What is our primary use case?
We are using Microsoft Intune for mobile device management (MDM) to provide context-aware access to the users. Mobile device management is what we predominantly use Microsoft Intune for.
How has it helped my organization?
Initially, the scope of Microsoft Intune was not too good because it could only manage certain endpoints such as laptops, desktops, and mobile devices. We initially had a problem with the servers, but they started supporting servers in the last three or four years, so now, it is good. It manages virtual machines and servers, both on-premises and in the cloud. It has improved and is still improving in a lot of areas.
It provides group policies that we had in the early days of Active Directory. That is good when it comes to applying the policies to endpoints and servers from Microsoft Intune. Initially, we did not have all group policy settings inside Microsoft Intune, whereas now, we have patching and the ability to push the policies for antiviruses, etc. We can also handle mobile device management policies. Everything can be done via a single console. It is easily manageable, and we can have a single administrator to manage all the policies. We can have one or two administrators for backup. Traditionally, we had multiple administrators for each and every console. When you are a big Microsoft shop, it is easy to manage everything.
Microsoft Intune is good for a hybrid workplace. The conditional access policy is one thing that we can use for devices. For example, we can allow access to critical data only from corporate devices and not from personal devices even if someone is using the company account. We can go even more granular where someone can access the data but cannot download it to his or her personal device. Microsoft Intune is good for handling BYO devices.
It has had a good effect on our organization's attack surface. I would rate it an eight out of ten for that. We can implement rules for attack surface reduction. That is possible when devices are managed by Microsoft Intune.
The IT productivity in our organization is far better. I would rate it nine out of ten for that.
What is most valuable?
Mobile device management is good. I am easily able to manage devices and assets, especially laptops and desktops.
An important feature in Microsoft Intune is the Conditional Access policy, where I can provide specific access to a specific user based on geolocations, and there are multiple options inside it. Conditional Access is its best feature.
Its user experience is very good. I would rate it a nine out of ten for that.
What needs improvement?
For Windows machines, all the features are available within Microsoft Intune, but when it comes to Mac machines, it is still improving. It is not as good as Jamf. When it comes to customizable policies and other things in Mac machines, it is a little bit difficult. It is not as good as Jamf, but for Windows, Microsoft Intune is good if you have a good budget.
Its integration with Mac and Linux devices can be better. They should provide more features similar to Windows. We should be able to manage policies within Linux and Mac machines. If we can have more granular controls for these two operating systems, it will be really helpful. That is one area where they can improve.
When it comes to automatic updates, none of the vendors are doing it so well. The expectation right now is to have everything automated and automatically upgraded to the latest version of the software. The discovery capability of Intune is good because it is Microsoft. They can do discoveries based on their internal commands and other things and pull all the information into Intune. That is easy, but doing the upgrade of third-party software is a little difficult. It is evolving, but we cannot do the upgrades of all third-party applications. A financial or banking organization allows a limited set of applications to be used. For them, Microsoft Intune is better because when you have only 15 to 20 applications, you can easily upgrade them through an automated platform like this.
It is not similar to any of the PAM solutions. It is still in the starting phase. Other PAM solutions, such as CyberArk, can do remote session management. They can handle vaulting and other things. When it comes to EPM within Microsoft Intune, I do not know whether they are planning to go with the PAM or Privileged Access Management platform, but with the current solution, we can do user account management. We can do password rotations. We can add a new user, remove a user, and provide access to a particular resource for a user. All these steps are manageable and possible, but for Privileged Session Management and Access Management, it still needs improvement.
It is very important that the capabilities of the Intune Suite are integrated with Microsoft 365 and Microsoft Security for both cloud and co-managed devices. The integration with the M365 platform, especially with Microsoft Defender for Cloud, Cloud Apps, and Endpoints, plays a big role. Intune can discover and find out the devices. The integration is still happening. It is not yet over. There is room for improvement.
For how long have I used the solution?
I have been using Microsoft Intune for about seven years. I have been a customer for four years and then became a partner because I joined a new organization. This new organization is a partner of Microsoft. I have been with this organization for three years.
What do I think about the stability of the solution?
If there are any issues with Microsoft Azure Cloud, we may have issues or downtime, but they are rare. It is 99.99% available. Only if Microsoft Azure Cloud goes down, we have a problem. Otherwise, it is okay.
What do I think about the scalability of the solution?
There are no issues with scalability because it is a cloud solution. It is automatically scalable.
How are customer service and support?
If you are paying for support, you get good support. If you are not paying for support, you do not get support.
Technical support can be a bit of a problem when it comes to costs. They have a professional service and a normal service. With the normal service, it is difficult to find out answers from them because they are not experts. We only get experts with the professional service, so if we pay, we get support. This is something difficult for a small organization because they cannot always pay for support for every issue.
When you give a product, you should always provide good support. If you do not have technical people, what is the purpose of having a support team? It is useless. They should have at least one or two people who can technically help an organization.
Which solution did I use previously and why did I switch?
We use different tools. We use Jamf for Mac and Ansible for Linux machines. We have not yet fully switched to Microsoft Intune for Mac and Linux. Very few Mac machines are with Microsoft Intune. Most of our Mac machines are still with Jamf.
Companies that are using Microsoft products go for Microsoft Intune. However, when people have more Linux or Mac machines, they do not choose Microsoft Intune for their organization. We recommend a solution only after knowing the expectations and use cases of a client. Small companies do not prefer Intune because they can have JumpCloud. Small companies with less than 500 users can also go for Google Workspace. For companies that already have a Microsoft license such as E5 or O365, going for Microsoft Intune makes sense.
Microsoft Intune improves the security posture, but because of the budget and other constraints, organizations can start looking at other vendors.
How was the initial setup?
It is not complex when it comes to Windows machines. It is straightforward, but when it comes to the other operating systems, it is complex. It is not easy.
The number of people involved depends on the users. If you have 1,000 devices, for Windows machines, you do not need more than three or four people. However, for 1,000 Linux or Mac machines, you would need a ten-member team.
The maintenance is easy. You do not need extra people to manage Microsoft Intune because it is a cloud service.
What's my experience with pricing, setup cost, and licensing?
I am using E5 security and compliance. It has all the Intune options and security and compliance subscriptions, so I use the full suite of Intune except the EPM module. We have not yet started using the Endpoint Privilege Management module. It is a small add-on that we have to use. Other than that, we are using everything.
There are other tools that give a similar approach but are not as good as Microsoft Intune. In terms of cost, it is more expensive than other tools like JumpCloud, Google Workspace, etc. There are multiple tools like this. Only if you are a Microsoft shop, I would recommend going for Intune. Otherwise, use some other tool and manage the organization.
Its licensing model is not complex, but it is very expensive compared to other solutions. They can bring more models and reduce the pricing. They should allow customers to select the features they want and price it accordingly. That would be a better option because not every organization needs conditional access or an antivirus solution. Some organizations that use Intune might use CrowdStrike, so they do not need Intune policies for antivirus. It would be better if they could bring more plans.
What other advice do I have?
I would advise to not look at the cost first. Instead of the cost, look at the features and then list down the use cases for your organization, and then go for the consolidation of the tools. Microsoft Intune can give you a lot of features, but whether it is suitable for your organization or not is the main question. List down the use cases and then assess Microsoft Intune because it can give a lot of features that you do not want, but you cannot omit them while buying it.
We are not using Advanced Endpoint Analytics because we have Sentinel and Chronicle SIEMs in our organization. We also use SDR platforms, so we are not using Microsoft Intune for any of the analytics. We are also not using Microsoft Intune Suite's Cloud PKI.
We started using Microsoft Copilot for a small organization. It has only been two months. We are building the use cases for that organization. They have purchased the licenses, but we are building the solution design and use cases for that particular organization. They want to automate most of the things, identify the non-compliant devices, and automate whatever they find non-compliant. Our aim is to identify non-compliant devices, do some automation, and block them from accessing any of the critical data inside the organization, but we do not know if Microsoft Copilot can do that.
Overall, I would rate Microsoft Intune a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner