Microsoft Intune Reviews

You can use Intune to manage devices for any size project, from a small business to an enterprise-level project. You can manage hundreds of thousands of devices. Intune can manage on-prem and cloud services. We are working with large enterprises mostly.

Intune encompasses all devices, applications, and policies that can be deployed within an organization through a single portal. In the event of an outage, it simplifies the management and resolution of issues or policy adjustments. It allows for the management of security profiles, applications, and devices from one portal across any operating system platform.

Consolidating everything in one location enhances the efficiency and productivity of IT administrators. Since adopting Intune, our IT team's productivity has increased by 20 to 30 percent. Additionally, the integration of Copilot has further improved our efficiency by 5 to 10 percent.

However, there are exceptions. Certain applications cannot be deployed easily via Intune. Win32 deployment is necessary for these, which can be challenging as it demands extensive testing to release a custom package from Intune. More innovation is needed to deploy custom applications, which would greatly benefit us. For most enterprise scenarios, application deployment is relatively straightforward.

Hybrid environments call for innovation, particularly with hybrid enrollments using GPO. While most autopilot hybrid scenarios and co-management run smoothly, I have encountered issues with hybrid GPO enrollments due to their complexity.

Intune is a leading secure solution in the Indian market. It allows the creation of any conceivable security policy. With the addition of Purview and DLP modules and integration with Microsoft Defender for Endpoint, security has never been a concern, and our security posture is nearly impeccable.

Intune has also facilitated vendor consolidation. It is our primary recommendation for an MDM solution because it offers the productivity and features that would otherwise require integration of multiple solutions from other vendors. The industry is now transitioning from on-premises Intune to cloud-based management.

Intune enables the deployment of any security solution. Although it does not integrate, it allows for the deployment of a wide range of security measures.

I appreciate how Intune consolidates everything in one location. For instance, it allows the setup of conditional access for applications and devices directly within Intune. The segregation feature within Intune devices is also beneficial. Devices can be categorized by Windows, iOS, iPadOS, macOS, and Android, and sorted by platform, eliminating the need to navigate the devices section.

The app management feature has seen significant improvements. Initially, navigating the app section was quite challenging, but now, all my concerns have been addressed. It's possible to deploy or manage any application, with reports and app-protection policies accessible in the same section, which is quite convenient.

I would rate the user experience at nine out of 10. Having utilized various MDM solutions from Microsoft, Cisco, and VMware, I find Intune to be superior. We employ Microsoft Defender for Endpoint and DLP policies in Purview, along with multiple security policies such as baselines and BitLocker for encryption. This integration simplifies the administration of security features from other tools in one place.

The most sophisticated analytics we've utilized are group policy analytics. As a consultant, I often handle multiple migrations, primarily from on-premises to the cloud. Group policy analytics are particularly useful in these scenarios as we migrate on-premises policies. If Intune lacks support, we must either start anew or seek alternatives.

Copilot is beneficial as it supports various CSPs or policies. Despite extensive use, one cannot be fully versed in everything about Intune. Whenever there's confusion, Copilot is a valuable resource to clarify and ensure the feasibility of creations within Intune. Copilot assists in profile creation and assignment considerations.

My perspective on tools like Copilot is that they are artificial; the intelligence aspect is still emerging in the AI industry. Nevertheless, Copilot is a well-maintained and informed tool.

Microsoft currently restricts deployment to PowerShell or XML scripts, so it would be beneficial to support additional scripts such as command scripts, C languages, or TypeScript to enhance systematic compliance.

While the UI has been updated, it could be made more accessible. Navigating to a specific section in Intune requires multiple clicks through different areas before arriving at the intended destination, indicating the UI could benefit from further improvement.

The process of application discovery and deployment is relatively seamless. Nonetheless, there is room for enhancement in the reporting aspect. Intune still lacks comprehensive reports, and notably, its failure reporting does not succinctly communicate the full extent of an error.

I have used Intune for more than six and a half years. 

I rate Intune 10 out of 10 for stability.

With Linux and Chrome OS now supported, the scalability has reached 100 percent. Every device or endpoint operating on our OS can be enrolled in Intune. 

I would rate Microsoft support as four out of ten. Support is an area where Microsoft could significantly improve. I had an issue with Microsoft Azure recently, and after raising a ticket, it took two and a half weeks to receive a response. There is a need for enhanced support across all their product offerings.

Neutral

We have utilized Cisco Meraki, VMware Workspace ONE, and Jamf for managing Apple devices. However, Intune stands out among these options because it overcomes application deployment limitations that others have. While some support only Apple or Windows devices, Intune excels in compatibility, supporting Android as well. Moreover, Intune can implement more security policies than any other MDM solution available.

Hybrid enrollment is typically complex, yet cloud autopilot simplifies the process considerably. It's possible for anyone to grasp cloud deployment within five to ten minutes. While the most intricate enrollments, involving thousands of devices, may take two to three weeks, a cloud-based deployment can be accomplished in approximately one week.

This was completely in-house.

Intune is considered moderately priced. It is available as part of a bundle with Microsoft 365 E3 or E5 licenses. While the E5 licenses are somewhat costly, Intune offers some more affordable solutions.

Yes, we evaluated Cisco Meraki and VMware workspace One.

I give Microsoft Intune a rating of nine out of ten. Intune stands out as one of the top solutions in the market, and its capabilities are expanding with the integration of cloud PCs, Chrome OS, and Linux systems. For any large enterprise, I endorse both Intune and Defender.

The recent CrowdStrike outage, which is the largest in IT history, affected only systems without Microsoft Defender but with CrowdStrike. This incident underscores the importance for enterprises to transition towards deploying Intune and Defender for enhanced security.

Public Cloud

Microsoft Azure

We use endpoint management, both SCCM and Intune, so it is a hybrid model that we use in order to manage applications, patching, updates, and operating system deployment with Intune. We also use Autopilot for deployment.

Intune has been effective in managing various mobile devices. It would be Apple Business Manager for Apple devices, the iOS tray. It's easier to manage from Intune compared to Android. I've recently heard that Android devices will no longer be managed from Intune. The MDM part is moving away.

Intune's app management feature for supporting business operations is very easy and seamless for an admin to package applications on Intune. It's also very easy to track logs on the end-user device to understand deployment or push failures. Application management works really seamlessly with Intune.

Moreover, Intune has made it very easy to package and deploy LOB apps like MSI and MSI X applications available on the Microsoft Store. This is very helpful.

Intune brings all of the endpoint and security management tools into one place. Microsoft has integrated all its cloud platforms, like Defender for Endpoint and Intune for endpoint management. We can easily manage the Defender part from the Defender portal for endpoints, and it's very easy to track vulnerabilities on the Defender portal as well. 

It's just a matter of installing the Defender client on a device, and we can easily see all the scan results from that device on the portal. So it's very easy and simple, and the security information is all on the dashboard, ready to be presented to the client.

Automatic updating can be challenging for apps not available on the Microsoft Store. We need to package and download those apps, and it's not just pushing them; we need to create scripts to uninstall previous versions. That's a caveat compared to SCCM, where we can integrate third-party tools to manage third-party applications. I hope they will soon integrate something like Patch My PC. Apart from that, it's good.

We don't use the advanced endpoint analytics but, we use the basic features available on the dashboard. We have various data sources and get a lot of reports from there.

We also don't use Intune PKI as of now because we manage PKI from our on-prem environment. But we have seen that BYO CA (Bring Your Own CA) is now available on Intune. We can bring our own CA to reduce the load on the on-prem infrastructure. That's one of the features we need to test.

Overall, Intune provides a more secure and easily monitored environment, with live and native support, unlike other tools. For example, we might get data that is seven days old with other tools, but with Intune, we get data that's only eight hours old. This helps us understand what applications run on a particular machine and which operating system is installed. Intune has saved us time and provides valuable features.

The best features are application and update management. In the context of updates, it's very easy to manage device updates through Intune because they pull updates directly from the internet. We don't have to select and push updates as we do with SCCM. 

For application management, we have many options for packaging applications. 

The overall user experience of Microsoft Intune a ten out of ten. There are certain limitations, but I would still rate it ten out of ten compared to Jamf, Tanium, and BigFix. I find Intune far better and easier to use.

I also tested the enterprise application management feature. The way we are packaging using Windows 32 apps and LOB apps. These are pretty simple to manage.

We recently introduced Copilot on Microsoft 365 portal to help draft emails. We were highly dependent on Grammarly before, but Copilot has replaced it and saved us the licensing cost. That's one way we use Copilot.

Copilot won't protect our environment. It's just an AI tool. Defender is responsible for protecting our environment. Copilot can answer our questions quickly, without needing to browse through Google or a browser. It's integrated into almost every application. We can click on it and ask our questions.

Copilot has reduced the load of typing. We can just give it a brief instruction, like "draft an email to my manager regarding a new joiner," and it generates a draft. This saves us time and typing effort. We just need to proofread it.

We've only seen Copilot so far. We haven't tested any other AI tools in Intune yet. Copilot is very useful, and it's a Microsoft product.

The challenge we experience is with Mac management. We find Intune not capable enough to handle Mac devices, configurations, or operating system deployments. However, it's easy to manage Windows devices. Mac itself has a lot of restrictions. Linux and Mac operating system compatibility need improvement. Also, they need to work on making GPO (Group Policy Objects) compatible.

Microsoft needs to work on Autopilot and make it simpler at the end-user level.

We also face challenges managing group policy. Many group policy objects that we can manage from on-prem Active Directory can't be managed through Intune. That's something Microsoft needs to work on, and I'm sure they will.

I have been using it for more than four years. 

It is a stable solution. I would rate it a nine out of ten.

Everyone in our organization uses this solution. But, for the project I am involved in, just 15 people use it. 

We have medium to enterprise businesses as our clients. 

I would rate the scalability an eight out of ten.

The customer service and support are average. Sometimes I feel they don't even know about their product. 

Neutral

I can compare it to Tanium. When I was doing a POC in place of Intune, we needed to compare other tools as well. Tanium is a good tool, but I can't find any other tool that can replace Intune with so many features.

I like the user-friendliness of Intune's GUI and the fact that we get so many features under one roof has attracted our attention.

The deployment of Intune depends on the environment in which it is being deployed. In our case, it was pretty simple because we didn't have much insight. However, depending on the requirements of a different environment, it can become complex.

The deployment takes a couple of months would be a good estimate. You need to plan everything and then execute, and migration is involved.

Intune works seamlessly with Microsoft Defender. With other security solutions, we see a lot of challenges. It depends on the complexity and scale of the environment. But it's really compatible with Defender and Intune integrates well with other security solutions.

Intune requires maintenance. It requires internet access because we need to manage certificates, check on the DMF file, and clean up stale devices.

It has helped admins immensely in order to manage those endpoint devices. With other tools, the device needs to be on the office network or VPN. Intune removes this dependency. 

We can manage devices through the internet, and we won't miss any devices that are offline.

It has saved 60% of our time. I can't put an estimate on cost savings, but it has saved a huge cost because we don't have to manage infrastructure anymore.

It's a little expensive, but it's worth having.

Compared to other tools in the market, Intune is a good tool to go with. It's a little expensive, but it's really good because we have almost everything under the same umbrella. The features that Microsoft offers are not available in BigFix, Tanium, or Canvas. But it also depends on your budget.

I would definitely recommend it. We get promoted features, and it's easy to use. The ease of use is really attractive for admins, especially compared to other tools.

Overall, I would rate it a nine out of ten. 

Hybrid Cloud

I'm an IT manager contracting with a European company. We had to onboard Windows machines to the Azure AD, but they did not have an on-prem AD. I prepped the Azure AD on the cloud, and I started to migrate the laptops to Azure AD. 

Once that is done, we need to apply policies, but group policies will not run from Azure AD because there's no on-prem AD to derive the policy from. Intune comes in handy there. It has multiple capabilities. You can create your configuration profiles in Intune that apply to Windows and Mac. You can create security profiles and configuration profiles, and you can apply browser settings to some extent. It isn't a small tool in terms of size or breadth of capabilities. It's very capable. Anybody who has used SCCM will see a lot of similarities.

Intune has many components that replace third-party products. For example, Intune creates an inventory of each machine. Otherwise, I'd need a third-party asset management tool. Intune can also tell me which users are accessing a given machine because it's integrated with Azure AD.

It's easy to deploy a configuration or policy to a system, especially when you don't have Azure AD. Now we are talking to all these small and medium-sized customers who don't necessarily have an on-premise Windows Active Directory. If they have invested in Office 365 Premium, this functionality becomes available to them.

That's considerable savings because you get Intune with Office, and you're getting slightly more advanced Azure AD capabilities. They also get MS Defender, which is there on the Windows client. This March, Microsoft introduced Defender for Business. They activated the business subscription with the Office 365 Business Premium subscription. If a customer is looking for an antivirus solution with a centralized capability, the product is already there. 

Intune allows you to control the policy if you want to control hard drive encryption. We have third-party tools in the market that we used to invest in. Today, we have Windows-native BitLocker, and I can use Intune to manage that BitLocker encryption.

Intune can set policies on each machine. I can create rules and apply them to individual machines. It's much easier than using the Azure AD system.

Reporting in Microsoft solutions is pathetic. With Intune, I'm getting a free inventory tool, but I don't get a reporting tool. When I go to Intune, I can see one machine's entire data in terms of the hardware and the software running on it, but I cannot generate a report for all the machines in the organization. The reporting is the only feature holding back the functionality that is already there. 

All the other third-party tools are doing the same thing, whether Atlassian, ManageEngine, or Ivanti. They all install an agent on your system. Intune also has an agent on your system collecting inventory details and sending them across the central console, but Microsoft doesn't have the reporting capability there. That is the only drawback I see.

I started using Intune last year.

Intune is perfectly stable. We've had zero downtime.

Intune will scale because it's a cloud system. We are not installing anything. It's a Microsoft service. I have it running on around 200 machines.

I rate Microsoft support nine out of 10. In the past year, I've made 20 or 30 support requests on the Intune platform. Each time, it has been smooth. Usually, they sort the problem out on the first try. Once, the ticket was open for about two weeks because they had to do some backend testing on their side. 

Positive

I have used ManageEngine from a company called Zoho Corporation to do inventories and patching. Microsoft Intune lacks capabilities to patch Windows, Office 365, Acrobat Reader, etc. There is no way for me to apply and manage patches. I can create a patch configuration, but I cannot control when it has to be deployed and on which machines. If Intune adds patching, I don't need to invest in another patching tool.

Setting up Intune is pretty straightforward. There may be a few bumps in the road, but you shouldn't have much trouble if you're a system administrator or a pure IT guy. I did it by myself, and it took about two hours. You have to do the basic configuration. 

For that, you need a bit of reading to understand how your configuration is working within your overall setup. Once you do the necessary tweaking, Intune is up and running. After that, you create policies and do a test run on one or two machines. Once you verify that everything is working fine, you deploy it all. 

If you're not a techie, I could guide you step by step. It's as simple as that. After deployment, Intune doesn't require maintenance because it's a cloud product. 

We've seen a significant return on the investment. Otherwise, I would have to invest in a regular Windows Active Directory. If I were running Office Standard, which lacks this feature, I would have to buy something like Intune and pay for it annually.

Plus, I have to manage another product on the desktop. For example, if you're using a VPN client, the VPN client has to be installed and requires maintenance if something goes wrong. I don't have that maintenance cost because it's part of the Windows operating system.

We don't pay for Intune because it is bundled with the premium subscription to Office 365. It includes Intune and Defender. I don't have to buy two extra products to manage my enterprise.

I rate Microsoft Intune eight out of 10. Some functionality needs to be improved, but I believe Microsoft is working on it. They're developing the tool, and those features will be added, but I will give it an eight today.

If you're thinking about implementing Intune, you should look at what you already have in place. For example, if I wanted to bring my laptops onto Azure AD, Azure AD will do the job for me, so I don't need to invest in a regular Active Directory server.

Either I buy the server and run it on the cloud or I upgrade Office and Business Premium gives me all of the features. Business Premium is the top license. You have Business Basic, Standard, and Premium. The Enterprise equivalent is E3 and E5. 

The Business Premium is equivalent to E3. There is a limit on the number of machines. Per Microsoft's licensing model, you can do up to 300 machines on Business Premium. At 301, you have to switch to an Enterprise agreement.

We use Intune to connect university staff and faculty to secure resources on their computers quickly.  

Intune is a force multiplier coming directly from Active Directory. We had to engineer over some limitations of Active Directory, and Intune resolves that by addressing known trouble areas. It allows us to do things quicker and more efficiently. 

We like Intune's Autopilot functionality, which enables one-touch deployment. Dynamic grouping is another feature we find valuable working in academia. We have people in buckets based on their roles in the university, such as faculty, staff, alum, or grad. Sometimes, they will fit into multiple places, and dynamic grouping helps with that. So far, using Intune has been easy and intuitive. Once everything is set up, our user base finds it much easier and more modern.

We've recently purchased Copilot licenses for Intune, but we've only had it for a week or two. It's a new deal for Syracuse, but it has been good so far. It moves quickly. You can see that it's constantly learning, and I love that. Today is the dumbest it will ever be. It's going to continue getting better and better. Even when we're wowed, we understand that more "wow" will come. 

It has some growing pains, but they are no different from anything new. We're implementing Intune on an individualized data set. So there's no way Copilot can know everything about every data set it's going to get, but it does grow pretty quickly, which is phenomenal. 

It would be awesome if Microsoft opened their API so we could filter more properties. If we have to do anything outside of Intune that requires a third-party solution to talk back to it, we're very limited in what we can do. Trust your people. We promise not to break your stuff. Open it up just a tiny bit wider.

We started using Microsoft Intune about a year and a half ago. We transitioned our fleet from Active Directory to Azure Active Directory. Then, we took that hybrid and shifted it into Intune for our MDM solution.

Intune is solidly reliable. Microsoft has some peaks and valleys that you need to get used to. Stability is essential when transitioning from on-prem to the cloud, where Microsoft manages your infrastructure. There have been a few drops in performance, but that's more growing pains from our rapid expression than an indicator of major problems.

Scalability is fantastic. 

I am a technician, so when I'm reaching out about problems I cannot solve myself, they tend not to be tier-one or tier-two problems. When I contacted Microsoft, they had the same expertise, if not more, which is phenomenal because I felt heard and my problem was solved. That is delightful because I have contacted support for other solutions. After trying several troubleshooting steps, I contacted them, and they asked me to restart something. I have gone beyond that point and tried to tell you where I am. 

Positive

We previously used Active Directory and spec ops for software deployment, with Active Directory handling computer and user management. Intune was a natural progression for MDM. For Mac users, we still use Jamf but plan to transition them to Intune as support for Apple products grows.

It is absolutely a positive investment. Everything we've gained from it makes my job easier day after day, and I see value in it as an engineer.

I am not involved in those discussions. We worked hard to acquire E5 licensing, and Microsoft collaborated well with the university to ensure everyone got what they needed.

With Intune, managing devices is a breeze. I use it to enforce security policies and seamlessly deploy applications to handle Windows 11 upgrades. It is like my one-stop shop for device management – no more manual headaches, just simple templates making my life easier. Plus, with Windows 10 support ending soon, Intune ensures a smooth transition to the latest and greatest without much hassle.

Overall, Intune has been a game-changer for our organization. It offers enhanced visibility, helping me identify and fix issues swiftly. Since implementing it, our security score has seen a noticeable improvement.

Intune gives me full visibility and control across all devices. For instance, if a device is slowing down, Intune alerts me, and I can proactively upgrade the hardware, like moving from HDD to SSD or M.2, ensuring optimal performance. It is like having eyes and control over the entire device landscape.

Intune has significantly reduced the risk of security breaches. With its robust security features and compliance monitoring, I can track and manage everything from emails to miscellaneous activities, ensuring a proactive stance against potential security threats.

The user experience of Intune is a perfect ten for me. It provides an incredibly helpful and seamless interface.

Intune has saved costs by preventing potential security threats. Restrictions on accessing miscellaneous websites have been invaluable in avoiding virus downloads and data loss. 

The reporting and analytics features in Microsoft Intune have been a lifesaver. In the report section, I can quickly identify device issues, compliance problems, or deployment failures. It provides a clear overview, allowing me to take immediate action, whether it's redeployment or manual adjustments, keeping everything in check and running smoothly.

While Intune works perfectly well, the only potential downside is that the deployment could be a bit complex for some users.

I have been using Microsoft Intune for three years.

The stability of Intune is impecable.

I would rate the scalability of Intune as a ten out of ten. I have not had any issues with it.

Technical support from Microsoft for Intune is top-notch, a solid ten. Whenever I have had issues and opened a ticket, they have been quick to respond within half an hour to two hours. The solutions provided are effective with detailed instructions and additional information.

Positive

My deployment model for Intune is gradual and cautious. It is like navigating through a vast ocean, where I test on a few devices first, slowly deploying one thing at a time. I learned the hard way that rushing impacts users, so it is a step-by-step process, taking a month or two, testing, deploying, and making adjustments as needed. Patience is the key to Intune deployment.
Deploying Intune wasn't a walk in the park, but it wasn't overly complex either. I would say it is moderate—needing time, experience, and knowledge. Testing is crucial.

Microsoft takes care of updates and maintenance. I just need to stay on top of deploying new patches that come from vendors, ensuring our machines are up-to-date and secure.

The return on investment with Intune has been excellent. The increased productivity and control over machines justify the cost, giving a full value-for-money experience.

We use Microsoft Intune to ensure security compliance mainly through our DLP project. It is our go-to for deploying new features and staying on top of security patches. Intune keeps us informed about vulnerabilities, making it easier for me to download and deploy updates across our infrastructure, ensuring a robust and secure system.

The standout features of Microsoft Intune for managing and securing our workforce are endpoint protection, streamlined deployment of applications, and easy handling of feature updates. Creating Intune policies is a breeze; for instance, deploying applications is just a matter of selecting them and letting Intune take care of the rest. It is a time-saving and efficient way to keep our systems secure and up-to-date.

The real game-changer in Microsoft Intune for our data security is the ability to create and enforce specific policies. I have set up two types: one within Intune and the other through GPO. The combination of both has been pivotal in ensuring robust security measures for our organization.

Having all endpoint and security tools in one place with Intune is quite valuable. It allows me to track device usage, block systems, and, if necessary, wipe company data for security purposes. The integration with OneDrive ensures seamless syncing and backup of user data, providing an added layer of protection. It is like having a control center that empowers me to respond swiftly to any security concerns.

For securing hybrid work and data protection, I set up Intune to handle encryption using tools like BitLocker. It provides an added layer of security, allowing me to manage BitLocker keys and make necessary changes for better control. This way, even in a hybrid work environment, I have visibility and control over data protection measures.

Intune's integration with Microsoft security has significantly bolstered our organization's security. From prompt security patches to timely machine restarts and access control, it covers a multitude of aspects, ensuring a robust and proactive security stance.

Using the Endpoint Privilege Management feature in Intune has been a productivity boost.

After deploying Intune, there was a shift in user freedom, but it was a positive change. I could restrict access, control network usage, and block certain applications, enhancing overall security. While some users may find it limiting, it aligns well with the organization's focus on security.

Intune must integrate with Microsoft 365 and Security. The synergy is powerful. For instance, in security, I identify vulnerabilities and know precisely what patches to deploy using Intune. It is like a seamless collaboration that streamlines the process.

Microsoft Intune's integration with other Microsoft tools has revolutionized my device management strategy. It is like a helping hand that makes everything easy and seamless. Over the past five to six years, it has become an essential and efficient part of my device management toolkit.

Microsoft Intune's integration with other Microsoft tools has revolutionized my device management strategy. It's like a helping hand that makes everything easy and seamless.

For new users, my advice is to take advantage of Microsoft's virtual training sessions and certifications. Sometimes, they offer free certifications, which can be beneficial for users, considering the investment companies make. The biggest lesson I have learned is the incredible control and flexibility Intune provides. From deploying and removing applications to blocking and deploying the OS, it gives complete control over the infrastructure, making it invaluable for users in the field.

Overall, I would rate Intune as a ten out of ten.

Public Cloud

Microsoft Azure

We are using Microsoft Intune for mobile device management (MDM) to provide context-aware access to the users. Mobile device management is what we predominantly use Microsoft Intune for.

Initially, the scope of Microsoft Intune was not too good because it could only manage certain endpoints such as laptops, desktops, and mobile devices. We initially had a problem with the servers, but they started supporting servers in the last three or four years, so now, it is good. It manages virtual machines and servers, both on-premises and in the cloud. It has improved and is still improving in a lot of areas. 

It provides group policies that we had in the early days of Active Directory. That is good when it comes to applying the policies to endpoints and servers from Microsoft Intune. Initially, we did not have all group policy settings inside Microsoft Intune, whereas now, we have patching and the ability to push the policies for antiviruses, etc. We can also handle mobile device management policies. Everything can be done via a single console. It is easily manageable, and we can have a single administrator to manage all the policies. We can have one or two administrators for backup. Traditionally, we had multiple administrators for each and every console. When you are a big Microsoft shop, it is easy to manage everything.

Microsoft Intune is good for a hybrid workplace. The conditional access policy is one thing that we can use for devices. For example, we can allow access to critical data only from corporate devices and not from personal devices even if someone is using the company account. We can go even more granular where someone can access the data but cannot download it to his or her personal device. Microsoft Intune is good for handling BYO devices.

It has had a good effect on our organization's attack surface. I would rate it an eight out of ten for that. We can implement rules for attack surface reduction. That is possible when devices are managed by Microsoft Intune. 

The IT productivity in our organization is far better. I would rate it nine out of ten for that.

Mobile device management is good. I am easily able to manage devices and assets, especially laptops and desktops. 

An important feature in Microsoft Intune is the Conditional Access policy, where I can provide specific access to a specific user based on geolocations, and there are multiple options inside it. Conditional Access is its best feature.

Its user experience is very good. I would rate it a nine out of ten for that.

For Windows machines, all the features are available within Microsoft Intune, but when it comes to Mac machines, it is still improving. It is not as good as Jamf. When it comes to customizable policies and other things in Mac machines, it is a little bit difficult. It is not as good as Jamf, but for Windows, Microsoft Intune is good if you have a good budget.

Its integration with Mac and Linux devices can be better. They should provide more features similar to Windows. We should be able to manage policies within Linux and Mac machines. If we can have more granular controls for these two operating systems, it will be really helpful. That is one area where they can improve.

When it comes to automatic updates, none of the vendors are doing it so well. The expectation right now is to have everything automated and automatically upgraded to the latest version of the software. The discovery capability of Intune is good because it is Microsoft. They can do discoveries based on their internal commands and other things and pull all the information into Intune. That is easy, but doing the upgrade of third-party software is a little difficult. It is evolving, but we cannot do the upgrades of all third-party applications. A financial or banking organization allows a limited set of applications to be used. For them, Microsoft Intune is better because when you have only 15 to 20 applications, you can easily upgrade them through an automated platform like this.

It is not similar to any of the PAM solutions. It is still in the starting phase. Other PAM solutions, such as CyberArk, can do remote session management. They can handle vaulting and other things. When it comes to EPM within Microsoft Intune, I do not know whether they are planning to go with the PAM or Privileged Access Management platform, but with the current solution, we can do user account management. We can do password rotations. We can add a new user, remove a user, and provide access to a particular resource for a user. All these steps are manageable and possible, but for Privileged Session Management and Access Management, it still needs improvement.

It is very important that the capabilities of the Intune Suite are integrated with Microsoft 365 and Microsoft Security for both cloud and co-managed devices. The integration with the M365 platform, especially with Microsoft Defender for Cloud, Cloud Apps, and Endpoints, plays a big role. Intune can discover and find out the devices. The integration is still happening. It is not yet over. There is room for improvement.

I have been using Microsoft Intune for about seven years. I have been a customer for four years and then became a partner because I joined a new organization. This new organization is a partner of Microsoft. I have been with this organization for three years.

If there are any issues with Microsoft Azure Cloud, we may have issues or downtime, but they are rare. It is 99.99% available. Only if Microsoft Azure Cloud goes down, we have a problem. Otherwise, it is okay.

There are no issues with scalability because it is a cloud solution. It is automatically scalable.

If you are paying for support, you get good support. If you are not paying for support, you do not get support.

Technical support can be a bit of a problem when it comes to costs. They have a professional service and a normal service. With the normal service, it is difficult to find out answers from them because they are not experts. We only get experts with the professional service, so if we pay, we get support. This is something difficult for a small organization because they cannot always pay for support for every issue.

When you give a product, you should always provide good support. If you do not have technical people, what is the purpose of having a support team? It is useless. They should have at least one or two people who can technically help an organization.

We use different tools. We use Jamf for Mac and Ansible for Linux machines. We have not yet fully switched to Microsoft Intune for Mac and Linux. Very few Mac machines are with Microsoft Intune. Most of our Mac machines are still with Jamf.

Companies that are using Microsoft products go for Microsoft Intune. However, when people have more Linux or Mac machines, they do not choose Microsoft Intune for their organization. We recommend a solution only after knowing the expectations and use cases of a client. Small companies do not prefer Intune because they can have JumpCloud. Small companies with less than 500 users can also go for Google Workspace. For companies that already have a Microsoft license such as E5 or O365, going for Microsoft Intune makes sense.

Microsoft Intune improves the security posture, but because of the budget and other constraints, organizations can start looking at other vendors.

It is not complex when it comes to Windows machines. It is straightforward, but when it comes to the other operating systems, it is complex. It is not easy.

The number of people involved depends on the users. If you have 1,000 devices, for Windows machines, you do not need more than three or four people. However, for 1,000 Linux or Mac machines, you would need a ten-member team.

The maintenance is easy. You do not need extra people to manage Microsoft Intune because it is a cloud service.

I am using E5 security and compliance. It has all the Intune options and security and compliance subscriptions, so I use the full suite of Intune except the EPM module. We have not yet started using the Endpoint Privilege Management module. It is a small add-on that we have to use. Other than that, we are using everything.

There are other tools that give a similar approach but are not as good as Microsoft Intune. In terms of cost, it is more expensive than other tools like JumpCloud, Google Workspace, etc. There are multiple tools like this. Only if you are a Microsoft shop, I would recommend going for Intune. Otherwise, use some other tool and manage the organization.

Its licensing model is not complex, but it is very expensive compared to other solutions. They can bring more models and reduce the pricing. They should allow customers to select the features they want and price it accordingly. That would be a better option because not every organization needs conditional access or an antivirus solution. Some organizations that use Intune might use CrowdStrike, so they do not need Intune policies for antivirus. It would be better if they could bring more plans.

I would advise to not look at the cost first. Instead of the cost, look at the features and then list down the use cases for your organization, and then go for the consolidation of the tools. Microsoft Intune can give you a lot of features, but whether it is suitable for your organization or not is the main question. List down the use cases and then assess Microsoft Intune because it can give a lot of features that you do not want, but you cannot omit them while buying it.

We are not using Advanced Endpoint Analytics because we have Sentinel and Chronicle SIEMs in our organization. We also use SDR platforms, so we are not using Microsoft Intune for any of the analytics. We are also not using Microsoft Intune Suite's Cloud PKI.

We started using Microsoft Copilot for a small organization. It has only been two months. We are building the use cases for that organization. They have purchased the licenses, but we are building the solution design and use cases for that particular organization. They want to automate most of the things, identify the non-compliant devices, and automate whatever they find non-compliant. Our aim is to identify non-compliant devices, do some automation, and block them from accessing any of the critical data inside the organization, but we do not know if Microsoft Copilot can do that.

Overall, I would rate Microsoft Intune a nine out of ten.

I have worked on multiple projects during these four years and encountered various scenarios with Intune. The major issue I found is Intune's vastness; it has numerous features within a single MDM portal. We can deploy unlimited features from the Intune portal to manage devices and protect the environment. Intune's capabilities are extensive, but there is room for improvement in certain areas, particularly reporting. Intune's reporting functionality is still under development, and we can anticipate further advancements in this area.

I previously worked as a solution engineer and am currently a call center agent in IT. I have worked on all sorts of Intune-related issues, including those related to mobile devices, Windows devices, enrollment processes, and policies. My expertise includes Autopilot, GP enrollment, the enrollment process for Windows, iOS, and mobile devices, as well as configuration profiles for multiple devices and platforms. I have also worked on scripts. As an escalation engineer, I have dealt with a wide variety of user issues.

The primary benefit of implementing Intune is the ability to manage devices, including controlling access, deploying applications, and enforcing restriction policies. As administrators, we gain control over which applications and websites users can access on their devices. Additionally, we can seamlessly deploy applications and configure network settings according to our organization's or client's specific requirements. Intune enables us to manage devices, deploy applications, and enforce policies, ensuring that devices within our environment adhere to our company's standards.

My deployment is primarily cloud-based, but I also have knowledge of hybrid environments. I have limited on-premises experience, having only observed local Active Directory servers. I can configure them theoretically, but I wouldn't consider myself a trained engineer in that area. With hybrid environments, I understand how to implement and integrate the hybrid components with Intune for a seamless and error-free deployment.

We can integrate endpoints directly into Intune, enabling us to access the options on the Intune portal. Intune is a seamless feature that collaborates with various services within the Azure ecosystem, essentially relying on Azure for its functionality. An essential collaboration exists between Azure AD and Intune. Similarly, Defender, another Microsoft service, must be integrated with Intune to remediate threats. In essence, Intune is a unique entity that requires communication with other Azure services. Configuration and connectivity are necessary to achieve this integration. Once integrated, we can access other endpoints directly from the Intune portal.

The user interface is straightforward, and the configuration profiles are easily accessible to the administrator. There are multiple ways to implement a single setting or policy on a device, including the deployment of several policies. A new feature allows for the creation of policy sets that can be deployed to different locations within an organization, streamlining management for administrators across multiple regions. This is a valuable feature that saves time and increases efficiency. Policy sets can be created, and locations can be assigned to them, ensuring that any enrolled device or user within that location receives the predefined policies. Group tags further enhance this process by automatically applying policy sets to devices or users added to specific group tags. Overall, Intune offers numerous features that enhance administrator productivity, including the ability to efficiently manage and track policy deployments.

The enterprise application management feature is excellent. If we've deployed applications using the application management services, we can provide updates directly, eliminating the need to repackage them. With application management, if an application is deployed in a region with multiple devices, those applications automatically update once an update is available. It's one of Intune's best features and was recently integrated. While I need to explore it further, I've previously used it to deploy applications in a region, and any auto-updates from the store were applied seamlessly. This is a significant benefit of Intune.

The PKI process in Intune is excellent, though it can be complex for administrators. Intune's reporting has improved since last year's changes, and removing one PKI component has simplified the troubleshooting log collection. Once correctly configured, this reliable feature allows direct certificate deployment to users and devices, eliminating the need for constant password and user ID entry. Users can seamlessly log in with their certificate across various applications, such as email or VPN profiles, enhancing convenience and security. Overall, Intune's PKI capabilities significantly benefit streamlined authentication and access management.

How we use Copilot depends on the specific needs of the enterprise. For clients with an existing on-premises environment, which typically includes multiple servers and domain controllers, there's often a gradual desire to migrate to the cloud. In these cases, we recommend Copilot, where we can implement an Intune environment and facilitate the gradual transition of devices from SCCM to Intune. These scenarios represent the primary use cases for deploying Copilot for device management, as it offers an optimal solution for managing devices during the on-premises to cloud transition. For remote users unable to access the physical office, device enrollment ensures cloud-based management. In contrast, restricted environments necessitate on-site presence. While VPN offers an interim solution, enabling remote device management through on-premises connectivity, it incurs additional costs. Ultimately, we advocate for cloud adoption as a cost-effective and simplified approach to device management, aligned with the ongoing evolution towards cloud-based solutions.

Intune has significantly improved our organization. Firstly, it allows users to work securely from anywhere, as the device is managed and policies, settings, and restrictions are deployed over the cloud, regardless of the location. Additionally, we can deploy various policies and regulations for security, simplifying device management. From an admin perspective, Intune streamlines device management by allowing us to simultaneously deploy policies to multiple devices. Enrollment is also effortless, as devices can be shipped directly from the vendor to the user and ready for use. This eliminates the previous admin tasks of deploying custom OS images and managing policies via SSCM, ultimately improving productivity.

