What is our primary use case?
We use it for general safety and security for all our data and applications.
Because we are using Microsoft Office 365 on the cloud, it is very critical for us to protect our user data. We have shared files in OneDrive, Microsoft Excel, PowerPoint, and Word. We also have geographically diverse locations across Asia-Pacific, Europe, and America. Microsoft Endpoint Manager protects us from all kinds of security vulnerabilities and threats to our data.
We have it deployed in specific departments and divisions within our organization, including product engineering and DevOps.
How has it helped my organization?
It protects our devices well against outside threats including phishing attacks, spam, and other third-party attackers. It provides us with a very high level of visibility into security threats so that they can be analyzed properly before they attack our applications and user data.
We have more than 1,000 users who access certain applications. We do not want to give all the users access to specific data. Permission Access gives us flexibility and reduces the human effort and time involved in giving permissions to users and groups. They can share or exchange information accordingly. We do not worry about what they are sharing or about the folders and data they can access because we have already set their permissions.
If you look at the data loss that has happened in the past, obviously Endpoint Manager is saving us money. In addition, it saves human effort on manual work, as well as time, and there has been an overall performance improvement. It's obviously enhancing the user experience.
What is most valuable?
- all the security features it has
- the graphical user interface, which is very smooth.
- the fact that it is very easy to understand
- the integration with other applications.
There is a single pane of glass for user access and a single sign-on facility for the user. If you have already logged in to Microsoft Azure or on-premises, you can redirect directly to Microsoft Endpoint Manager, monitor all your security threats, and analyze the data associated with the application in a single, unified way.
You can adjust your security policies and any other rules with the solution and apply them to specific groups or specific users. Overall, it is a highly customizable and easily manageable solution.
Integration with Microsoft applications like Microsoft Office, Microsoft Dynamics, and 365, is very smooth. As far as MS applications go, it is a very good solution to work with. Microsoft Endpoint Manager is a solution for every organization that is using Microsoft applications or Azure, whether on-premises or in the cloud. It is a well-suited application for those environments.
We are also using Conditional Access along with the rule-based features. We apply them to specific users in a group so that they can't access particular user data, such as column-based or tab-based data. It can be hidden from those specific users in the groups. Conditional Access can be used to allow or block access to on-premises data based on policies. When we use Conditional Access, it is typically a combination of device compliance policies so that only the compliant devices can access or exchange data between the sources and destinations.
Permission Management is a part of Conditional Access. It is very transparent and very easy to use. Within a few clicks, you can easily configure which devices you want to permit and which devices you want to deny, whether it is for Amazon S3 or Google cloud. Because we are using Microsoft Azure, we are typically working with Microsoft SQL Server, Microsoft Office 365, Dynamics, et cetera. But it works well with all applications. That is helpful because we do not want compatibility issues.
For example, if there is a compliance policy in the organization, you can allow specific mobile devices into an application so that only a specific group of users can access it. The rest of the users can't access it as there might be confidential data there. You can implement that with Conditional Access policies.
What needs improvement?
For non-Microsoft applications, integration requires some advanced levels of configuration for IP addresses, among other things. It might be somewhat complex when it comes to third-party applications.
The mobile and tablet-based versions need improvement because they are not completely user-friendly, compared to the web version.
Also, data synchronization with our existing asset manager, the synchronization between multiple assets and multiple devices, takes a lot of time due to the security scanning. It should be reduced.
For how long have I used the solution?
I've been using it for almost two years.
What do I think about the stability of the solution?
Because it is reliable, that is the reason that it can be adopted. If it weren't reliable and secure, itself, how could it secure our applications? It is highly reliable and secure.
What do I think about the scalability of the solution?
Endpoint Manager is highly scalable. It can scale per your requirements.
How are customer service and support?
The customer support services are very good, but not perfect.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We migrated to Azure and our requirements changed. We have found Endpoint Manager to be suitable because of the compatibility and overall performance issues.
We faced so many issues, three to four years back, when we were using VMware and Cisco-based cloud security solutions. There were threats detected and but some valuable financial transaction information was lost. It was very painful. After analyzing our requirements, we are now using multiple security solutions because we have multiple applications. Every application has its requirements in terms of data storage and security. We are using not only Microsoft Endpoint Manager, but a solution for DDoS, as well as Microsoft Sentinel. They are top-level security solutions provided by Microsoft, so that we can secure our email, data, and overall user information.
How was the initial setup?
The implementation of every Microsoft solution is very easy, if you are already using Microsoft solutions. There are no issues with that.
In terms of maintenance, the services are fully managed by Microsoft, including all the upgrades, updates, and security patches, without any customer involvement.
What about the implementation team?
Microsoft helped us with the implementation, through their support and consulting teams. And the solution architect team is very helpful.
What was our ROI?
Every security solution has a return on investment. We adopt security solutions just to protect our user information, which is very valuable for any organization.
We see return on investment in terms of performance meeting our expectations, but given the pricing, some organizations may require some additional budget for it.
What's my experience with pricing, setup cost, and licensing?
The pricing of Endpoint Manager is fine. The licensing is not that complex, but small and midsized organizations might have challenges with the pricing plans. There are a lot of categories—E2, E3, E5—to choose from.
The minimum starts at $2 to $3 per user, per month and it goes up to $14 to $15 per month. It depends on your requirements.
Which other solutions did I evaluate?
We used Okta but Microsoft Authenticator replaced it. Both are good, but Okta is much higher in price compared to Endpoint Manager. Also, Okta is a third-party application for Azure, while Endpoint Manager is core, proprietary software by Microsoft. With Okta, the compatibility issue is always there.
Also, Okta requires a lot of authentication processes, rules, and policies. Microsoft Endpoint Manager doesn't need them because it already includes overall security policies, and the rules apply to them.
What other advice do I have?
There are multiple Microsoft security solutions for securing your applications, data, emails, et cetera. If you have any particular requirements that are compatible with the Microsoft Endpoint Manager, then go ahead with it. If you are already using Microsoft products, then Microsoft Endpoint Manager is a perfect choice. I highly recommend it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Intune is really the best option for SMEs for MDM (Mobile Device Management), particularly for BYOD devices, but also corporate devices - and development in the technology means that it's pretty much now a strong option for enterprise deployment to corporate devices.
Deployment has its challenges - but now with Cloud provisioning - Intune management and deployment are becoming more straightforward.
Intune is essential for enforcing policies such as screen lock and MFA.
If you use Microsoft Authenticator - it's worth doing user awareness training around the design flaw below: