What is our primary use case?
We were using SCCM to build and manage our machines and to control the AV, and everybody left the offices for the pandemic. We did not have an external management point. Oh. And we realized we lacked a method of control. After hassling Microsoft over a question of semantics, we finally got our answer, and we quickly scrambled over two weeks to push out Defender while everybody was still in the office. The other part was to move toward Intune.
We started testing that and went in both directions. We tried domain and nondomain. We eventually worked backward, redid it again, and took all of our workstations off the domain. Now, none of our workstations are running on the domain. We build everything from Intune. The company gets a list ahead of time from vendors like Dell or HP, so we can have a laptop sent directly to an individual without ever touching it. They sign in, and it simply asks for their password.
How has it helped my organization?
The biggest benefits of Intune are the ability to push changes and the added security. When we moved forward with Defender, we onboarded all those machines automatically. That helps dramatically. For a while, we were left with machines that weren't protected. We could see where people had done things they shouldn't have done, and Defender saved our skins a few times. It didn't happen a lot, but it happened enough that it made us glad we made that decision.
Intune has enabled us to manage our remote workers' devices, which has been especially helpful since the start of the pandemic. My guys spend less time troubleshooting. If they're going to spend more than about an hour on an issue, it's a little easier to just reset the machine and reinstall everything again. It saves a lot of time.
We're a much smaller group, so it worked out better for us. We've been able to push out products that we hadn't planned on. We had to push out certificates because we decided to go with a Cloud RADIUS provider and moved to certificate-based authentication for wireless. We've leveraged that same certificate to turn on 802.1x in all our offices to secure the wired networks. And all of these things have made it possible to roll out DNS filtering. Once again, all through Intune. We could enable all these pieces that we would need to turn on one by one with Intune in place.
The company needed something that could be agnostic, so it didn't matter where it was. Half our workforce doesn't work in the office. We've downsized our primary office, and leased over half of it to other companies with subleasing. We don't need as much space anymore. Our workers are still working, and they're not required to be in the office more than three days away. Intune ensures that everyone can work remotely and securely. You can't log into our Office 365 environment from a non-managed device. Almost everything is in Office 365. We use nearly every piece of it. We use Teams for communications and switched to Azure Virtual Desktop at the end of 2019. We were a Skype customer then, so it wasn't hard to switch.
We continued to shrink our footprint as we adopted more and more SaaS offerings. Unfortunately, finance and some other use cases cannot be in the cloud. You still need on-premise Bloomberg terminals, and other companies require you to have circuits to run them. We have to redirect certain things, which is why we have the VDI in place for a handful of users who require those internal resources when they work remotely. Intune is what made all that easy and possible. I don't think we would ever change that. My guys like it. It has simplified things.
At the end of the day, we do touch the machines, but we don't need to. And we know if we didn't have to. Previously, a machine got left in an office, and we just walked through somebody wiping it, where you assign it to them, and they log back into it. In the worst-case scenario, we can just pull something off a shelf like that.
We had to learn the hard way which machines work in our environment. It's nothing against the company, but we will no longer buy Dell because their business platforms only use Intel chips, and we can no longer afford to use Intel chips. It doesn't work for our needs. I can get AMD chipsets that are generally cheaper and perform better. They aren't throttled for some of our applications the way Intel chips do. People have been happier since we made that migration a little over a year ago.
We replaced many machines and onboarded people after acquiring a couple of other companies, and they were shocked at the difference between the machines we gave them and what they were used to working with. They just had always put up with that, and so had we. With Intune, it didn't matter what we purchased because it already had Windows loaded on. It was simple and easy to move forward.
Intune has reduced our build time from four hours per build to an hour or an hour and a half on a slow day. That's getting the Office 365 stuff to download and install. The other apps are secondary. When somebody logs in to a machine, the apps start downloading. We could give somebody a machine they've never seen before, have them sign in, and they're ready to work in an hour and a half. That's a tremendous amount of time saved, and there's nothing left for us to do. We just make sure everybody who's supposed to be in a group has the assigned apps that the group needs to have. They're installed automatically.
What needs improvement?
The biggest problem we ever have is when something goes out of date after 30 days when nobody has logged into it. We do have a problem trying to get those back online. We've been working with Microsoft to resolve that problem, but that's been the only issue that we've had in the last few years.
Out of the box, Intune works reasonably well. They will continue to think of new ways to improve. Some of the policies could use some work to align more with what people are used to, but it's getting there. It's coming along, and I'd like to see how Security Copilot comes into play. You could have Copilot build things based on what you request. It could help put policies in place and look at your current policies.
Unfortunately, we've had stuff out there for four years, and it's not working properly. A tool like Copilot could assess my policies, find weaknesses, and tell me where to make changes. That would be a great benefit.
I've had a constant battle with the DLP component, and no they're not going to have a choice. If they want to go with Copilot, we will need to start classifying documentation whether we want it or not. There will be a big fight when I get back of it. There's a fight. If you want you want you say you want copilot when it comes out, but if we have a classified stuff, it's not gonna work the way you wanna too. I heard so. Yeah. That's a problem. I heard someone talking about
For how long have I used the solution?
We started testing Intune at the start of the pandemic, and at the time, it didn't seem to be quite as ready as they claimed it was. It was still being pieced together when we adopted it. However, it worked out well. While everybody else was scrambling during the pandemic to get on Teams and Azure Virtual Desktop, we had done that in the previous December, so by pure luck, we were ready to walk out the door.
What do I think about the scalability of the solution?
And I think it's scalable, honestly, but it's it's also about mentality, whether you believe it's you wanna spend the time to make sure that it's scalable. You know, I I I don't think I've been a big fan of getting away from domain services for the longest time. Think I don't see the point anymore. It's we use it very rarely. I so, you know, everything should be cloud based. It's a way to go. I mean, if you can run it that way,
How are customer service and support?
We don't usually deal with Microsoft much. We have a CSP in place. However, sometimes we're dealing with a backend problem, and the CSP will take longer, so we'll go straight to Microsoft. When that occurs, Microsoft typically handles those issues reasonably quickly. When I contact Microsoft, I usually go through several engineers before I get to someone who can help. That's normal, but it doesn't drag out.
Years ago, when we paid for enterprise support, I felt it dragged on forever because I went through the same process. I'd talk to a first-level engineer, and we had to escalate to tier three before we finally got somebody who understood what was going on. They would see the problem but not know how to fix it. They never had a resolution half the time.
How was the initial setup?
The initial setup was easy, but we had lots of time during the pandemic. I had that all set up in my living room that first summer, working on it remotely. There were some pains because it wasn't all there yet. It wasn't until about July 2020 that most of the pieces were in place. It took another year before the rest was solid. However, to be fair, people adopting Intune now will get a mostly finished product.
What's my experience with pricing, setup cost, and licensing?
Intune has a cost advantage if you get it with a bundled Microsoft license. If you have E3 licenses, you already have access to Intune, so you're not paying anything extra. That's a huge savings right there. Back in the day, people always wanted Office, but they didn't wanna pay for it, so you would use Open Office. That was my go-to 10 years ago. Now, I recommend the opposite. You need an Office 365 account. Don't think it is as paying for Office. That's not what you're buying.
For $7 dollars a month, you're getting a terabyte of storage in OneDrive and all the apps. You won't get that from Google. It's about cost, and it's even better if you get those bonuses with it.
What other advice do I have?
I rate Intune eight out of 10. I've never seen anything perfect, but it is an excellent fit for our environment. This is the smallest company I've ever worked for in my professional career, so it works well for us.
Disclosure: I am a real user, and this review is based on my own experience and opinions.