Intune's ability to secure hybrid work and protect data on company and BYOD devices involves security restriction and conditional access policies. These settings provide significant device security. For instance, we have unconditional access policies and app protection policies. These policies allow us to secure data users might share with other devices or native applications. With conditional access, we can require devices to be managed by Intune before accessing corporate data, ensuring they receive necessary restriction and protection policies to prevent sharing corporate data with unauthorized applications. This significantly enhances corporate data security. While user agents offer data security benefits, Microsoft Defender and Office 365's data loss prevention policies strengthen our overall protection.

Intune has helped save 90 percent of our costs.

The security provided by Intune is excellent. The security policies deployed through Intune significantly enhance device security, encompassing data protection, device restrictions, Wi-Fi settings, and proxy configurations. Additionally, Intune can deploy antivirus software if we have the appropriate licenses, further bolstering security. Overall, I'd estimate that Intune provides roughly 80 percent reliability in terms of security.

Intune's ability to integrate with Microsoft 365 and Microsoft Security for both cloud and co-managed devices is crucial because, in isolation, Intune is limited. To make its features work reliably and meet specific requirements, integration with Office 365, Defender, and local AD is necessary. This integration enhances security on devices and enables advanced features like data loss prevention through Office 365. While Intune offers security policies, integration with Office 365 unlocks their full potential for comprehensive device protection.

What I like most about Intune is its seamless enrollment process, particularly the Autopilot method. Autopilot allows bulk enrollment of devices, making it easy for end users, even those without technical expertise, to use their devices immediately. While there might be occasional error messages during configuration, when done correctly by the administrator, Autopilot is the best feature currently available.

Intune is excellent. It is constantly evolving, from the legacy portal to the current endpoint management; we are seeing a gradual number of changes, and many features have been implemented and added to the Intune portal. The interface is great and user-friendly. Even someone without much MDM experience but needing access to the Intune portal would be able to understand that these are Windows devices and these are the policies they can deploy. The portal's overall UI is user-friendly. Furthermore, the categorization of devices and policies on the portal is excellent. We can categorize devices, look for conditional access, and check for configuration compliance in a specific location. The categorization is the best way currently available.

The worst aspect is the reporting. We are still in the development phase of reporting, and it is not always accurate. Sometimes, we don't receive the correct report, devices aren't listed as they should be in the Intune portal, or deployed applications and user policies aren't reported by Intune even though they are present on a device. There is room for improvement in Intune's reporting capabilities.

If my organization has sensitive data we don't want to leak, deploying the policies can present technical challenges and potential loopholes. While 90 percent of end-users are not technical enough to find these loopholes, a user trained on Intune who understands the background processes and policy weaknesses could pose a security risk to the organization.

App protection policy and compliance state. Recently, I encountered a user scenario similar to one I've experienced as an administrator. If my device is enrolled in Intune but not through a corporate method, some loopholes allow administrative control of the device itself. We can un-enroll the device and remove the management profile, yet the Intune portal will still show the device as compliant because it captured the last compliance state. As long as the device reports to Intune, its compliance status in the portal remains unchanged, regardless of its actual state. Only when the device stops checking in with Intune will the last compliant state be displayed, with no indication of non-compliance. The device's Intune compliance state will show the last check-in time. We can leverage the newly integrated data loss prevention feature in Intune to improve the app protection policy, which is currently inconsistently effective. With the appropriate licensing, deploying data loss prevention policies can enhance our protection strategy.

I need to delve into reporting and analytics. The policies, restriction policies, enrollment limitations, and everything else are great. However, one current limitation is that we can't roll back security baseline policies deployed from the Intune portal to a device. Those changes are permanent if a security policy changes the device's registry. If an administrator mistakenly deploys settings from a baseline policy instead of a restriction policy, the only recourse is to reimage the device. In my opinion, baseline settings shouldn't be permanent. However, as developers of the Intune portal, there must be some significance to these clients.

I have been using Microsoft Intune for four years.

I would rate the stability of Microsoft Intune seven out of ten.

I would rate the scalability of Microsoft Intune eight out of ten.

I was the Microsoft Intune Closure Engineer, working in a global support group. My role involved providing solutions for Microsoft, addressing tickets created by users or administrators worldwide. I would rate the overall Microsoft support an average of eight out of ten. The support process begins with a ticket being assigned to a junior engineer with basic understanding, which I'd rate a six. If the user's issue remains unresolved, it escalates to a level two engineer, improving the rating to an eight. In rare cases, unresolved issues are escalated to a senior engineer which would drive the rating up to nine out of ten.

Positive

Before Intune was introduced, we had to use Office 365 for MDM, which had limited options. Then came the legacy Intune portal, followed by the endpoint management folder, the most recent portal we've used. I've also used Jamf and AirWatch a bit, but I'm not as proficient with them as with Intune.

The initial deployment of Intune was complex, with deployment time dependent on the specific environment. For organizations with multiple sites, Intune deployment is particularly challenging and can take four to five months. The migration itself is not a simple task and can be time-consuming. Based on past experience, assessing existing security policies and applications from the on-premises environment is crucial before identifying what can be achieved with Intune, given its limitations compared to SCCM. While Intune can replicate some functionalities achieved through group policies, the migration process can still take a considerable amount of time, ranging from seven to eight months to even one and a half years, depending on the environment's complexity.

Microsoft licenses are costly. Organizations should determine the best license to get the maximum features based on their requirements. Intune comes with multiple licenses, including E3, E5, standalone Intune, and a few more. Microsoft 365 is also an option. There are almost seven license lists where Microsoft Intune is present, except for the standalone license. It's definitely costly. Microsoft could look further into providing some cost-cutting measures for the licenses.

I would rate Microsoft Intune eight out of ten.

Intune includes various features and categories, allowing management of operating systems like Linux, Windows, iOS, macOS, and Android. Its user interface, departmental organization, and enrollment process are all straightforward. However, based on my six years of experience with Microsoft products, including four years specifically with Intune, its reliability is around 80 percent. Occasionally, it doesn't report correctly, or devices fail to receive deployed configurations. In comparison, AirWatch seems more reliable. Despite this, considering my overall experience with Microsoft, it still offers one of the best management solutions. Intune's predecessor, SCCM, which manages devices on-premises, is more reliable because Intune is still developing.

