Microsoft Intune Reviews

I have worked in various roles with Intune. In my previous organization, I supported Intune on a job board. Currently, I am in a consulting role, responsible for development, deployment, and other aspects of Intune. This experience has given me a well-rounded understanding of Intune's support and implementation aspects.

We implemented Intune to manage devices across multiple operating systems, including Windows, Mac, iOS, and Android. My expertise lies in device enrollment, compliance enforcement, configuration management, Autopatch, Autopilot for Windows, and application provisioning through Apple Business Manager for Mac devices.

We have clients who have deployed Intune on a hybrid platform and others who are fully cloud-based.

Intune's security management capabilities effectively meet our compliance requirements. While there may be a few unique instances where our needs are particularly complex and don't perfectly align with Intune's design, it's clear that Intune comprehensively addresses the compliance standards and policies necessary for any organization.

Intune serves as a unified platform for managing endpoint and security tools. As a comprehensive management solution, Intune allows for centralized control of various aspects of device and security management. In terms of Microsoft Defender, Intune seamlessly integrates certain features of this advanced security product, providing an additional layer of protection. This integration streamlines incident management by centralizing relevant information and tools within a single platform.

With the advancements in Intune automation, the role of IT administrators has become significantly less complex than in previous years. Tasks that once required extensive manual configuration and monitoring, such as deploying security updates to Windows machines, are now streamlined through features like Windows Autopatch. This service automates the entire process, including policy creation, deployment, and monitoring. Additionally, Autopatch offers flexible deployment options, allowing for gradual rollout to pilot groups, IT staff, and the general workforce. As a result, IT teams can focus on higher-level tasks and reduce the time spent on routine maintenance.

Intune's user experience is generally seamless, with minimal user interaction required. While some applications might occasionally conflict, causing minor disruptions, Intune's compliance and configuration policies are typically applied in the background without significant user input. As a result, the user experience is generally straightforward, with few interruptions from Intune's administrative tasks.

If implemented, Intune can significantly enhance data protection, compliance, and security. By implementing security codes, we can control user-level access to applications and ensure that only authorized individuals can access company data. In case of device loss, we can remotely wipe the device to prevent data compromise. Intune also plays a crucial role in productivity. Deploying and managing applications through Intune is straightforward, and it supports a wide range of applications, including built-in ones. These features make Intune a valuable tool for organizations seeking to improve data protection, security, compliance, and overall productivity.

Intune effectively secures hybrid work and protects data on both company-owned and BYOD devices. For company-provided devices, MDM enrollment ensures robust security. However, BYOD devices rely on MAM, requiring user interaction through the company portal or Authenticator. While most users comply, there are instances of resistance to installing the company portal app, making MAM management challenging. To address this, Microsoft could explore alternative solutions that avoid the necessity of the company portal on personal devices, accommodating user preferences.

Intune enhances IT efficiency by streamlining application deployment. Applications developed for Intune are directly accessible within the application list, eliminating the need for separate provisioning from third-party vendors. Microsoft's extensive collaborations with numerous applications ensure that features and upgrades are managed seamlessly through Intune. Overall, Intune offers a promising solution for current IT productivity needs.

Intune offers comprehensive compliance features, covering even the intricate registry aspects of Windows security. Through the settings catalog, we can configure virtually all desired settings. Existing templates can be customized, and we can delve deeper into the same settings previously configured in our on-premises environment. For those transitioning to hybrid or cloud environments, Intune provides numerous features that can be customized or replicated from on-premises, offering a seamless transition.

As an IT administrator, I appreciate Intune's ability to implement granular device-level policies for our organization's employees. This allows us to enforce company-wide regulations and ensure compliance while minimizing the risk of data breaches. Intune's user-friendly interface and straightforward accessibility make it a valuable tool for IT staff and employees.

The enterprise application management feature in Intune Suite for app discovery, deployment, and automatic updating is well-suited for Windows devices but is premature for Android and iOS. From an administrator's perspective, managing Windows apps with Intune is relatively straightforward. However, for Android and iOS, the feature requires further refinement due to their third-party operating system nature. While Android devices pose fewer challenges, iOS devices often necessitate using Apple Business Manager as an intermediary, complicating the management process. This is particularly evident when considering Apple's role as the primary manager of iOS devices.

