Try our new research platform with insights from 80,000+ expert users
reviewer2520849 - PeerSpot reviewer
Cloud Engineer at a tech services company with 51-200 employees
Real User
It's cost-efficient and has the best capability for managing Windows-based devices and application
Pros and Cons
  • "The best part of Intune is device control. If we need to block a user from opening something in their organization's system, we can do it from Intune. If we want to restrict the movement of an organization's data to prevent users from copying the data into Outlook, WhatsApp, or their personal Gmail, we can limit that via Intune. It secures all corporate data."
  • "We are currently unable to control aspects of group policy from Teams like we can for GPO. They are still not part of Intune. Microsoft is adding this, but it's currently in preview, and few GPO features have been added to the product."

What is our primary use case?

We are a Microsoft vendor, not an Intune user. I have deployed Intune for several customers who use this product for business. Our clients use Intune for device management and data security, which gives them control over end-user devices.

Previously, we used a device manager and had a local Active Directory. However, most of our SME customers do not have a local Active Directory set up in their organization that allows them to control their devices. Intune does not require any local AD. It's a cloud application. We can directly join the user devices to the cloud, and the organization manages them. We have enterprise customers and also SMBs, but most of our clients have less than 100 users. 

How has it helped my organization?

One of my Indian clients previously had all their devices at the workplace. None of the devices were joined to an Active Directory, so they had to install applications on each device individually. With the help of Intune, we could push the applications to all the portal users simultaneously. 

We have to create a group, assign an application to it, and automatically install it on the user's devices. We also apply the company logo and desktop wallpaper via Intune, which a tech user can change. We can also find the exact location of the devices where the user is sitting.

We also have the option to enroll hybrid devices with Intune. We can enroll users'  devices and separate work and personal data. The devices on the local Active Directory can be joined to Intune. 

Privilege identity management helps. Let's say someone is a company administrator for five to ten days. We can create a dual administrator role for that user for seven days. I can create a PIM role and assign it to the user for seven days, after which the role will be deleted automatically. 

Intune provides routine management of user devices. Once the device is not enrolled in any domain or Active Directory, the IT person must delete every user device to change anything. Intune can work on all those things. That device can be updated and marked as non-compliant. If someone is using Windows 7 or a version of Windows that has been deprecated, we can restrict Windows 7's user ability to log in to the work environment. We can control all this over the admin panel.

If we scale 10 to 50 percent, where new customers manage all their devices. After enrolling all the devices, this work can be done with only one or two people, saving the organization money.

What is most valuable?

The best part of Intune is device control. If we need to block a user from opening something in their organization's system, we can do it from Intune. If we want to restrict the movement of an organization's data to prevent users from copying the data into Outlook, WhatsApp, or their personal Gmail, we can limit that via Intune. It secures all corporate data.

If they share the data with someone outside the organization, that external person cannot see it until an analyst provides them with access or creates a policy. 

The user experience is good. Users are happy that Intune is managing their work devices. In addition to Windows devices, we can control iOS and other mobile devices. There are good features for managing mobile devices. Work data is stored in different containers, making it easier for users to find their work data. 

In the case of application deployment, we have more services like application updates and patches that can be implemented from the Intune portal. We do not need to outsource these tasks to the device user.

What needs improvement?

We are currently unable to control aspects of group policy from Teams like we can for GPO. They are still not part of Intune. Microsoft is adding this, but it's currently in preview, and few GPO features have been added to the product. 

Buyer's Guide
Microsoft Intune
March 2025
Learn what your peers think about Microsoft Intune. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,672 professionals have used our research since 2012.

For how long have I used the solution?

I have worked on Intune for the last two years. 

What do I think about the stability of the solution?

Intune is a stable solution with a lot of capabilities. Most customers who are moving to Intune are also exploring the capabilities of the cloud. 

What do I think about the scalability of the solution?

I rate Intune seven out of 10 for scalability.

How are customer service and support?

I rate Microsoft support eight out of 10. Microsoft is good, but Intune support is delayed compared to other products. If I make a support ticket on the Intune portal, I get a reply after one or two days. For Exchange or SharePoint, I get a response after an hour, but Intune takes a minimum of a day. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

One product we can compare Intune with is Jamf Pro. Intune has limitations when managing Mac devices. You can enforce fewer policies because Apple has its own hardware and software. There are lots of limitations of control. Most of my clients use Intune for Windows and Android devices, but Jamf Pro if they have Mac devices.

How was the initial setup?

Deploying Intune is a little complex but not too complicated. At the time of deployment, there is much work to do to join a device to Intune. We have to create a new Windows profile and make users log into the enabled Windows profile. We need to configure all the Office applications and copy users from one to another. It takes 30 to 40 minutes on a single device. 

Intune requires some maintenance, but the customer performs the maintenance once we implement it. We support the customers with issues while they are enrolling the device.

What's my experience with pricing, setup cost, and licensing?

I rate Intune five out of 10 for pricing. It's expensive. 

What other advice do I have?

I rate Intune 10 out of 10. I recommend Intune to every organization that wants to secure user data and control endpoint devices. It can manage other platforms on the market. Google has device management software, but it doesn't have the same scope as Intune. 

