Microsoft Intune Reviews

The solution is deployed on cloud. I'm part of the support team. There's another server team that works closely with Microsoft. They purchased an old 365 license, and Intune was one of the included features. We wanted to take advantage of the feature because it was part of the package. That's why our top management decided to save some costs by making use of Intune and not using AirWatch anymore.

We are enrolling through the Intune company portal, and then we are using the Outlook app to configure the email addresses of the company.

We are using the mobile feature, and we are also using MDM to lock the devices, to push restrictions, et cetera. Compared with AirWatch, I think it's easier to manage the devices and the profiles in AirWatch. Intune has a lot of options, but I've only been playing around with it for a few months.

In the past, I raised some tickets for the enhancement feature, which was missing in Intune. It can take a long time for these features to appear, or maybe they will just never happen.

There are certain things that I'm trying to replicate from AirWatch, and it's not possible.

In AirWatch, we have a launcher, which is like a container. You can choose single-app mode or multi-app mode. But in Intune, for example, you need to factory reset the device and then apply the MDM. If we choose multi-app mode, which is the kiosk multi-app mode in Intune, I cannot lock the application on the screen. For example, in the set mode, you have the option to set the leave Kiosk password. You can exit the kiosk. But if you choose Intune multi-app mode, you don't have this leave kiosk option. For us, it's very useful.

If you have this leave kiosk option in the multi-app, you should also have it in the single-app mode. We need this because we have an application that you run on a tablet in hotel rooms, and we want to lock the application in a single-app mode, but besides the application, we also need to have some background applications running, like we need to do some configurations in Knox from Samsung, and eFolder. 

We have three applications that we need to push, but the guests will only be able to see one. Because I don't have the option to leave the kiosk in the single-app mode, I cannot do any configuration in the background apps. We have one app we cannot migrate to Intune from AirWatch because of this issue. This applies to more than 2,000 devices.

I think we need the leave Kiosk option available for the Kiosk single-app mode, because we are stuck with at least 2,000 devices or more because we want to completely retire AirWatch, but we cannot until this feature is available. The applications that we are using in our hotel rooms are not compatible with Intune. My bosses are not really satisfied because we still have expenses with purchasing a license with AirWatch because Intune cannot really fulfill our requirements.

This option is already available in the multi-app mode. It should not be a new feature. This feature already exists. They just need to apply the single-app mode the same way they're applying the multi-app mode.

Compared with AirWatch, Intune is not very stable because I haven't had to deal with these issues. With AirWatch, I would try to fix something and I would need to fine tune the settings, et cetera. But once I fine-tune and push everything, it will run and be stable. With Intune, we are new with this product, but it took some time for me to create a profile and test the devices. It has been working for a few months, but then suddenly this weird issue happened. It affected all devices at once.

In the Outlook application, the scalability is good so far. But there are some differences between on-premises mailbox users and cloud users. For example, let's say I'm my boss's assistant and I'm able to view my boss's calendar on my Outlook desktop. Let's say I want to view a shared calendar on my Outlook app. For the cloud-use mailbox, I'm able to do this, but if I'm an on-premises mailbox user, this option is not available. Usually the cloud mailbox users have more options than on-premise users.

We have around 2,000 users enrolled in Intune so far, not counting the MDM device. That includes just email, the one that I have enrolled in the Outlook email app.

Our plan is to keep the solution because our primary solution for email mobile is now Intune because we are retiring AirWatch. We have already retired the email for AirWatch, and we are just using AirWatch for MDM devices. Of course, the plan is to keep increasing usage. If more users request email on their mobile, we are going to offer Intune.

Technical support is very responsive and helpful. There's another issue that I raised related to Adobe Acrobat. I'm not sure if it's a region issue, but I'm in Macau, and we also have some users in Manila, Hong Kong, and Cyprus. All of us are using the same profile. I make the Adobe Reader application available on the manage app store, but somehow the users in Macau, when they go to the manage play store, are not able to see Adobe Reader on the list. It's only happening in Macau.

I raised this issue. Support dragged the issue on for two months. Support said, "Because all the applications go through the Play store, maybe you need to reach out to Google." The issue was not really resolved because the issue might not be related to Microsoft but Google, et cetera. I just gave up.

Compared to AirWatch, I can upload APKs or I can just redirect the Play store link to push the apps. But in Intune for example, I'm forced to upload all the applications through the managed app store. To make it available is a different process, basically. There are some things that don't really stretch forward. 

If I upload a custom APK in the manage Play store and then I want to remove it, I cannot remove it myself. I need to send an email to Google and ask them to remove it. Then they will ask me to unpublish the app for 24 hours first. These are very simple things that I should be able to control myself, and it wastes a lot of time.

I think if you have the money and want something more stable, you should go for AirWatch. I don't think Microsoft is offering the same stability as VMware at this point. On other hand, I think the support from Microsoft is better, particularly the support in Asia. In VMware, all the support is from India, and sometimes I have a hard time with them.

Now that I'm starting to be familiar with the profiles, it's starting to get easier. A few weeks ago, there was a very odd issue that happened also related to MDM devices where we were using the manage home screen application to lock down the apps that we wanted to allow only the users to use, like the kiosk application.

We have configured the profile and have deployed to 200 or 300 devices. Some of our users called and said suddenly all the mobile devices were flashing. I don't know what happened, but it happened at the same time. The workaround that I had to do was to remove the manage home screen from the profile. Then all of the devices were kicked out and went back to the home screen of the devices. That was the only way they could resume the mobile devices. I don't know what happened, but something was wrong with the manage home screen app on that day because a few days after, I pushed back and everything resumed.

We have ROI because we are retiring AirWatch, so we're spending less and making the most of the free stuff.

The licensing is on a yearly basis.

I would rate this solution 7 out of 10.

Microsoft Intune is used for Mobile Device Management. We enrolled our mobile devices as well as the mobile device solution for corporate devices. We have a lot of policies such as the compliance policy, and the conditional access-based policies for the corporate mobile user and we use the solution to assign their  Outlook Teams and other configurations for the organization. 

We use Intune to design compliance policies that apply to corporate devices and to wipe data from devices when users are terminated. Intune is also used for mobile-based solutions, but we have recently explored its capabilities by using the Autopilot feature. With Autopilot, Windows 10 devices can be reset and new versions of Windows 10 can be deployed from Intune.

Intune has many benefits from the Microsoft perspective. This solution can manage Windows 10 devices, app management, and provide security solutions. We don't need to worry about our network connection, and we'll be more secure with regular security patches and compliance. Since everything will be deployed through the internet and users will log in using the internet only, the risks have been mitigated. Security updates, security patching, and the application will be targeted from Intune. The location tracker will be available to track where the device is and the user's location. The user will be restricted from accessing certain applications using compliance policies. Conditional access policies will be based on the reason why the user needs access to the application.

Microsoft Intune is one of the best products in the industry for managing Windows devices. The solution has more feature restrictions. The conditional access policies also eliminate the dependency on the on-prem network for the devices. The solution also manages our security settings and a lot of other beneficial features such as Microsoft Purview which gives us the compliance portion. We can manage all aspects of our device from a single console, including M365 services. This allows us to configure data classification types, such as public, private, internal, confidential, and highly confidential.

The best feature is that we don't need to worry about downtime. We don't need to worry about the network connections of our office or the virtual private network. Everything is being done through the internet. Using Intune Autopilot, we can configure and deploy everything to the devices.

We need the capabilities of the Cloud Management Gateway (CMG) to be enhanced through Intune instead of Azure. I suggest that Microsoft consider this. If the user already has a subscription to Intune, they should not need to buy an additional subscription for Azure services.

The support needs improvement. When we need support, we don't get a response within the SLA because the support has been outsourced.

I have been using the solution for five years.

Microsoft Intune is a stable product. For the configuration, we could reach out to technical support, but other than that, we need not worry about anything. If we have configured the product correctly and we are not going to enhance any additional capabilities in Intune, then we need not worry about technical support.

The solution is extremely scalable. I give scalability ten out of ten.

Microsoft has outsourced its technical support so if we raise a ticket with severity, the technical support team may not be able to respond to us within the timeframe or the standard we expect. Sometimes we get the call within four hours. Sometimes we won't get that call for a day or more. The service side is pathetic now. To get support from Microsoft, we need to have our TAMs in place and then we need to submit the ticket. If we have already aligned a TAM for the tickets, we get support from Microsoft.

Neutral

Previously we were using Microsoft Configuration Manager. The Microsoft Configuration Manager is the dedicated server for managing devices on-prem. We need to make sure the device is on the same network through which the policy is getting replicated. The dependencies with that server as well as with the network are important, and the devices need to be online on the network. Using Intune as a backup solution, if the device is not on the network or if the device owner is not in the location but it has an internet connection, then we can deploy all our physical solutions onto the devices. We are using both, the Microsoft Endpoint Configuration Manager as well as Intune, since a couple of policies are still only being managed with the Configuration Manager.

The initial setup is straightforward. Once we have subscribed to the license, we will receive our tenant ID and organization ID. We can then access the portal and configure whatever we want. To save the configuration, we must enable it from the portal itself. The Azure Ready Connect GUI console makes it easy to join devices to Azure and to create and deploy conditional access policies.

We have four or five global administrator access levels in our organization. The most limited level is for the global administrator, who can be limited to one person. We need to involve them to enter the password while configuring the CMG, and then the Microsoft support in case we are missing any configuration during the installation or managing Microsoft Intune.

We deployed across more than 10 to 15 countries. The solution is used in India, the US, and England.

We have seen a return on investment using Microsoft Intune. We can save money by establishing our management point and cloud distribution point in Azure. Cloud support is an additional cost. We have to pay Microsoft for the VM, which doesn't act as a management point and the cloud distribution point for the endpoint. Endpoints are the on-prem devices.

Earlier, Microsoft used to give the license using the MSDN subscription, now the subscription part uses the M365 E3/E5. Existing E5 license holders for M365, Intune, and Azure, receive a free license.

If we're only upgrading to Windows 10 for the monthly security patches, Ivanti has Patch Now. Patch Now is a solution that gives us the same set of capabilities as IBM BigFix, but Intune has enhanced capabilities. Ivanti Patch Now is another product similar to the Microsoft Configuration Manager console and we have to make sure the device is on the on-prem network itself. Intune is a cloud-based solution that does not require the device to be on-prem. Everything is in the cloud, including device tracking, writing, and initiating remote connections.

I give the solution a ten out of ten.

I manage the endpoints for the implementation strategy and use the desktops or Windows for migration. I'm not from the mobile device management team, but I can give presentations on how the devices will work in the Autopilot zone with Intune. I'm also familiar with conditional access policies and what needs to be in place for a successful migration.

We have 35,000 end-users.

Maintenance is minimal. There have been no reports of any outages from the cloud perspective, meaning that any downtime is from Microsoft itself. However, on-prem systems may experience challenges. We don't need to worry about downtime and all the systems will still be operational.

New customers are definitely going to reach out to Microsoft for purchasing all the products. Microsoft will have its own lab. They will give us the live demo from the lab, but that won't be a feasible solution. We should check and bring that solution to our environment. It would be good if we can create our own test environment and then ask Microsoft to perform all those configurations and just train our engineer about the Intune part. We will know all the legacy parts of our environment which could impact when we are moving our devices to Intune, either the legacy app, legacy hardware, whether those devices are supported, the TPM, the Tested Platform Module, the BitLocker configuration, everything we need to understand before we move our device to Intune.

Essentially, we use it to manage devices. We are looking at potentially moving away from VMware and bringing mobile devices and tablets into Intune along with desktops and laptops, which we currently manage, so that it serves as an all-in-one active asset list where we can look at the health of the entire technical estate. We can manage against threats. We can roll out apps, policies, et cetera. We can also manage logins, reset logins, et cetera, and it's an all-in-one, 24/7 solution.

Microsoft Intune has absolutely improved the way our organization functions. We're currently going through the AAD migration, so we are transitioning away from the old on-premise domain to Azure. The ability to take devices that were locally managed via AD but weren't managed via Intune is brilliant. We can see who last logged in, who it's managed by, which OS is there when it was last updated, etc. It gives us a micro overview of what's happening there.

Generally, we find it quite useful. We don't use it to the full extent. We've only got a P1 license, but generally, the application health and the ability to create and manage policies are valuable. We can split them very quickly into groups, multiple policies, etc. So, it's those core basics that we use, but they work very well.

It's very informative when there is an error. It allows us to backtrace where the error is and resolve that ourselves. It's a bit of a Swiss Army penknife. We find that it fixes most issues.

I'd like some more reporting so that I don't have to delve into PowerShell and I can pull more of the local device information such as memory, apps installed, etc. It would be nice to be able to see the apps that are present there but might not be managed. For example, if they installed 7Zip, it could report that back via an installed program or feature to see what was currently installed. Generally, it works, and nobody complains about it.

I've been using this solution for a couple of years.

Sometimes, they can take a little while to come back in showing that they are compliant. Typically, they may show us as not compliant even when we are. Typically, we find that it takes a couple of hours or a couple of days at worst for the machines to show as being compliant for them to settle down, but generally, it does what it says on the tin. We can set the policy, and we can put a machine or put a device into a group. That policy gets defined or pushed out, and it works. We can then move on to the next job. From my perspective, it works well, and that's why I'm just looking forward to using more Azure technologies moving forward.

It's deployed across multiple locations, departments, teams, and endpoints.

I haven't had any experience with them.

At the moment, we're using VMware AirWatch, which isn't my first choice purely because it's a super segmented platform. We are predominantly, about 95%, Microsoft. It feels a bit of an oversight not having a solution on a Microsoft platform where we've got full transparency and can make live changes. Currently, we have to go through our outsourced IT to make the changes and then we have to wait to see those changes rather than me or a colleague being able to make those changes in a live environment, so it would be my personal preference to get that moved over, which we're looking at. 

I wasn't a party to why they used AirWatch. I presume it was bundled in with the Microsoft service partner's offering originally. The IT team here is quite new. I've only been in the post for about a month, and my IT manager has only been in the post for about two months. We're just making sure that everything is easy to use and easy to manage, and it's cost-efficient for the charity moving forward.

Essentially, the way it was set up, it wasn't set up as a hybrid model. At the moment, we have got on-premises, and we have a cloud, but they're not joined. There is no passthrough, which is interesting. A lot of the on-premise has been copied over to the cloud. We are now taking the cloud to default, and the overall plan is to mothball the servers and reuse those as very high-powered desktops wherever possible. I just predominantly use the cloud.

I was not involved in its deployment, but in terms of maintenance, typically, our MSP makes the changes, but I've got GA rights to make anything that is critical. Generally, there are about 20 people at the Microsoft solution partner, and there are four of us on the IT team. There are less than 30 people in total.

I'm not sure. Certainly, it has been at least three years since the software has been rolled out, but it's not particularly well maintained by the solution partner. So, it's hard to measure the ROI. It does have merit, but in our particular sector, it's just overkill. We just need to make small and light changes whilst having effective security. We don't need corporate class, biometric/conditional access level security. Whilst we have multiple offices, they're very small. They're all under 20 users, and there's a lot of work from home. So, as long as we've got encryption, a form of AV, an anti-spam, and good account security, it certainly staves off a lot of the threats.

Personally, I feel that we haven't had the ROI purely because we're paying about £13,000 for under 300 users a year, which is a little bit top-sized. My personal feeling is to make a business case to switch to Microsoft Defender. Obviously, we've got P1 in our business premium licensing, so we've got a very basic protection at the moment that we don't use. We've got a large number of credits, and we could use those credits to switch over for a year to a higher project and see where we go from there.

Generally, it's not too bad. Obviously, a cheaper price would be great. Typically, we are in touch with the partner to provide non-profit discounts wherever possible. Generally, we get favorable discounts, so it's not too bad. Obviously, we're looking at decreasing those wherever we can to bring value back to the public purse because it's all charity based. It's all publicly funded.

Create a test group and create test policies, and then just test, test, and test before anything is rolled. It's the usual IT gambit. Test everything, and then just test it again before you roll it out.

I worked for a couple of MSPs before. I've seen it in very remote areas. I'm very impressed with it. Whilst it seems almost fashionable to criticize Microsoft, Intune is pretty much a well-laid-out product. It does what it says it's going to do. There is a lot of dependence on Microsoft products being pushed to it, and that's probably my only criticism. It would be good if Intune was a bit more open-source, but that would lead to more complications. It's a bit of a complicated beast, but generally, I like it.

I'd rate Microsoft Intune a nine out of ten. I'm happy with it.

We use it for general safety and security for all our data and applications.

Because we are using Microsoft Office 365 on the cloud, it is very critical for us to protect our user data. We have shared files in OneDrive, Microsoft Excel, PowerPoint, and Word. We also have geographically diverse locations across Asia-Pacific, Europe, and America. Microsoft Endpoint Manager protects us from all kinds of security vulnerabilities and threats to our data.

We have it deployed in specific departments and divisions within our organization, including product engineering and DevOps.

It protects our devices well against outside threats including phishing attacks, spam, and other third-party attackers. It provides us with a very high level of visibility into security threats so that they can be analyzed properly before they attack our applications and user data.

We have more than 1,000 users who access certain applications. We do not want to give all the users access to specific data. Permission Access gives us flexibility and reduces the human effort and time involved in giving permissions to users and groups. They can share or exchange information accordingly. We do not worry about what they are sharing or about the folders and data they can access because we have already set their permissions.

If you look at the data loss that has happened in the past, obviously Endpoint Manager is saving us money. In addition, it saves human effort on manual work, as well as time, and there has been an overall performance improvement. It's obviously enhancing the user experience.

I like

• all the security features it has
• the graphical user interface, which is very smooth. 
• the fact that it is very easy to understand
• the integration with other applications.

There is a single pane of glass for user access and a single sign-on facility for the user. If you have already logged in to Microsoft Azure or on-premises, you can redirect directly to Microsoft Endpoint Manager, monitor all your security threats, and analyze the data associated with the application in a single, unified way.

You can adjust your security policies and any other rules with the solution and apply them to specific groups or specific users. Overall, it is a highly customizable and easily manageable solution.

Integration with Microsoft applications like Microsoft Office, Microsoft Dynamics, and 365, is very smooth. As far as MS applications go, it is a very good solution to work with. Microsoft Endpoint Manager is a solution for every organization that is using Microsoft applications or Azure, whether on-premises or in the cloud. It is a well-suited application for those environments.

We are also using Conditional Access along with the rule-based features. We apply them to specific users in a group so that they can't access particular user data, such as column-based or tab-based data. It can be hidden from those specific users in the groups. Conditional Access can be used to allow or block access to on-premises data based on policies. When we use Conditional Access, it is typically a combination of device compliance policies so that only the compliant devices can access or exchange data between the sources and destinations.

Permission Management is a part of Conditional Access. It is very transparent and very easy to use. Within a few clicks, you can easily configure which devices you want to permit and which devices you want to deny, whether it is for Amazon S3 or Google cloud. Because we are using Microsoft Azure, we are typically working with Microsoft SQL Server, Microsoft Office 365, Dynamics, et cetera. But it works well with all applications. That is helpful because we do not want compatibility issues.

For example, if there is a compliance policy in the organization, you can allow specific mobile devices into an application so that only a specific group of users can access it. The rest of the users can't access it as there might be confidential data there. You can implement that with Conditional Access policies.

For non-Microsoft applications, integration requires some advanced levels of configuration for IP addresses, among other things. It might be somewhat complex when it comes to third-party applications.

The mobile and tablet-based versions need improvement because they are not completely user-friendly, compared to the web version.

Also, data synchronization with our existing asset manager, the synchronization between multiple assets and multiple devices, takes a lot of time due to the security scanning. It should be reduced.

I've been using it for almost two years.

Because it is reliable, that is the reason that it can be adopted. If it weren't reliable and secure, itself, how could it secure our applications? It is highly reliable and secure.

Endpoint Manager is highly scalable. It can scale per your requirements.

The customer support services are very good, but not perfect.

Positive

We migrated to Azure and our requirements changed. We have found Endpoint Manager to be suitable because of the compatibility and overall performance issues.

We faced so many issues, three to four years back, when we were using VMware and Cisco-based cloud security solutions. There were threats detected and but some valuable financial transaction information was lost. It was very painful. After analyzing our requirements, we are now using multiple security solutions because we have multiple applications. Every application has its requirements in terms of data storage and security. We are using not only Microsoft Endpoint Manager, but a solution for DDoS, as well as Microsoft Sentinel. They are top-level security solutions provided by Microsoft, so that we can secure our email, data, and overall user information.

The implementation of every Microsoft solution is very easy, if you are already using Microsoft solutions. There are no issues with that.

In terms of maintenance, the services are fully managed by Microsoft, including all the upgrades, updates, and security patches, without any customer involvement.

Microsoft helped us with the implementation, through their support and consulting teams. And the solution architect team is very helpful.

Every security solution has a return on investment. We adopt security solutions just to protect our user information, which is very valuable for any organization.

We see return on investment in terms of performance meeting our expectations, but given the pricing, some organizations may require some additional budget for it.

The pricing of Endpoint Manager is fine. The licensing is not that complex, but small and midsized organizations might have challenges with the pricing plans. There are a lot of categories—E2, E3, E5—to choose from. 

The minimum starts at $2 to $3 per user, per month and it goes up to $14 to $15 per month. It depends on your requirements.

We used Okta but Microsoft Authenticator replaced it. Both are good, but Okta is much higher in price compared to Endpoint Manager. Also, Okta is a third-party application for Azure, while Endpoint Manager is core, proprietary software by Microsoft. With Okta, the compatibility issue is always there. 

Also, Okta requires a lot of authentication processes, rules, and policies. Microsoft Endpoint Manager doesn't need them because it already includes overall security policies, and the rules apply to them.

There are multiple Microsoft security solutions for securing your applications, data, emails, et cetera. If you have any particular requirements that are compatible with the Microsoft Endpoint Manager, then go ahead with it. If you are already using Microsoft products, then Microsoft Endpoint Manager is a perfect choice. I highly recommend it.

I'm an IT manager contracting with a European company. We had to onboard Windows machines to the Azure AD, but they did not have an on-prem AD. I prepped the Azure AD on the cloud, and I started to migrate the laptops to Azure AD. 

Once that is done, we need to apply policies, but group policies will not run from Azure AD because there's no on-prem AD to derive the policy from. Intune comes in handy there. It has multiple capabilities. You can create your configuration profiles in Intune that apply to Windows and Mac. You can create security profiles and configuration profiles, and you can apply browser settings to some extent. It isn't a small tool in terms of size or breadth of capabilities. It's very capable. Anybody who has used SCCM will see a lot of similarities.

Intune has many components that replace third-party products. For example, Intune creates an inventory of each machine. Otherwise, I'd need a third-party asset management tool. Intune can also tell me which users are accessing a given machine because it's integrated with Azure AD.

It's easy to deploy a configuration or policy to a system, especially when you don't have Azure AD. Now we are talking to all these small and medium-sized customers who don't necessarily have an on-premise Windows Active Directory. If they have invested in Office 365 Premium, this functionality becomes available to them.

That's considerable savings because you get Intune with Office, and you're getting slightly more advanced Azure AD capabilities. They also get MS Defender, which is there on the Windows client. This March, Microsoft introduced Defender for Business. They activated the business subscription with the Office 365 Business Premium subscription. If a customer is looking for an antivirus solution with a centralized capability, the product is already there. 

Intune allows you to control the policy if you want to control hard drive encryption. We have third-party tools in the market that we used to invest in. Today, we have Windows-native BitLocker, and I can use Intune to manage that BitLocker encryption.

Intune can set policies on each machine. I can create rules and apply them to individual machines. It's much easier than using the Azure AD system.

Reporting in Microsoft solutions is pathetic. With Intune, I'm getting a free inventory tool, but I don't get a reporting tool. When I go to Intune, I can see one machine's entire data in terms of the hardware and the software running on it, but I cannot generate a report for all the machines in the organization. The reporting is the only feature holding back the functionality that is already there. 

All the other third-party tools are doing the same thing, whether Atlassian, ManageEngine, or Ivanti. They all install an agent on your system. Intune also has an agent on your system collecting inventory details and sending them across the central console, but Microsoft doesn't have the reporting capability there. That is the only drawback I see.

I started using Intune last year.

Intune is perfectly stable. We've had zero downtime.

Intune will scale because it's a cloud system. We are not installing anything. It's a Microsoft service. I have it running on around 200 machines.

I rate Microsoft support nine out of 10. In the past year, I've made 20 or 30 support requests on the Intune platform. Each time, it has been smooth. Usually, they sort the problem out on the first try. Once, the ticket was open for about two weeks because they had to do some backend testing on their side. 

Positive

I have used ManageEngine from a company called Zoho Corporation to do inventories and patching. Microsoft Intune lacks capabilities to patch Windows, Office 365, Acrobat Reader, etc. There is no way for me to apply and manage patches. I can create a patch configuration, but I cannot control when it has to be deployed and on which machines. If Intune adds patching, I don't need to invest in another patching tool.

Setting up Intune is pretty straightforward. There may be a few bumps in the road, but you shouldn't have much trouble if you're a system administrator or a pure IT guy. I did it by myself, and it took about two hours. You have to do the basic configuration. 

For that, you need a bit of reading to understand how your configuration is working within your overall setup. Once you do the necessary tweaking, Intune is up and running. After that, you create policies and do a test run on one or two machines. Once you verify that everything is working fine, you deploy it all. 

If you're not a techie, I could guide you step by step. It's as simple as that. After deployment, Intune doesn't require maintenance because it's a cloud product. 

We've seen a significant return on the investment. Otherwise, I would have to invest in a regular Windows Active Directory. If I were running Office Standard, which lacks this feature, I would have to buy something like Intune and pay for it annually.

Plus, I have to manage another product on the desktop. For example, if you're using a VPN client, the VPN client has to be installed and requires maintenance if something goes wrong. I don't have that maintenance cost because it's part of the Windows operating system.

We don't pay for Intune because it is bundled with the premium subscription to Office 365. It includes Intune and Defender. I don't have to buy two extra products to manage my enterprise.

I rate Microsoft Intune eight out of 10. Some functionality needs to be improved, but I believe Microsoft is working on it. They're developing the tool, and those features will be added, but I will give it an eight today.

If you're thinking about implementing Intune, you should look at what you already have in place. For example, if I wanted to bring my laptops onto Azure AD, Azure AD will do the job for me, so I don't need to invest in a regular Active Directory server.

Either I buy the server and run it on the cloud or I upgrade Office and Business Premium gives me all of the features. Business Premium is the top license. You have Business Basic, Standard, and Premium. The Enterprise equivalent is E3 and E5. 

The Business Premium is equivalent to E3. There is a limit on the number of machines. Per Microsoft's licensing model, you can do up to 300 machines on Business Premium. At 301, you have to switch to an Enterprise agreement.

Intune is a tool for managing configurations and policies for devices. It has additional benefits like monitoring and enforcing security measures. It helps us ensure that the devices we provide to our users are perfectly controlled so that data isn't leaking. For example, I can enable BitLocker to encrypt data on all employee devices. All laptops in the organization require antivirus software. Any laptops without antivirus are non-compliant, so I can block them in Intune. 

I can also use Intune to lock down specific activities on mobile devices. When people access their email, Microsoft Teams, or OneDrive on their mobile devices, I can enforce a policy that prevents them from copy-pasting data from the corporate email address mailbox to their phones. I can also block screenshots. 

We have nearly 100,000 users across multiple locations. That's one benefit of Intune. We can cover devices at several locations with a single cloud-based solution. 

The great part about Microsoft Intune is that we can target for Android/IOS/Windows devices with full control that we can do. We can also enroll MAC and Linux OS and enforce certain configurations and get compliance reporting. This provides us a key criteria for zero trust deployment model.

Intune is a cloud-based solution, so we avoid many of the headaches associated with on-prem maintenance like for example SCCM which was doing this job in the past and we need frequent patching and maintenance as well. Because Intune is a cloud-based solution whereas SCCM depends on on-premises technology to function, Intune has a simpler architecture with more options on MAM, reporting, security & MDM. We always get the latest security features and enhancements from Microsoft with the cloud-based solution Intune.

Intune allows you to create policies for managing mobile devices and mobile applications. Mobile application management targets and protects only the application. It will create a container for your application on the mobile device, securing the container and application. Mobile application management allows you to set limits on what employees do in specific applications that contain corporate data, such as Microsoft Outlook.

Intune device restriction policies enable me to enforce limitations on the device, like blocking the mobile camera or restricting the employees from using and inserting USB devices, including thumb drives and flash drives.

Intune's reporting and logging could be improved. When troubleshooting, it's difficult to collect the logs and determine what's happening. If I want to filter out the compliant devices, I can see it from the logs, but I would like the option to drill down further. 

I select one device, and Intune tells me it's non-compliant. I click on it, and it tells me the antivirus service is not running. It should provide some additional information. When did the service stop? Did the service start in the first place? Intune's internal graph API should also be improved because that is where we can apply commands. 

I've been using Intune for the last six years.

As stated the solution is very stable because there is 24/7 monitoring of the core component by Microsoft Monitoring Team. 

Microsoft Intune can scale easily since it's a cloud-based solution and we need to procure only licenses per user and no need to worry about maintaining the backend core component because it's handled by Microsoft.

I rate Microsoft's support a seven out of ten. Support is one area that requires massive improvement. In most cases, the frontline engineers collect the logs. After they review the logs, they will find the person who can help us fix the issue. 

Neutral

We previously used Microsoft System Center Configuration Manager, Microsoft's on-premise configuration management solution. We switched to Intune because we purchased an EMS E3 license that covers Outlook, Teams, Intune, etc. 

Ultimately, it comes down to costs. We don't need to spend money on SCCM licensing, and we get better cloud-based monitoring and reporting than SCCM. Most people prefer to move to Intune because they get some additional features included for free when they buy the EMS E3 license from Microsoft.

Setting up Intune was initially complex because we need to migrate everything from SCCM to Intune. If you already have your policies and configurations worked out on-prem, it will be the same once you move to Intune, and you'll see a massive improvement in configuration, compliance, reporting, and mobile device management.

The return on investment is that I have a better way to secure my devices and make them compliant. 

Intune's pricing is competitive. For example, the license of Blackberry's Enterprise Mobility Suite was costly, but Intune is affordable. It is included as an additional feature when you buy security enhancements for your organization. For example, let's say I have fifty users in my organization and all of them are using Microsoft cloud services, like Teams, Office 365, and OneDrive. 

In order to protect this, I'm going to buy the EMS E3, which includes security and also the option to utilize Microsoft Intune. I don't need to buy an additional license for software and device management. I can do all of this with the same license I bought for Microsoft security.

I see a significant gap between Microsoft Intune and products by other vendors. We were using SCCM on-premises, but Microsoft Intune added monitoring and security features, so we didn't see any suitable alternatives. 

I rate Microsoft Intune a nine out of ten. Before deploying Intune, you must understand your current setup and security needs. If you're only looking for a security solution, you can deploy Microsoft Defender for Endpoint. However, Intune is ideal if you want a more comprehensive security solution that covers configuration and compliance management. You need to understand the gaps in your current solution and what you want to overcome. 

Generally, the top three uses are operating system deployments, software updates and patching, and software deployments to endpoints.

If you're a small shop, a two-person organization, yet you have many endpoints, five to 10,000, you can easily manage them. You can manage the masses with one person part-time and it's a good automation tool that takes away the need for multiple folks to do a lot of things in the environment like software deployments or patch management. It's very good at automating those functions.

The reporting aspect is very nice. It's got about 450 canned reports in it. They're easily customizable. You can get really good granular reports for inventory, patch management, status, and everything. It's very good at reporting.

It's not hard to set up. It's easy to manage.

Third-party patching and other solutions integrate with Endpoint Manager. From that perspective, there's no deficiency. 

The UI is good. You can filter things out so that you'll only see things that are pertinent to your function. 

It's really matured and improved over the years by assimilating competing products. There are a lot of things that used to be better than Endpoint Manager or not available in Endpoint Manager that were absorbed or purchased and placed into this product. From a deficiency perspective, I can't recall coming across anything substantial. I'm trying to think of a weakness. I compared it to Ivanti. From a new user's perspective, it may be a little overwhelming because there are quite a few things to look at in the console, however, once you are sort of acclimated and are familiar with your core functions, it's fairly simple and straightforward.

You can modernize the UI a little bit, however, change for a sake of change isn't always a good thing.

I've been using the solution for 25 years. It used to be called SCCM.

The solution is very stable.

The scalability is great.

The largest user base I've ever supported, for example, was a headquarters and they had 220,000 endpoints. In contrast, small colleges and educations may only have 500 users, so they can get by with a single server hosting everything. SQL and everything can be one server.

For us, the solution is extensively used.

If you're looking forward to deficiency, I'd say that the Endpoint Manager support at the lower levels is poor. As you go higher and you get like a more engineering level, then you're fine, however, the early stages of support are not the best.

I've worked with Ivanti and LANdesk and other tools.

I've used Endpoint Manager every day. I'm currently using it. I've been using it for 25 years. However, there are other ones like BigFix, which I've rarely used. I've used LANdesk a few times. And people would try to use LANdesk to avoid the expensive Endpoint Manager, however, at the end of the day, it costs them more in time to use the LANdesk solution. Ivanti is a competitor, however, they're cobbled together with Shavlik, for patch management they've got Altiris. They bought Altiris and Altiris has been passed around like a cheap hoe from Symantec to Intel, to everybody.

Altiris was actually developed to support Endpoint Manager and provide asset management. At the time, Endpoint Manager didn't have good asset management, so they actually worked with Altiris, only to find out that Altiris was actively taking Microsoft customers. Microsoft booted them to the curb and they haven't done well since. That was back probably in the late nineties that they did that. Endpoint Manager has been around the longest, it's survived, it's matured and it's the top dog in general.

Complexity-wise, it's not hard to set up. It's just a lot of small steps, such as making sure the firewall ports are open and certain things are in place, and all the perquisites are taken care of, as the wizard, the installation wizard for Endpoint Manager, is pretty straightforward. As long as you have SQL and some other features turned on to support the different functions of Endpoint Manager, you're fine. You'll need WSS or you'll need WSS for patching and you'll need SQL reporting services for the reporting portion of it. All those small things. The more lights you turn on, the more configuration you have to do.

The deployment itself took me four hours end to end, to put all the prerequisites in, however, understanding, of course, may take a while for someone new. I've done this now for over 25 years. For me, it's pretty straightforward and I have, a lot of these things PowerShell scripted so it works very well. You can create a PowerShell script and set the whole thing up from Powershell, which is what I've done.

Maintenance requirements are low. Since it lives on SQL, if you put a SQL maintenance plan in place, it's pretty much, it's very healthy, it's very stable.

We've seen an ROI. It enables you to pair down the resources necessary for configuration management. You don't need a large shop to maintain your environment. If you want to develop it, if you want to create new images all the time and that sort of thing, then you're going to need to staff yourself accordingly, however, not necessarily to support Endpoint Manager, just to develop those and payloads that it delivers.

I'm a partner. I'm using the most up-to-date version of the solution.

While the solution was on-prem initially, now it's converted to more of a hybrid. They have co-management so you can manage on-prem and cloud together.

I'd rate the solution nine out of ten.

This solution is on the cloud. What is required currently by our organization is an internet-facing device. The challenges with on-premise have a lot to do with this pandemic. This is why we've seen Intune with the MDM background grow so fast — because we don't have any on-prem limitations. On the cloud, you can manage everything. You can push policies, maintain patches, and maintain security because everything interacts on the cloud. A VPN is not required. In the legacy method, you need to use a VPN for anything and everything. This increases costs.

For Windows services, there are multiple options within Intune to modernize it to be more internet-facing and dynamic. Intune also provides us with a lot of flexibility to manage Windows-specific devices. 

Mobile-wise, I like the MAM feature. It provides us with more control over the application identity levels. When combined with Azure, it provides us with multiple opportunities to design and construct a solution that meets a BYOD or CYOD model.

Regarding mobile devices, Intune is good, but there are other services that I would say are ahead of Intune from an administration and reporting point of view. These are a few things that could be improved from a mobile infrastructure point of view.

From a reporting point of view, it could use some work. If I need to push a profile, it's a challenge with Intune because first I have to go ahead, remove a user, then add him back; only then does it allow me to push or sync. If it synchronizes, it exits on a cloud-based synchronization time. With AirWatch, there is a function where you can push a profile directly on a device. 

Overall, Intune has improved from MDM. They have become EMM and now they're moving towards Unified Endpoint Manager. They're just beginning to compete in the market from a mobile point of view, but regarding Windows, they're great. 

I have been using Microsoft Intune for more than five years. 

I'd say it's 99% stable. Azure being in the background has impacted it a bit, but overall, it's stable. 

Currently, Intune is on track to exceed SCCM. In the near future, most companies will be using Intune. Currently, roughly 25% to 30% of companies use Intune. The rest of them, 40% to 50%, are still using SCCM and trying to evolve old solutions — this will change. This whole management model will completely change into a hybrid Intune model or a complete Intune model.

The vendor ships the machine directly to you. All you need to do is connect it to the internet. It takes around 30 minutes or 40 minutes depending on the configuration. After that, you're ready to go. Post setup, if you need anything, you can simply go to the built-in Intune company portal and shop from there. This saved us a lot of time.

Still, the initial setup was not straightforward. When we initially started with Windows, there were a lot of open items. There were a lot of things which were not there. Obviously, we couldn't just move a company directly from on-prem to cloud. There is complexity, there are some legacy procedures that we had to follow. At that point in time, Intune was not ready, but currently, there are a lot of options that can fulfill your security requirements, your network requirements, your application requirements, user accessibility requirements, and the user experience. All of these things are pretty much in the place now. To start with, it was not this way. 

When I started using this solution, it took me roughly one year and three months to understand how to build it, to do due diligence, etc. Now, I can migrate an organization within 13 days.

Implementation is a complete team effort. You have to understand a company from a network point of view, a security point of view, a compliance point of view, and a GDPR and HR point of view. These things take time to analyze; it's still maturing but it's a little bit better than what we had before. Now, after I have interacted with an organization, I can get it up and running within 15 or 16 days.

I never got a complete picture regarding how much we've saved thanks to this solution. Still, I think it's very significant. We stopped using a lot of services because we didn't need them anymore. We don't need a lot of resources — we don't need to procure them. We don't need a VPN solution, plus, shipping is all taken care of. 

I started my journey with AirWatch. It was primarily an MDM solution. According to Gartner, AirWatch and Microsoft are currently neck-and-neck. From an organization requirement point of view, regarding MDM, I'd say AirWatch is a step ahead of Intune.

For the last four years, I've only used Intune. I don't know how AirWatch has improved over the last four years. Still, simple things, like pushing a profile are much easier with AirWatch compared to Intune. From a UI point of view, it's really easy for an admin to go ahead and work using AirWatch. From a deployment point of view, there are multiple options for retaining user data. 

As long as it will not primarily be used for banking or security purposes, I would recommend Intune. If you work in a banking environment and are looking for a high-security solution, then I would recommend VMware, AirWatch, or Jamf. As I said, Intune is still developing. Maybe this will change after another year, but currently, regarding banking and security, AirWatch is a step ahead when it comes to mobile infrastructure policy. 

Overall, on a scale from one to ten, I would give Intune a rating of seven.