Intune an eight out of ten.

We have 400 users across multiple regions internationally.

Given the evolving security landscape in the cloud, it's crucial that Intune Suite is integrated with Microsoft 365 and Microsoft Security for both cloud and co-managed devices.

Maintenance is required to keep the packages up to date for any software we deploy. We have four people that deal with the maintenance.

I recommend planning and understanding how Intune will be used before deploying it.

Microsoft Intune is used for Mobile Device Management. We enrolled our mobile devices as well as the mobile device solution for corporate devices. We have a lot of policies such as the compliance policy, and the conditional access-based policies for the corporate mobile user and we use the solution to assign their  Outlook Teams and other configurations for the organization. 

We use Intune to design compliance policies that apply to corporate devices and to wipe data from devices when users are terminated. Intune is also used for mobile-based solutions, but we have recently explored its capabilities by using the Autopilot feature. With Autopilot, Windows 10 devices can be reset and new versions of Windows 10 can be deployed from Intune.

Intune has many benefits from the Microsoft perspective. This solution can manage Windows 10 devices, app management, and provide security solutions. We don't need to worry about our network connection, and we'll be more secure with regular security patches and compliance. Since everything will be deployed through the internet and users will log in using the internet only, the risks have been mitigated. Security updates, security patching, and the application will be targeted from Intune. The location tracker will be available to track where the device is and the user's location. The user will be restricted from accessing certain applications using compliance policies. Conditional access policies will be based on the reason why the user needs access to the application.

Microsoft Intune is one of the best products in the industry for managing Windows devices. The solution has more feature restrictions. The conditional access policies also eliminate the dependency on the on-prem network for the devices. The solution also manages our security settings and a lot of other beneficial features such as Microsoft Purview which gives us the compliance portion. We can manage all aspects of our device from a single console, including M365 services. This allows us to configure data classification types, such as public, private, internal, confidential, and highly confidential.

The best feature is that we don't need to worry about downtime. We don't need to worry about the network connections of our office or the virtual private network. Everything is being done through the internet. Using Intune Autopilot, we can configure and deploy everything to the devices.

We need the capabilities of the Cloud Management Gateway (CMG) to be enhanced through Intune instead of Azure. I suggest that Microsoft consider this. If the user already has a subscription to Intune, they should not need to buy an additional subscription for Azure services.

The support needs improvement. When we need support, we don't get a response within the SLA because the support has been outsourced.

I have been using the solution for five years.

Microsoft Intune is a stable product. For the configuration, we could reach out to technical support, but other than that, we need not worry about anything. If we have configured the product correctly and we are not going to enhance any additional capabilities in Intune, then we need not worry about technical support.

The solution is extremely scalable. I give scalability ten out of ten.

Microsoft has outsourced its technical support so if we raise a ticket with severity, the technical support team may not be able to respond to us within the timeframe or the standard we expect. Sometimes we get the call within four hours. Sometimes we won't get that call for a day or more. The service side is pathetic now. To get support from Microsoft, we need to have our TAMs in place and then we need to submit the ticket. If we have already aligned a TAM for the tickets, we get support from Microsoft.

Neutral

Previously we were using Microsoft Configuration Manager. The Microsoft Configuration Manager is the dedicated server for managing devices on-prem. We need to make sure the device is on the same network through which the policy is getting replicated. The dependencies with that server as well as with the network are important, and the devices need to be online on the network. Using Intune as a backup solution, if the device is not on the network or if the device owner is not in the location but it has an internet connection, then we can deploy all our physical solutions onto the devices. We are using both, the Microsoft Endpoint Configuration Manager as well as Intune, since a couple of policies are still only being managed with the Configuration Manager.

The initial setup is straightforward. Once we have subscribed to the license, we will receive our tenant ID and organization ID. We can then access the portal and configure whatever we want. To save the configuration, we must enable it from the portal itself. The Azure Ready Connect GUI console makes it easy to join devices to Azure and to create and deploy conditional access policies.

We have four or five global administrator access levels in our organization. The most limited level is for the global administrator, who can be limited to one person. We need to involve them to enter the password while configuring the CMG, and then the Microsoft support in case we are missing any configuration during the installation or managing Microsoft Intune.

We deployed across more than 10 to 15 countries. The solution is used in India, the US, and England.

We have seen a return on investment using Microsoft Intune. We can save money by establishing our management point and cloud distribution point in Azure. Cloud support is an additional cost. We have to pay Microsoft for the VM, which doesn't act as a management point and the cloud distribution point for the endpoint. Endpoints are the on-prem devices.

Earlier, Microsoft used to give the license using the MSDN subscription, now the subscription part uses the M365 E3/E5. Existing E5 license holders for M365, Intune, and Azure, receive a free license.

If we're only upgrading to Windows 10 for the monthly security patches, Ivanti has Patch Now. Patch Now is a solution that gives us the same set of capabilities as IBM BigFix, but Intune has enhanced capabilities. Ivanti Patch Now is another product similar to the Microsoft Configuration Manager console and we have to make sure the device is on the on-prem network itself. Intune is a cloud-based solution that does not require the device to be on-prem. Everything is in the cloud, including device tracking, writing, and initiating remote connections.

I give the solution a ten out of ten.

I manage the endpoints for the implementation strategy and use the desktops or Windows for migration. I'm not from the mobile device management team, but I can give presentations on how the devices will work in the Autopilot zone with Intune. I'm also familiar with conditional access policies and what needs to be in place for a successful migration.

We have 35,000 end-users.

Maintenance is minimal. There have been no reports of any outages from the cloud perspective, meaning that any downtime is from Microsoft itself. However, on-prem systems may experience challenges. We don't need to worry about downtime and all the systems will still be operational.

New customers are definitely going to reach out to Microsoft for purchasing all the products. Microsoft will have its own lab. They will give us the live demo from the lab, but that won't be a feasible solution. We should check and bring that solution to our environment. It would be good if we can create our own test environment and then ask Microsoft to perform all those configurations and just train our engineer about the Intune part. We will know all the legacy parts of our environment which could impact when we are moving our devices to Intune, either the legacy app, legacy hardware, whether those devices are supported, the TPM, the Tested Platform Module, the BitLocker configuration, everything we need to understand before we move our device to Intune.