It's cost-efficient and cheaper than the other device management and third-party applications available. Intune can control most things, especially Windows devices. Intune has the best compatibility with Microsoft Windows.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: MSP
Flag as inappropriate
PeerSpot user
Nathan Piratheepan - PeerSpot reviewer
Security Executive at a tech services company with 10,001+ employees
Real User
Top 10
Streamlines tasks such as deploying applications and managing mobile devices and makes it easy to create security and compliance policies
Pros and Cons
  • "The most valuable features in Microsoft Intune for me are application deployment, Defender deployment, and asset management."
  • "There is room for improvement in integrating additional features such as Purview and SharePoint activities into Intune."

What is our primary use case?

I use Microsoft Intune to manage mobile devices and enforce security policies.

What is most valuable?

The most valuable features in Microsoft Intune for me are application deployment, Defender deployment, and asset management.

What needs improvement?

There is room for improvement in integrating additional features such as Purview and SharePoint activities into Intune, which would enhance its functionality.

For how long have I used the solution?

I have been working with Microsoft Intune for four years.

What do I think about the stability of the solution?

The stability of Microsoft Intune is quite good.

What do I think about the scalability of the solution?

The solution is very scalable.

How are customer service and support?

I would rate the technical support for Intune as a nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used SCCM. We switched to Intune due to its better usability, cost-effectiveness, and alignment with our Microsoft-centric environment, as we predominantly use Windows across the domain.

How was the initial setup?

The initial deployment of Microsoft Intune was complex as fine-tuning policies took time. We ran a POC for three to six months before deploying to production. Our implementation strategy involved evaluating vendors, cost comparison and prioritizing security features. We opted for Microsoft Intune for its ability to consolidate security telemetry into the Defender portal. Deployment followed a phased approach: POC, small pilot group, then rollout to production. 

The solution requires maintenance from our side. This includes change management and configuration management to prevent unauthorized changes to policies, as well as constant review of threats from mobile devices. A team of four people is involved in maintaining the solution.

What about the implementation team?

We used an integrator for deployment, which was a positive experience.

What other advice do I have?

Having all endpoint and security management tools in one place streamlines IT and security operations. It simplifies processes for help desk support, image deployment, and asset management. Transitioning from SCCM to Intune has made tasks like application deployment easier and more efficient.

Intune provides full endpoint visibility and IT control across devices.

Intune has significantly improved our IT operations by consolidating management tasks into one portal. This streamlined approach has led to greater efficiency and effectiveness in our operations, as we no longer need to navigate multiple portals for various tasks.

Overall, I find the user experience of Intune quite positive. It streamlines tasks such as deploying applications and managing mobile devices, which previously required multiple applications. Transitioning endpoints to Intune, including laptops and servers, has been straightforward. Creating security policies and compliance policies is also easier within Intune.

We use the tunnel feature in Intune for MAM to provide remote access to corporate resources on mobile devices. We integrate Intune with Microsoft E5 Compliance Module for DLP, which helps maintain user privacy while protecting sensitive data.

Intune is highly effective for security in hybrid work environments, especially for protecting data on both company and BYO devices. All policies, including those for MDM and BYOD, are managed through Intune, ensuring consistent enforcement. Additionally, Intune offers features like allowing BYOD devices to access corporate data while restricting downloads or uploads, enhancing security without compromising productivity.

Intune's utilization of Microsoft security signals enhances our organization's security by providing visibility into Defender, MDM, Nathan, DLP, and other aspects. While there is a separate Defender portal, Intune allows access to certain features, offering comprehensive security management within a unified platform.

We use the Endpoint Privilege Management feature in Intune to control user access, especially for system admin accounts. This helps improve security by limiting the visibility of passwords and enforcing password rotations. Additionally, role-based access is managed through Intune, enhancing security without hindering productivity.

Endpoint Privilege Management helps reduce our organization's attack surface by providing greater visibility into account usage and usability. Previously, we lacked this visibility, but now we can grant engineers precise roles and responsibilities through privileged access management. Additionally, just-in-time access limits privileges to a small window of time, minimizing the risk of prolonged access.

Intune has positively affected IT productivity in our organization. It offers easy deployment, a user-friendly portal accessible both on and off the network with the right MFA, and consolidates all features, policies, and tools under one portal. This integration has increased efficiency as we no longer need to navigate multiple portals for different tasks, such as SCCM or image deployment.

Overall, Intune has helped reduce the risk of security breaches in our organization. Reducing privileges on accounts limits the impact of potential breaches. Additionally, with real-time data provided through Intune and Defender, we have better endpoint protection, further enhancing our security posture.

Intune has helped our organization save costs by being cheaper than purchasing SCCM licenses and other licenses. We estimated it to be at least 50% cheaper than our previous budget for similar solutions.

By using Intune, we have consolidated vendors by removing SCCM and Endpoint Protection from our portfolio. Defender now serves as our primary endpoint protection solution, streamlining our vendor management. The consolidation of vendors by using Microsoft Intune has not affected our security posture negatively. It has improved effectiveness, although we removed two security vendors from our portfolio, our footprint with Microsoft increased, balancing the impact. It didn't affect our licensing costs. In fact, we saved money as the cost of Intune was lower than what we were paying for the mobile line and SCCM.

The integration of Intune suite capabilities with Microsoft 365 and Microsoft Security is crucial in our journey to the cloud. Both aspects, cloud management, and security, are equally important in our strategy.

Overall, I would rate Microsoft Intune as a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Microsoft Intune
March 2025
Learn what your peers think about Microsoft Intune. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,672 professionals have used our research since 2012.
Amel Benali - PeerSpot reviewer
Head of Technology at a manufacturing company with 501-1,000 employees
Real User
Top 20
Streamlines device management, enhances security and improves IT productivity through its features
Pros and Cons
    • "It would be beneficial to have a more straightforward understanding of Intune's capabilities, presented in a simplified manner."

    What is our primary use case?

    It serves as our EDM, enabling remote computer management. We install various applications directly for users, granting us administrator-level control over the computers.

    We utilize it exclusively within the IT department to manage all hardware from a single location.

    How has it helped my organization?

    It consolidates all endpoint and security management tools into a single platform. This allows us to efficiently determine the required applications for each employee. Having Azure Active Directory integrated into the complete environment further simplifies the process. Additionally, its compatibility with Android-based devices is a significant advantage, enabling the management of both Windows PCs and Android devices from a unified platform.

    It offers complete visibility and IT control across various device platforms, saving us a significant amount of time. The alternative, handling devices individually each time there's a change in employee or any other scenario, is much more time-consuming.

    When it comes to the user experience of Intune, the initial setup is quite straightforward, but delving deeper into its functionalities demands additional training and familiarity. This complexity can be considered a drawback. The policies that can be configured sometimes lack clarity, and understanding the limitations for users who aren't global admins can be unclear.

    We don't utilize the MAM tunnel feature for remote access to corporate resources. Instead, we rely on TeamViewer for remote support when dealing with any issues.

    It significantly enhanced our organization's efficiency, particularly in terms of time savings. While I don't have the specific numbers at the moment, the impact was substantial. Especially when we operated with a small IT team, the investment in the license cost was undoubtedly worthwhile.

    In terms of securing hybrid work environments and safeguarding data on company and personal devices, there's flexibility to fine-tune policies for preventing certain actions. Currently, our approach restricts employees from installing unauthorized software, acting as a deterrent to Shadow IT. However, we haven't explored the full spectrum of possibilities with policies to uncover additional security measures.

    The impact of Intune on the organization's security is essentially a peace of mind for me. If there's ever a report of a stolen computer, I can swiftly lock it without much concern. The speed at which this can be done is particularly reassuring, especially in the current landscape of hybrid work where such incidents tend to occur more frequently than before.

    It has significantly impacted IT productivity in our organization. Onboarding and offboarding processes have become much faster. Simply Intuning the device and managing it through the internal portal or even within the VPN network streamlines the workflow. This is especially beneficial since our company supports hybrid work, extending flexibility to the IT staff as well. Inventory management has also seen a notable improvement, with less time spent. Now, we not only have a count of devices but also know which accounts they are associated with. Compared to our previous reliance on paper and Excel, this is a whole new level of efficiency. Overall, it has been an extremely positive experience for us.

    While it's challenging to directly quantify cost savings, Microsoft Intune has certainly resulted in significant time savings for our organization. As we didn't have a comparable system before, it wasn't a matter of moving from something else to Intune. However, the investment has proven valuable, especially evident in the offboarding process. Previously taking fifteen to twenty minutes per device, it has now been streamlined to just a few clicks, around five minutes. This efficiency has been particularly impressive and has undoubtedly saved us considerable time.

    What is most valuable?

    Its most valuable aspect is the seamless onboarding and offboarding of new users, whether it's for a computer or a mobile device. This process is remarkably straightforward. Additionally, while not explicitly security features, there are safeguards in place that enhance safety. For instance, if a user reports their computer as stolen, you can promptly lock it and erase all data remotely. This means you can secure the hardware even without physical possession of the device. It goes beyond safeguarding just the Microsoft 365 user account; it extends protection to the hardware itself. It also served as a means to efficiently manage our inventory. Through Intune, I could easily access a comprehensive list of all the computers, tablets, and company-owned devices. This streamlined the process of accounting for new devices in our stock, eliminating the need for separate tracking outside of the Intune platform.

    The capabilities of the Intune suite are seamlessly integrated with Microsoft 365 and Microsoft Security. This integration, especially with Microsoft 365, is crucial for us as it enables clear visibility into the association of devices with specific employees. Additionally, it facilitates tracking the usage of applications by different groups. The integration with Azure Active Directory further enhances the importance of the overall integration for our operations.

    What needs improvement?

    It would be beneficial to have a more straightforward understanding of Intune's capabilities, presented in a simplified manner. This way, one wouldn't need to be an Intune specialist or spend hours trying to grasp the intricacies of policies and functionalities. While I've used Intune extensively and have practical experience, I've found that to explore its full potential, significant time is needed for both understanding capabilities and seeking out relevant training. The current understanding of what actions or functionalities are available for configuration is not as clear as it could be. Enhancing the clarity of these policies, whether in terms of functionality or features, would be beneficial for users managing Intune.

    For how long have I used the solution?

    I have been working with it for three years.

    What do I think about the stability of the solution?

    It provides excellent stability. We didn't face any downtime. I would rate it ten out of ten.

    What do I think about the scalability of the solution?

    Scalability has been excellent. We began with a pilot involving just a few devices and swiftly expanded to over two hundred without experiencing any degradation in performance or functionality. I would rate it ten out of ten.

    How are customer service and support?

    In terms of tech support or customer support, our experience has been somewhat mixed. Since we work with partners rather than directly with Microsoft Intune, and these partners are internal and cross-charged within the same company, there have been instances where support was not entirely satisfactory. This could be attributed to a lack of in-depth understanding on their part. However, it's important to note that they are not directly affiliated with Microsoft, and the level of support might vary accordingly.

    How was the initial setup?

    The initial setup was complex.

    What about the implementation team?

    Our setup is hybrid, specifically with Active Directory. The initial configuration necessitated an on-premises presence. However, once the setup is complete, the entire system operates in the cloud, making it predominantly cloud-based after the initial on-premises setup. I was involved in certain aspects of the deployment process. The complexity arose not necessarily from the intricacies of the tasks themselves but from the coordination required. As we lacked global admin privileges, there was a need for extensive collaboration between our team, global admins, and the Intune team at Microsoft.

    In terms of maintenance, once it's up and running, there's not much ongoing effort required. It's essentially a set-and-forget situation. Occasionally, we might need to handle reports and views, especially when there's a new release. In such cases, there might be minor adjustments, like making something visible or invisible, but overall, the maintenance workload is minimal.

    What's my experience with pricing, setup cost, and licensing?

    Regarding the pricing, my experience was with a nonprofit, where we enjoyed a substantial discount. While I can't provide insights from a business perspective, it's worth noting that the pricing may differ significantly, and the discount we received might not be reflective of standard business rates.

    What other advice do I have?

    It's advisable to start with a straightforward approach, avoiding unnecessary complexity initially. However, it's equally important to have a well-thought-out plan for maximizing the platform's capabilities. Assign someone the responsibility of owning and creating a roadmap for ongoing improvements and enhancements. The idea is not just to go live and consider the implementation complete; rather, to plan for continuous refinement and utilization of additional features over time. Overall, I would rate it eight out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Shrikant Pillay. - PeerSpot reviewer
    Associate Director- Infrastructure Presales at Kyndryl
    Real User
    Top 5
    Streamlines device management, enhances security and improves productivity, making it a robust solution for modern enterprises
    Pros and Cons
    • "There has been a noticeable increase in productivity for both my organization and clients."
    • "An area for improvement is the absence of seamless integration, particularly with external dashboards."

    What is our primary use case?

    One prominent use case for Microsoft Intune revolves around the Active Directory, particularly focusing on user and device management, as well as mobile device enrollment. The primary objective in this scenario is to establish effective governance. This involves tasks such as pushing passwords and implementing policies seamlessly.

    How has it helped my organization?

    The most significant benefit lies in the ability to seamlessly handle personal devices, such as iPads, ensuring automatic compliance with comprehensive policies. The convenience of having robust support makes it easy for staff to manage device configurations independently, eliminating the need for external intervention.

    It consolidates all endpoint and security management tools in a single location, significantly enhancing the employee experience. This is especially beneficial for executives or high-profile individuals who frequently change devices. The process is simplified – whether configuring a new iPad or downloading required applications, it's all streamlined. Executives and end-users can manage device enrollment independently without relying on support staff for tasks like setting up Outlook or other tools. The system allows for immediate enrollment and device tracking.

    It offers comprehensive endpoint visibility and IT control across various device platforms. This proves highly beneficial for IT operation teams, providing details on the number of devices, their compliance status, and overall device status, including network access. The dedicated dashboard is a valuable tool, allowing users to proceed with applications and configure settings. Additionally, it assists in managing devices that may not have updated configurations promptly. For instance, in the case of a new iOS release, users receive reminders to update their devices, ensuring compliance with company policies and continued access to enterprise data.

    Our experience with Intune in terms of user satisfaction is outstanding. If we were to quantify it on a scale from one to ten, I would confidently rate it around nine.

    Intune plays a crucial role in securing hybrid work environments and safeguarding company data on both company-owned and BYOD devices. On a scale from one to ten, I would rate its effectiveness a nine.

    The influence of Intune on our organization's security is substantial. Its impact is significant because I no longer need to be concerned about compliance or the enforcement of policies. With a single dashboard, I can efficiently handle all aspects related to compliance and security.

    It has impacted IT productivity in our organization, and I would rate it around seven on a scale of one to ten. The flexibility of using Intune on multiple devices, including up to three or four, has been particularly beneficial. Whether I'm traveling or working remotely, I don't need to carry my laptop everywhere. I can efficiently manage emails and other tasks on my iPad, and if necessary, respond to emails, take calls, or update documents. Additionally, using my iPad for note-taking with OneNote is seamless – all notes captured on my iPad are automatically synchronized with my laptop. These features prove highly useful and convenient in various scenarios.

    It has assisted our organization in cost savings, approximately ranging from twenty-five to thirty percent.


    What is most valuable?

    The system as a whole is immensely valuable, proving to be highly helpful and practical.

    There has been a noticeable increase in productivity for both my organization and clients. The primary factor contributing to this enhancement is the user-friendly nature of the platform, coupled with effective technical support.

    What needs improvement?

    An area for improvement is the absence of seamless integration, particularly with external dashboards. Currently, to obtain an updated overview of devices not in compliance, we need to download the data, restricting visibility across other platforms like Power BI or third-party dashboards. This presents a challenge as we have to manually pull and manage the data, highlighting the need for enhanced integration with dashboard solutions.

    For how long have I used the solution?

    I have been using it for three years.

    What do I think about the stability of the solution?

    I would rate its stability capabilities nine out of ten.

    What do I think about the scalability of the solution?

    Its scalability is highly commendable, and I would give it a rating of nine out of ten.

    How are customer service and support?

    The technical support is quite effective, and I would rate it at around nine out of ten.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup was quite straightforward.

    What about the implementation team?

    It is deployed across various locations and departments.

    Maintenance primarily involves administrative staff occasionally creating reports or extracting specific data. Apart from these tasks, there doesn't seem to be much ongoing maintenance required.

    What was our ROI?

    We have seen a return on investment by using it.

    What's my experience with pricing, setup cost, and licensing?

    The cost is somewhat on the higher side, particularly when considering certain price points, especially in markets like India. It takes time for people to recognize and appreciate the features offered. Convincing customers to adopt this solution can be challenging initially, but as they explore its capabilities over time, they acknowledge the value of the investment. If the pricing were more competitive, it would be easier for me to recommend it to customers as their preferred choice over other endpoint management solutions.

    What other advice do I have?

    The integration of Intune Suite capabilities with Microsoft 365 and Microsoft Security is of utmost importance to us. This is the primary reason why I encourage both my customers and the IT department to leverage it. The combined benefits of Intune with Microsoft 365 are substantial.

    I encourage my users to embrace new ways of working and explore how tools like Intune can enhance productivity. Instead of relying on traditional methods and seeking IT staff for assistance, it's essential to leverage technology for improved efficiency. Overall, I would rate it eight out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    PeerSpot user
    Anish Sharma - PeerSpot reviewer
    Consultant at a tech vendor with 10,001+ employees
    Consultant
    Top 10
    We can deploy an application to several users with a single click
    Pros and Cons
    • "Intune is flexible. If you want to move a device that was previously on-prem, we can bring it to the cloud and apply all the policies. This is helpful for even those organizations that were on-prem and not on the cloud. They can also come and use these features, which are pretty cool and would be handy to protect the data and manage the devices as well."
    • "The best part of Intune is application deployment. We can deploy an application to several users with a single click. We can use conditional access, granting access to users based on certain conditions, such as location, platform, etc."
    • "The reporting causes problems because we're trying to gather data to present to the management, but we can't get the data they request. If a user has removed an application from his device, but it won't report it at exactly the right time. It takes time to sync from the device to the portal. Let's say we are preparing a list or deck for the number of compliant devices that meet all of the organization's requirements. In a real-time scenario, that device could be compliant, but it is showing as non-compliant on the portal. It sometimes hampers the overall decisions that we make on our end."

    What is our primary use case?

    We use Intune to manage devices and configurations on all platforms, including Windows, iOS, iPad, and Android. It also provides conditional access from the Azure portal. We have also used Intune to bifurcate data and data transfers. We have an Intune entry list that shows the device count and bandwidth of each, so we can manage the data flow from every device based on whether it's corporate or personal. 

    How has it helped my organization?

    Intune is flexible. If you want to move a device that was previously on-prem, we can bring it to the cloud and apply all the policies. This is helpful for even those organizations that were on-prem and not on the cloud. They can also come and use these features, which are pretty cool and would be handy to protect the data and manage the devices as well.

    It's handy to manage all the hybrid devices that are on-prem and in the cloud. If a user accesses company resources on their work profile or their personal devices, they can register the device in Intune and access the company data. Intune is a crucial part of the overall structure because we can use it to analyze risks and threats coming into our organization and predict what will be vulnerable. It's necessary to analyze all those things from a security perspective.

    Intune's advanced endpoint analytics require a separate license. We are keen to use that one because it comes with more features, flexibility, and control for admins over the devices. We haven't used it, but I've tested it on my tenant with a few devices

    It is much easier for admins to use that cloud PKI infrastructure compared to when we had to set up all those things using our Skype profile from Intune. It's quite handy. It takes a little work on the admin side, but the whole structure is the same.

    Intune drastically improved our productivity. Work that was previously completed in four hours could now be finished in one. It saved our IT admins many hours of work. Once we migrated from our on-prem servers to the cloud, the Cloud PKI saved us a lot of money. I don't know the numbers, but we are saving so much money because of this. 

    What is most valuable?

    The best part of Intune is application deployment. We can deploy an application to several users with a single click. We can use conditional access, granting access to users based on certain conditions, such as location, platform, etc. 

    With the help of Microsoft Defender, we can bring each endpoint or node under  Intune's umbrella and manage it through Defender. The most effective feature for managing mobile devices is the compliance policy, which mandates that any user on a particular device should be compliant. It should meet the requirements the company sets and be upgraded. The user should meet all these security criteria we have implemented. 

    Intune's app management can support our business operations. For example, if a user wants an Android app, we can deploy it through the Android store, but if we're talking about any MSI on a public-facing platform, we can convert it into Win32 and deploy it to the whole enrollment. Intune is quite flexible.

    Compared to another Indian MDM tool I use, Intune provides more flexibility for security. The Microsoft name assures us that our data will be protected. Control over data is the main concern on the cloud.

    What needs improvement?

    The reporting causes problems because we're trying to gather data to present to the management, but we can't get the data they request. If a user has removed an application from his device, but it won't report it at exactly the right time. It takes time to sync from the device to the portal. Let's say we are preparing a list or deck for the number of compliant devices that meet all of the organization's requirements. In a real-time scenario, that device could be compliant, but it is showing as non-compliant on the portal. It sometimes hampers the overall decisions that we make on our end.

    For how long have I used the solution?

    I have used Intune for four and a half years.

    How are customer service and support?

    I rate Microsoft premium support nine out of 10. Their premium support is top-notch. They build a bridge to resolve the issues. Standard support varies, depending on the engineer you get. It could range from six to eight out of 10. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Previously we used SCCM. It's a Microsoft solution, but Intune's user experience is much better because it's cloud-based and it's more cost-effective. 

    How was the initial setup?

    Deploying Intune is pretty simple for someone who is experienced with the program. The admin needs to know the basics. Otherwise, it's user-friendly. The time needed to deploy depends on the network, but if everything is perfect, it only takes five to 10 minutes to deploy an application on a Windows device. An Android device is in a similar range. In some weird scenarios, it may take 15 minutes. It doesn't require much maintenance after deployment because it's cloud-based, so we don't need to update anything.

    What was our ROI?

    Intune cuts the amount of time we spend on these tasks in half.

    What's my experience with pricing, setup cost, and licensing?

    Intune is a better value than SCCM or other management tools because we can integrate more with Intune. 

    What other advice do I have?

    I rate Intune eight out of 10. I would recommend Intune to others. Microsoft offers many new handy features, such as the ledger and the ability to locally administer managed devices. It doesn't require much hassle to set up these things. It's worth the price.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Owner at Alopex ONE UG
    Real User
    Top 5
    Streamlines device and application management across diverse platforms, offering centralized control, security compliance, and enhancing organizational efficiency
    Pros and Cons
    • "One of the most valuable aspects of Microsoft Intune is its seamless integration with Azure Active Directory, offering capabilities akin to Group Policy Objects."
    • "Having a dedicated configuration server that assists in modifying the configuration service, and creating personalized structures, interfaces, and web services could enhance usability."

    How has it helped my organization?

    While Microsoft Intune offers centralized management and policy enforcement, it doesn't consolidate all endpoint and security management tools into a single platform. To comprehensively safeguard systems, additional solutions such as Microsoft Defender for Endpoint are necessary.

    Achieving comprehensive endpoint visibility and IT control across various device platforms is a complex task, considering the diversity and freedom inherent in different systems. However, when it comes to deploying and managing devices like tablets, mobile phones, laptops, and specialized devices in Germany, a systematic and organized approach is crucial. Particularly noteworthy is the ability to configure IoT devices, such as numerous thermostats, water control systems, or sprinkler devices. Without a solution like Intune, scaling becomes a challenging issue, especially when dealing with thousands of such devices. Therefore, the use of a system like Intune becomes imperative in addressing these scaling challenges and ensuring effective device management.

    On a scale of one to ten, I would rate my user experience with Intune as a six. The lack of intuitiveness makes it cumbersome to track and understand what needs configuration, especially when dealing with aspects like OneDrive and having to cross-reference settings across different areas of Intune.

    In the context of securing hybrid work with Intune, our experience involved a two-day effort to configure the certificate for the Conditional Access server. However, once this initial setup was completed, we successfully configured VPN access for mobile phones. Despite the initial complexity, especially for a large company, Intune delivered on its advertised promises and proved effective in fulfilling the intended security functions.

    Intune's effectiveness in securing data on company and BYOD devices is based on distributing security configuration data. While valuable, Intune has limitations, and comprehensive protection against cyber threats requires a sophisticated approach, including hybrid artificial intelligence solutions like Microsoft Defender for Endpoint. While Intune aids in system configuration, detecting and preventing attacks demands a more advanced defense strategy, comparable to sophisticated endpoint protection. Hybrid AI, with continuous human input, enhances threat evaluation, recognizing nuanced situations like suspicious timings in actions on developer endpoints.

    It positively impacted IT productivity within the organization by enabling the secure addition of thousands of mobile phones to the VPN. In this regard, it performed effectively.

    It played a crucial role in mitigating the risk of security breaches by securely distributing VPN certificates. While effective in this aspect, it's important to note that this alone is not sufficient. Endpoint security, such as developer endpoints, is analogous to having specialized tools for reading and managing complex systems.

    It significantly contributed to cost savings. Manual configuration for each mobile phone would have taken approximately an hour per device per year, amounting to three or four thousand hours annually. However, with Intune, we accomplished the task in two days for five thousand devices, equivalent to around one hundred sixty hours. This resulted in substantial efficiency, reducing the effort from an ongoing five thousand hours per year to a one-time investment of a hundred sixty hours.

    What is most valuable?

    One of the most valuable aspects of Microsoft Intune is its seamless integration with Azure Active Directory, offering capabilities akin to Group Policy Objects. This integration provides a centralized platform for managing and enforcing policies, ensuring the stability of configuration data across devices, resembling the familiar functionalities of traditional group policies in an on-premises Active Directory environment.

    In utilizing Intune's endpoint privilege management feature, I've primarily focused on configuring VPN access and certificates, although I'm not an Intune specialist. It's versatile enough for both configuring VPN access and managing large-scale IoT servers. For instance, in building management systems, especially in large structures like bank buildings, where numerous actuators are involved, configuring and securing them becomes a complex task. Intune proves valuable in this context. However, it's essential to recognize that while Intune serves as a powerful tool, relying solely on it is insufficient for comprehensive system security.

    The integration of Intune capabilities with Microsoft 365 and Microsoft Security is crucial. As mentioned earlier, securing your machine requires tools like a developer endpoint, and relying solely on Intune may not be sufficient. While Intune allows configuration and deployment of Defender for Endpoints, having a dedicated tool is essential. The unique selling point of Microsoft lies in its seamless integration, especially notable for those working with Linux systems, where Microsoft's comprehensive integration sets it apart.

    What needs improvement?

    In terms of configuration, my experience with Intune is somewhat mixed. The configuration tool appears to be scattered throughout the Intune interface, requiring frequent navigation back and forth. The web interface, while functional, isn't particularly user-friendly, leading me to find PowerShell a preferable option. However, using PowerShell involves investing time in developing scripts. The challenge lies in the complexity of navigating between profiles and MDM configurations. Multiple windows need to be open simultaneously to grasp the overall configuration landscape.

    I wish there was an improvement in the configuration process, as currently, it involves navigating through different locations with multiple windows open. Having a dedicated configuration server that assists in modifying the configuration service, and creating personalized structures, interfaces, and web services could enhance usability.

    For how long have I used the solution?

    I have been working with it for three years. 

    What do I think about the stability of the solution?

    When evaluating stability, it's essential to consider the multitude of adversarial attempts, particularly from military opponents engaging in hacking activities. Microsoft has demonstrated its capability to withstand and defend against such sophisticated attacks, setting a high standard for security.

    How are customer service and support?

    Considering the extensive number of support calls, I believe Microsoft handles them as effectively as possible. I would rate its customer service and support eight out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    In the past, we utilized Windows services.

    What about the implementation team?

    The number of people required for deployment depends on the specific tasks at hand. For instance, implementing the VPN solution involved five individuals, including specialists for firewalls and virtualization for the server endpoint. If the focus is solely on Intune-related tasks, one expert may be sufficient. However, in typical scenarios where Intune is used for onboarding machines or mobile device management, you'll need administrators with access to the relevant machines. It functions as a collaborative administration tool, and the required personnel would depend on the number of departments involved.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is inherently reasonable, as Microsoft leverages market insights to maintain the total cost of ownership at around ninety to ninety-five percent of what would be incurred in an on-premise scenario. Microsoft products inherently benefit from economies of scale and global reach, making them cost-effective.

    What other advice do I have?

    It aids in vendor consolidation; otherwise, we would have had to manually configure around three thousand mobile phones.

    It impacts the security posture positively when you are aware of what you configure and can update configurations promptly. However, as mentioned, the need for artificial intelligence in Endpoint Protection remains crucial.

    I would recommend subscribing to reputable YouTube channels that focus on Intune or related topics. Building a strong foundation and gaining practical experience is crucial to understanding the intricacies of Intune. Overall, I would rate it eight out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    reviewer1597719 - PeerSpot reviewer
    Team Lead, Cybersecurity at a financial services firm with 1,001-5,000 employees
    Real User
    Top 20
    Improves productivity and is free with our license but it isn't very flexible
    Pros and Cons
    • "We work completely in a Microsoft environment. Its interface is similar to other Microsoft solutions that we are using such as Microsoft Defender. So far, for our administrators, it is easy to use."
    • "At the moment, we need more flexibility. We have some offices migrating to Windows 11 remotely. Sometimes, it is difficult to manage image installation because we have to collect some information before starting image deployment. Currently, Intune cannot collect the information needed for deploying new images."

    What is our primary use case?

    We are using Intune for managing endpoint devices with zero-trust principles. The devices are not domain-connected because most people work from home. We do not trust these computers, so we use Intune to deploy and enforce policies related to updates, software installation, and management of admin users.

    When we are using Microsoft products on mobile devices, we are using Intune to enforce policies on them.

    Our usage is very simple. We are using Intune to manage devices that we do not trust. We are using Windows 365, and we install all applications only on these virtual PCs in the cloud. We do not have anything on endpoint devices. Not even a simple document can be downloaded there. We just have an access point to Windows 365 machines in the cloud. We are a financial company. There are not too many enterprise applications that we can use. We prefer to use zero trust. This means no there is no data on company devices at all. It is only on the cloud machines. It is easier to control one perimeter than 10,000 or 20,000 machines. We can reduce the attack surface in this way.

    How has it helped my organization?

    Intune increases the productivity of our IT team. 

    There is a reduced cost of ownership and management. We do not need a lot of additional training. Administrators can share roles because its interface is similar to other Microsoft solutions. With one or two days of training, administrators can start working with it. There are a lot of Windows specialists in the market.

    What is most valuable?

    We work completely in a Microsoft environment. Its interface is similar to other Microsoft solutions that we are using such as Microsoft Defender. So far, for our administrators, it is easy to use. 

    What needs improvement?

    At the moment, we need more flexibility. We have some offices migrating to Windows 11 remotely. Sometimes, it is difficult to manage image installation because we have to collect some information before starting image deployment. Currently, Intune cannot collect the information needed for deploying new images.

    For how long have I used the solution?

    We have been using Microsoft Intune for three years. I also used it for two years in my previous work.

    What do I think about the stability of the solution?

    Intune is a stable product with no significant issues. We have standardized hardware. We do not have a wide variety of endpoints.

    What do I think about the scalability of the solution?

    Intune is quite scalable. We started with 3,000 machines, and we now manage 15,000 machines. Our endpoints will probably grow.

    How are customer service and support?

    I have not interacted with Microsoft technical support personally, but I was satisfied with their support in my previous company.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I have not used any other solution in my current company.

    How was the initial setup?

    We are using the public cloud for access, but everything is closed. There is no public access to infrastructure. Access is only through the cloud. There is no VPN or any other way.

    I was involved in the security assessment in the beginning. The initial setup was quite easy because we did not look for very complicated functions. We did face some issues with the multi-user mode but resolved them. It took us about a month.

    It requires maintenance. You have to review regular policies and adjust policies when something changes in the environment or you deploy new applications. Its maintenance is mostly done in-house. Only in a very complicated situation, we involve a third-party consultant.

    What about the implementation team?

    We performed the deployment with the assistance of a third-party consulting company, not resellers. Three engineers from our team were involved.

    What's my experience with pricing, setup cost, and licensing?

    Cost is not my department, but the product is included in the E5 license that we already pay for every user, so no additional cost is incurred.

    Which other solutions did I evaluate?

    We have not evaluated other options because Microsoft Intune is included in our E5 licensing. I would prefer to use the VMware solution, but that is not possible because Intune is included with our existing license. Buying any other solution will result in additional costs.

    What other advice do I have?

    I recommend doing thorough homework and testing everything in a test environment. After ensuring that everything works fine, proceed with the final deployment.

    It is not the best solution. It requires a bit more effort in management, but it works. It is not so flexible, but considering it is free for us, it is okay.

    We are doing experiments with Copilot to see how we can use it. For some users, it is deployed, and we will be testing it actively. We are mainly using it to make emails, presentations, and documents better for the end users who will read them. We are an international company, and English is not the primary language for 99% of people. Copilot makes the documents more readable. We have not yet tested Copilot in Intune for security functions. We have SIEM and other security tools for insights. At the moment, we do not have a big need to start experimenting with Copilot in Intune. After we finish with the end-user use cases, we can switch focus on daily operations for IT teams.

    Intune has not helped us consolidate vendors because we do the installation on the cloud. On endpoints, we have nothing.

    I would rate Intune a seven out of ten because it is not so flexible.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer:
    Flag as inappropriate
    PeerSpot user
    Sauban Peerzade - PeerSpot reviewer
    System Administrator at Tech Mahindra Limited
    Real User
    Top 20
    I like the solution's ability to install software to a device remotely and push policy through the Azure portal
    Pros and Cons
    • "I like Intune's ability to install software to a device remotely and push policy through the Azure portal."
    • "One issue that Inutune can improve is password integration with the BitLocker key option. Another issue is assigning licenses. We can assign the licenses for some users on the BPM side, and our BPS users work on Outlook 365 but cannot access it there. A BPS person can go to the company portal and download Outlook 2016. They could improve the NDIS part to assign a license directly to the BPS person that allows them to install the Intune device manager directly on our system."

    What is our primary use case?

    We use Intune to manage more than 5,000 endpoints. It has many powerful tools that enable an organization to manage its devices and applications securely. The main capability is mobile device management (MDM), which allows you to manage hardware and mobile applications. I'm also working with application management. That lets you manage deployments, protections, renewals, identities, and device integration.

    How has it helped my organization?

    Before implementing Intune, we had to manage devices, access, admin, and planning directly. Intune improves user productivity while reducing IT support costs. It enables IT to optimize the user experience by streamlining configuration changes. By avoiding password issues, we can secure hybrid work. It creates a profile for each user who is issued an Intune-managed device. The solution increases IT productivity at our organization. Intune has saved us money.

    What is most valuable?

    I like Intune's ability to install software to a device remotely and push policy through the Azure portal. Intune is good for Windows-based devices. It's also integrated with Windows security tools like endpoint protection, DLP, etc. 

    You have the option of automatically updating and syncing an Intune device. You can click the sync button, and then your device is configured for automatic installation in Intune. The analytics feature can enhance the end-user experience by checking your device for things like battery health.

    Advanced features are included in the Microsoft Intune Suite for an additional license cost. One of these is centralized access management. Let's say a project requires a device not to have WiFi access. We can go into that device and disable the WiFi option.  

    What needs improvement?

    One issue that Inutune can improve is password integration with the BitLocker key option. Another issue is assigning licenses. We can assign the licenses for some users on the BPM side, and our BPS users work on Outlook 365 but cannot access it there. A BPS person can go to the company portal and download Outlook 2016. They could improve the NDIS part to assign a license directly to the BPS person that allows them to install the Intune device manager directly on our system. 

    What do I think about the stability of the solution?

    Intune has been stable recently. One issue is that you cannot push the device's front image directly on the back end. If your WiFi is injected, the image isn't visible directly. The script can do through it slowly, but this is a problem. 

    How was the initial setup?

    It's a cloud-based solution, so you can log in to your Intune device.

    What other advice do I have?

    I rate Microsoft Intune 10 out of 10. 

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Microsoft Intune Report and get advice and tips from experienced pros sharing their opinions.
    Updated: March 2025
    Buyer's Guide
    Download our free Microsoft Intune Report and get advice and tips from experienced pros sharing their opinions.