I'm working on two accounts. Under one account, I have a growing number of devices. So far, there are approximately 300,000 Windows devices, 100,000 Android devices, and 250,000 iOS devices in one environment. The number of users is similar. In another environment, which I've been using, there are a large number of devices. It's taking time to load, but I would say there are approximately 400,000 to 500,000 Windows devices in this environment.

Intune is continually evolving. If a feature is currently unavailable or needs improvement, we typically provide feedback to the Intune development team, and they implement or enhance that feature in a future release. In new releases, developers add features, and if there's a need to further develop or enhance those features, we see those improvements in subsequent releases. Maintenance on the Intune portal is necessary to facilitate these dynamic changes. Additionally, the Intune environment itself requires maintenance. This includes managing user accounts and enrolled devices, as well as adjusting restriction and security policies as needed.

I recommend Intune because it offers multiple features within a single environment. Once deployed, you can manage iOS and other platforms from one location. However, there's a caveat: if you have a highly restricted or complex environment where security is paramount, such as in banking, federal agencies, or similar organizations, you might reconsider using Intune due to potential reliability concerns.

Public Cloud

The primary use case for Intune is to enable user access to authorized data and applications like Outlook and Microsoft Teams, whether they are using corporate devices or their personal ones. By enrolling these devices in Microsoft Intune, users gain access to organization data, effectively turning their device into a mobile office laptop.

In our work, we have experienced the advantages of using Microsoft's services, particularly when it comes to handling certificates and inventories. Microsoft's capabilities in these areas have prompted many people to transition their operations to Microsoft.

One of the standout features of Intune is its seamless accessibility to work data, eliminating the need to be tied to an office or a desktop. Whether on iOS, Android, or other mobile devices like tablets, users can effortlessly access essential tools such as email, Microsoft Teams, and custom business applications, enhancing productivity. This capability became especially crucial during the COVID-19 pandemic, when remote work setups became the norm, making Intune a prominent solution for remote access to corporate resources.

Intune's areas for improvement, especially since its implementation in June, revolve around security and certificate management, primarily related to personal devices known as BYOD. While there are policies in place to prevent data transfer between corporate and personal apps, there is room for further enhancing security measures for devices that aren't corporate-owned but are enrolled to access organization data. Tightening security in this context is a key area in which Intune can continue to evolve.

I have been using Microsoft Intune for six years.

In terms of stability, it largely depends on how well security measures are implemented. Ensuring that devices are properly secured and monitored is crucial for stability, especially in situations like a lost device where sensitive data is at risk. Security awareness and access controls play a significant role in maintaining a stable environment. Multi-factor authentication and additional conditional access measures, such as fingerprint access, are used to verify the user's identity and protect data. I would rate the stability of the solution as a nine out of ten.

The scalability of Intune is highly rated by engineers for its flexibility. It is easy to scale, primarily due to the licensing options. You can start with a smaller scope, say, with 40-50,000 employees, who want to use corporate devices with Intune. As your organization grows, you can easily expand, going up to more than 100,000 users, and incrementally add licenses as needed, be it on a quarterly or monthly basis. This makes Intune a versatile solution for businesses of various sizes. At our company, for mobile devices and laptops, we have 30,000 users. I would rate the scalability of the solution as a ten out of ten.

The experience with Intune support has been generally positive, although there has been a learning curve for support staff. Initially, there were some challenges, with different teams involved, which sometimes resulted in less than optimal solutions. However, the situation has improved over time. On a scale of one to ten, I would give an eight out of ten rating for Intune support. It is a generally positive experience with room for further enhancement.

I would rate the complexity of the initial setup as a seven out of ten. However, if you have prior experience with MDM solutions or other MDM platforms like MobileIron, AirWatch, or IBM's MaaS360, the process may be more straightforward. Intune deployment typically takes a few weeks. The deployment involved a team of over 35 people to cater to a user base of around 30,000 in an automobile company based in Canada. The process began with testing and policy configuration over a month, focusing on aspects like data restrictions and copy limitations. After the pilot phase, Microsoft provided a pricing model, and a migration process took place over two to three months. This involved transitioning users from BlackBerry to iOS and Android and incorporating Windows Autopilot for Windows laptops, both new and existing. The onboarding process also extended to HP and other vendors.

I find the pricing for Microsoft Intune to be quite reasonable. It is available through various licensing options, including E5 Enterprise, E3 Enterprise, and as a standalone product. E5 Enterprise provides Intune as part of a bundled package, while E3 Enterprise offers it separately. Microsoft offers several licensing options, allowing organizations to choose the one that suits their specific needs. Before deploying, there is a free trial period of one month where you can test it with up to 50 devices. Once you have an understanding of your needs and Microsoft's pricing, you can choose the right model and device enrollment numbers. After the trial period, they offer a budget of around $120 for you to allocate according to your requirements. The pricing is then converted into a pro-rated monthly basis, depending on the volume of devices you need to manage, whether it is beyond fifty or a hundred. This flexible approach is advantageous for users. Overall, I would rate it as a seven out of ten in terms of costliness.

In comparison to earlier vendors like IBM, AirWatch, MobileIron, and SOTC, Microsoft Intune stands out as more flexible and user-friendly. These earlier systems were rigid and required IMEI numbers, making them less adaptable. Intune, on the other hand, is simple, similar to Azure, and excels in terms of scalability and versatility. Creating device-switching policies in Intune is straightforward and visually intuitive. It involves selecting the appropriate profile and specifying the device type (iOS, Android, or Windows). The options are readily accessible, making Intune an easy-to-use solution for managing mobile devices and endpoint management tasks.

I highly recommend using Microsoft Intune, especially in today's remote work scenario driven by the COVID-19 pandemic. It is a robust solution for managing corporate and BYOD devices, ensuring that they are properly configured and secure. Intune simplifies end-to-end device management, from pushing policies to implementing multifactor authentication, and it's the best option in the market right now. While VMware Workspace ONE and AirWatch are good, Microsoft Intune stands out, as evidenced by its popularity among clients, with more than 80% opting for it. It is definitely worth considering and conducting a proof of concept to see how it can benefit your organization. Overall, I would rate the solution as a nine out of ten.

Public Cloud

Microsoft Azure