Intune could be enhanced by automating application upgrades, similar to how it automates operating system upgrades. This would streamline the process and reduce manual effort, especially for organizations with multiple applications requiring regular updates. Additionally, the tenant dashboard could be more user-friendly by providing more customizable options and charts for monitoring various aspects of the Intune environment. This would allow administrators to easily access and track key metrics without navigating through multiple menus.

I have been using Microsoft Intune for three years.

I would rate the stability of Intune eight out of ten.

I would rate the scalability of Intune eight out of ten.

Regarding the frontline support we contact, they could be more responsive. While the support is essentially the same for all users, Intune customers' response times, reservation times, and overall service are influenced by their license agreement. There is room for improvement in this area. Ultimately, we use the same product and license, but premium customer service comes with an additional cost. For instance, clients with premium licenses and support add-ons typically have issues resolved within three to four days, compared to seven to eight days for those without premium or unlimited customer service.

Neutral

I have experience with Jamf and NBF solutions. While Jamf offers robust capabilities for managing iOS devices online and is user-friendly, it surpasses Microsoft Intune in its features for Mac devices. However, Intune remains a better choice for Windows devices.

The initial deployment of Intune can be improved by automating enrollment processes for Windows Autopilot. This would streamline the process and reduce the number of options IT admins need to manage. Additionally, automating the initial Intune procedures performed by IT would further simplify Windows Autopilot deployment.

The deployment time varies depending on the operating system. For Windows, it can take around ten hours. Android deployment takes 15 to 20 minutes. iOS deployment requires more time due to intermediaries between the device and Apple Business Manager. Setting up a connector between Apple Business Manager and Microsoft Intune, creating profiles on both platforms, and procuring licenses for the device on both ends are necessary steps for Mac deployment. Windows deployment is simpler, and methods like Windows Autopilot are less time-consuming.

The cost of the license and the features are justified for myself as a technical person.

I would rate Microsoft Intune eight out of ten.

The Microsoft Intune Suite is a valuable tool for companies seeking a reliable MDM solution. Given the current structural and developmental trends in businesses, Intune has become essential for ensuring data security, protection, and compliance. It's a user-friendly platform that's relatively easy to learn, even for those with limited IT experience, such as support staff. For individuals aiming to enhance their skills and explore cloud technology, Intune offers a solid starting point before delving into Azure. By beginning with Intune and gradually expanding their capabilities, users can effectively leverage the Microsoft cloud ecosystem.

Our clients are medium size organizations.

Intune necessitates regular maintenance. To ensure optimal performance, we generate quarterly reports that inform our planning for the following quarter. These reports enable us to identify areas for improvement in compliance, non-compliant devices, configuration issues, and security and application upgrades. By addressing these concerns proactively, we can enhance Intune's overall effectiveness.

With co-managed devices, integrating the Intune Suite can be challenging due to the interplay of on-premises and cloud environments. Determining which controls have precedence—cloud-based or on-premises Active Directory features like organizational units or first levels—is crucial. Cloud-based management simplifies this process as Microsoft handles many aspects automatically, reducing the need for extensive customization. Creating user-level profiles in Azure Active Directory is essential for backend operations. On-premises management often requires more manual tasks compared to cloud-based solutions.

Intune is a viable solution for those seeking a mobile device management tool, especially if they primarily use Windows devices. However, if a Mac environment is the primary focus, Jamf offers more comprehensive capabilities and features. For organizations with a mixed device environment, including Windows, Mac, Android, and iOS, Intune is a strong recommendation. Additionally, individuals aiming to enhance their skills in cloud technology can consider Intune as a valuable starting point.

We use Intune to manage more than 5,000 endpoints. It has many powerful tools that enable an organization to manage its devices and applications securely. The main capability is mobile device management (MDM), which allows you to manage hardware and mobile applications. I'm also working with application management. That lets you manage deployments, protections, renewals, identities, and device integration.

Before implementing Intune, we had to manage devices, access, admin, and planning directly. Intune improves user productivity while reducing IT support costs. It enables IT to optimize the user experience by streamlining configuration changes. By avoiding password issues, we can secure hybrid work. It creates a profile for each user who is issued an Intune-managed device. The solution increases IT productivity at our organization. Intune has saved us money.

I like Intune's ability to install software to a device remotely and push policy through the Azure portal. Intune is good for Windows-based devices. It's also integrated with Windows security tools like endpoint protection, DLP, etc. 

You have the option of automatically updating and syncing an Intune device. You can click the sync button, and then your device is configured for automatic installation in Intune. The analytics feature can enhance the end-user experience by checking your device for things like battery health.

Advanced features are included in the Microsoft Intune Suite for an additional license cost. One of these is centralized access management. Let's say a project requires a device not to have WiFi access. We can go into that device and disable the WiFi option.  

One issue that Inutune can improve is password integration with the BitLocker key option. Another issue is assigning licenses. We can assign the licenses for some users on the BPM side, and our BPS users work on Outlook 365 but cannot access it there. A BPS person can go to the company portal and download Outlook 2016. They could improve the NDIS part to assign a license directly to the BPS person that allows them to install the Intune device manager directly on our system. 

Intune has been stable recently. One issue is that you cannot push the device's front image directly on the back end. If your WiFi is injected, the image isn't visible directly. The script can do through it slowly, but this is a problem. 

It's a cloud-based solution, so you can log in to your Intune device.

I rate Microsoft Intune 10 out of 10. 

We use Microsoft Intune to manage our endpoint.

Microsoft Intune simplifies endpoint and security management by unifying app deployment, device administration, and security features under one cloud-based platform. This lets us easily generate reports, and even remotely wipe missing devices through the Azure portal, enhancing overall endpoint protection.

Intune's user experience has been fantastic! The flexibility, especially with the company portal, allows users to independently install applications. This eliminates the need to constantly request installations from IT, saving everyone time.

Initially, some resistance and a learning curve slowed our adoption of Intune, but its benefits became clear during the shift to a remote workforce because of COVID-19. After initial deployment in 2020-2021, Intune simplified onboarding for new hires with remote access, allowing them to sign in to their laptops and gain immediate access to company resources.

Microsoft Intune helps with hybrid work models to secure company data by allowing employees to access work resources with BYOD while enforcing security measures on those devices.

Intune has positively affected our IT team's productivity. Everything is automated so their workloads have been reduced by 50 percent.

Intune has allowed us to consolidate other vendors. 

Microsoft Intune simplifies device management by replacing the traditional method of installing OS, joining a domain, and configuring everything manually. With a central management portal, we can easily group and manage all devices, eliminating the need to physically join them to a domain. This allows for seamless enrollment from anywhere, making Intune a user-friendly and flexible solution.

Manually syncing devices to enforce policies is cumbersome. Automating this process in Intune would significantly improve efficiency.

The licensing cost has room for improvement.

I have been using Microsoft Intune for three years.

We experience occasional delays with Intune, especially during updates, software deployments, and device syncs. While changes on the Intune portal should ideally reflect immediately on all devices, restarts or repeated syncing might sometimes be necessary for policy updates to reach endpoints. However, Intune functions well once everything is up-to-date.

Microsoft Intune is scalable as long as we have the licenses.

While SCCM offers a lower upfront cost with a single license, Intune's cloud-based subscription model provides greater flexibility and more features. Although continuous subscription fees make Intune more expensive over time, its functionality outweighs the cost factor for many users, especially those who don't require constant network connectivity for updates.

The initial deployment process was straightforward. We followed the on-screen instructions, downloaded the necessary software from the cloud, and our device was ready to use.

The time it takes to deploy Intune depends on our internet speed and location. On a fast network, deployment can be completed in ten to 20 minutes. Slower connections with high latency can take 30 to 45 minutes, and remote offices with limited bandwidth may require up to an hour or two.

Two people were required for the deployment.

The implementation was completed in-house.

Using the Cloud is expensive. Perhaps in five to ten years, we will see some cost savings.

The Intune license model is costly. We need to have an enterprise mobility license to use Intune. 

I would rate Microsoft Intune eight out of ten.

Our organization is currently piloting Microsoft Intune Copilot, which includes its AI functionalities. We're evaluating its features and functionality to determine its suitability for broader deployment across the entire organization.

Microsoft Intune simplifies mobile device management with BYOD for businesses, reducing the total cost of ownership. Intune's user-friendly interface eliminates the need for extensive IT expertise, making it a strong recommendation for most organizations.

Our primary use of Microsoft Intune is for device management and improve security. Initially, it focused on management for Windows devices. However, over time, its capabilities have expanded to encompass mobile device management in general, as well as management for other platforms like iPO, Android and Mac OS devices.

To ensure our devices are manageable regardless of location, we transitioned from an on-premises device management solution to Microsoft Intune. This cloud-based approach allows us to manage devices from anywhere, eliminating the need for them to be on our company network or VPN. Intune empowers us to remotely take actions on devices, including software installation, user identification, performance checks, and even triggering a remote lock if a device is compromised.

While most of our devices are company-owned, we also manage a small number of personal devices. Regardless of location, Intune allows us to manage them all.

Intune streamlines mobile application management by offering a single pane of glass for all devices across platforms, including iOS, Android, MacOS and Windows. It integrates seamlessly with the respective app stores for each platform.

Intune is a key component of a zero-trust security architecture. With Intune, we can manage our entire device fleet from a single platform. This enables us to enforce compliance policies. Intune verifies if devices meet our organization's security standards. We can implement zero-trust access control. Non-compliant devices are blocked from accessing company resources. Secure devices are granted access. Intune helps consolidate security management. It simplifies device security by offering features like compliance checks, security posture assessments, and configuration management - all in one place. Finally, Intune reduces management overhead: Intune streamlines device management by eliminating the need for multiple tools for tasks like patching and application deployment. While it may not offer the full functionality of specialized tools, it provides a comprehensive solution for core device security and configuration needs.

Intune offers comprehensive visibility and IT control over devices across various platforms. This allows for remote management, although integration with additional solutions or configuration might be necessary in some cases. However, Intune provides a single point of control for all our devices. Key functionalities include remote device control. We can manage devices remotely and trigger various actions. As well as advanced features to locate devices, enforce data synchronization, and more. It's important to note that certain advanced functionalities, like admin-level remote control, require device approval and may not be as robust as solutions offered by competitors, such as TeamViewer. Additionally, to access features like privileged email access, privileged device management, and advanced remote assistance, additional licensing is required, resulting in increased costs.

For users, Intune offers a seamless experience. Once their devices are enrolled, they typically don't need to do anything further. This is especially true for end users. For administrators, Intune is also an easy-to-use solution. Being cloud-based, it's accessible from a web portal just like any other SaaS application. The company portal experience is straightforward. Once users understand the basics, they can easily check device compliance and install applications. Overall, the user experience is very positive. However, device enrollment might require some training. Not everyone is comfortable managing their devices themselves. Even though the enrollment process is fairly simple and intuitive, some user training and change management might be necessary, especially for mobile device management in Intune. This is because multi-factor authentication is sometimes required to enroll devices, and some users may need help understanding and completing this step.

It provides a centralized solution for viewing all our devices. It also simplifies enrollment for Windows devices. Once we enable automatic enrollment for on-premises devices or upon user sign-in to company applications, enrollment can be seamlessly done through mobile devices. The most significant benefit is undoubtedly patching. Intune automates the process of keeping devices updated with the latest Windows updates and feature updates. This significantly reduces administrative overhead. After setting up the policies, we can be confident that updates are being applied without needing to constantly monitor them. Intune also offers improved visibility into device compliance. Unlike traditional Group Policies, which may only show successful application but not actual implementation, Intune displays the real-time status of enforced policies on each device. This allows us to see if features like BitLocker encryption or security restrictions are truly active, providing greater confidence in our device security posture. In essence, Intune offers a significant improvement in terms of device visibility and configuration management.

Intune's device compliance policies offer organizations valuable visibility into device settings. This includes essential requirements like BitLocker password complexity and minimum Windows or OS versions. Additionally, these policies allow for the deployment of custom compliance settings. This lets us measure compliance against any specific criteria. For example, one of my clients uses Intune to verify if CrowdStrike is running on the required version and if devices have downloaded the latest updates. By ensuring compliance, we can be confident that devices are secure against the latest vulnerabilities and security risks. This provides an extra layer of assurance. When used in conjunction with conditional access, Intune can block non-compliant devices. This guarantees that only compliant devices can access our organization's resources and applications. From a security standpoint, this offers significant peace of mind.

Application deployment in Intune offers several features that streamline the process. These features include applicability rules. We can deploy applications only to devices that meet specific criteria, such as operating system version or name. This ensures users receive the applications they need and avoids unnecessary installations. Device filtering allows us to exclude devices that don't require the application, further optimizing deployment efficiency. While Windows Win32 applications require packaging, the process is straightforward. Although automation would be ideal, packaging becomes easier with practice. Microsoft could potentially improve Intune by allowing seamless import of SCCM application packages. This would eliminate the need for repackaging and streamline migration. Overall, Intune simplifies application deployment for administrators. Features like self-service installation through the company portal empower users and reduce administrative burden. Packaging requirements vary depending on the application type. Standard applications like Office 365 are straightforward to deploy. Additionally, Intune integrates directly with app stores for iOS and Android apps, eliminating the need for manual packaging for these platforms.

Intune excels at securing hybrid work environments and protecting data on both company-owned and BYODs. It allows for selective wiping of company data from these devices without affecting personal information. However, for data downloaded from company applications like OneDrive, additional security policies might be necessary to ensure its security on downloaded devices, especially BYODs. The good news is that Intune allows the management of BYODs, enabling the deployment of settings, configurations, and security measures to assess the device's security posture. Notably, it's very easy to deploy for BYODs with its mobile application management for iOS and Android. For securing data within applications on Windows devices, Microsoft's Windows Information Protection capabilities seem to have been replaced. There's now a category requirement, likely used to secure data accessed through the Edge browser on privileged devices. This ensures data remains secure when users access it through Edge. It's important to note that some aspects of data security on BYODs might require additional configuration to guarantee complete protection.

Microsoft security signals identify the settings configurations we need to enforce on the devices. Then, it's up to organizations to deploy those settings or configurations. So, it's a good thing. It helps us understand what additional security we need to enable on the devices. Microsoft signals do help us do that, but it may not be enough. We might have various other compliance requirements that not everything would be covered under Microsoft signals, I believe.

Intune's endpoint privilege management is a valuable feature. It allows granting privileges to specific applications instead of giving local admin rights to users or entire devices. This can improve security by minimizing the attack surface. While EPM requires an additional license, it's a worthwhile consideration for many organizations. I've experimented with it in a lab setting, but we haven't deployed it for production use yet.

It has significantly boosted our IT department's productivity by automating many tasks. For instance, we no longer need to create custom images with Autopilot; we can simply deploy application settings configurations. Additionally, Intune seamlessly handles Windows updates and feature updates once they're configured. It's a set-and-forget system. Application deployment is also significantly simplified, saving admins valuable time. Overall, Intune improves IT productivity and empowers users with self-service features. Once trained, users can handle tasks like application installation, device compliance checks, and remediation actions for non-compliant devices.

While Intune isn't designed to identify security breaches directly like Defender does, it plays a crucial role in minimizing our attack surface. This is achieved by deploying the latest updates, configurations, and endpoint security policies. In my experience, Intune has significantly improved our overall security posture by reducing vulnerabilities, but it's not a replacement for breach detection tools.

Intune helps save costs by consolidating multiple endpoint management solutions. For instance, we might have separate solutions for iOS devices, Android devices, and Mac devices. By bringing everything together into a single solution with Intune, we can save on both platform licensing costs and administrative costs. Additionally, Intune reduces the need for additional per-device licensing fees that may have been incurred with separate solutions.

The user interface is well-designed and easy to navigate. It has a simple and well-structured layout, which makes it a pleasure to use. I'm very happy with the overall experience of the Intune portal. They also seem to be continuously improving it, with updates made on a monthly basis.

It streamlined our mobile device management by allowing us to manage both iOS and Windows devices under a single solution. This consolidation reduced the number of consoles and overall management tools required.

The integration of Microsoft Intune with Microsoft 365 and Microsoft Defender for Cloud strengthens cloud management and support for hybrid environments. This unified approach bridges the gap between cloud-based and on-premises device management, allowing organizations to leverage existing infrastructure while transitioning to cloud solutions.

One of the biggest advantages is that it brings the management of Windows, macOS, iOS, Android, and even Linux under a single pane of glass. This means we can manage all our devices from one central location.

A particular advantage is its tight integration for managing Windows devices. Since Intune is a native Microsoft product, it offers a more comprehensive and streamlined experience compared to many third-party solutions.

For mobile device management, Intune includes all the capabilities and features we'd expect from other vendors. However, it goes a step further by allowing us to secure Office 365 apps without needing full device management. This is a significant advantage when compared to other MDM solutions.

We package Win32 applications and import existing packages using solutions like SCCM or third-party tools. While Intune doesn't currently offer third-party application patching, we rely on third-party solutions for that functionality.

A new Intune feature - Enterprise App management allows to deploy Microsoft and Third party apps and keep them up to date but it incurs additional licensing costs. Ideally, this feature should be included in the base license. Similarly, the privilege endpoint management feature also requires additional licensing.

Intune would benefit from offering some core features at no extra cost. The most valuable improvement, in my experience, would be the ability to identify inactive devices through reports. Customizable reporting capabilities within Intune would simplify overall management and allow us to track device activity and inactivity more effectively.

I have been using Microsoft Intune for over 10 years.

Microsoft Intune is an extremely stable product with a small amount of glitches over the years.

I would rate the stability 10 out of 10. 

Intune is cloud-based and therefore highly scalable. I have clients with over 40,000 devices.

The quality of Microsoft's technical support varies based on the level we have. Premium support offers faster escalation for complex issues, while basic support may have longer wait times for a response. However, there's a strong online community around Microsoft Intune. Searching questions online through Google can often lead us to solutions from this community.

Neutral

I have used Jamf, Microsoft Configuration Manager, Altiris Symantec Endpoint Management Suite, and Cisco Meraki Systems Manager. Microsoft is considered a leader in endpoint management solutions. While Jamf excels in specific areas, Microsoft Intune is generally recognized as the market leader due to its comprehensive capabilities. Intune also integrates seamlessly with other solutions such as compliance checks, conditional access policies, and mobile application management. Microsoft Intune offers several advantages over competitors, providing a comprehensive suite of mobile device management capabilities.

The time it takes to implement Intune depends on two factors: the features we want to enable and the size of our organization. Enabling basic management features for common devices like iOS, Android, Mac, and Windows typically takes one to two weeks. This includes enrolling devices and setting up core functionalities. For a full Intune implementation with all its capabilities, the timeline can vary depending on the organization's size. However, simply enrolling devices and exploring basic features can be done in a couple of days.

While the step-by-step guided scenarios make the initial deployment process easier, it still requires familiarity with Intune and some experience using it.

It is available for individual purchase at a low per-device cost. However, it's also included as part of the Microsoft 365 suite license. Additionally, Intune offers various tiers with advanced features at an extra cost.

I would rate Microsoft Intune 9 out of 10.

We have around 20,000 users on Intune and 4 people who work directly with it.

Intune requires annual maintenance to renew push certificates and tokens for business managers. For Windows devices, we might also need to deploy the latest application. Additionally, it's recommended to periodically review devices that are inactive, outdated, or haven't reported to Intune for a set amount of time. While Intune offers a "set and forget" approach for initial configuration, some ongoing maintenance is necessary to ensure its smooth operation.

I recommend Microsoft Intune to others.

Microsoft Intune serves as our central platform for device management, ensuring timely patching and secure access through conditional controls.

We leverage Intune to automate device onboarding, ensure patch deployment and device compliance, and generate compliance reports. We prioritize patching devices identified as non-compliant through these reports.

Microsoft Intune has played a crucial role in enabling remote work for our facilities under our BYOD policy. It has been essential for our success.

Consolidating all our endpoint security management tools into a single platform significantly improves our IT and security operations. This streamlined approach provides us with the advantage of using only one reporting stack, and it yields synergies that surpass the capabilities of individual solutions from separate vendors.

Integrating Intune with other Microsoft services has streamlined authentication through single sign-on. We're now transitioning to passwordless authentication for enhanced security and convenience within our unified environment.

Last week, for example, someone traveling to China had their laptop stolen. Fortunately, thanks to Intune, we were able to remotely wipe the device, protecting their data.

The incident reporting and analytics tools enable us to monitor our devices' compliance status near-continuously. As licensed customs brokers subject to Department of Homeland Security inspections, this allows us to generate reports quickly and efficiently, reducing inspection time from thirty minutes to three to four minutes.

Intune gives us full visibility into our devices and IT control across all platforms. This has significantly streamlined our management process. Previously, two people in our ten-person department spent their entire time monitoring platforms and fixing issues. Now, only one person devotes 75 percent of their time to these tasks. This means we're accomplishing more with fewer people and less time overall.

It's great, but the issue with any platform like it is the delay between deploying something and it rolling out remotely. However, it's probably the best option available in terms of keeping us informed about what's happening outside our server room or hosting environment.

Microsoft Intune has been instrumental in securing our hybrid work environment and protecting data on company-owned devices (BYOD). Before Intune, if someone lost their phone, wiping it meant erasing all their personal data - photos, documents, everything. Today, with Intune, we can selectively remove only our applications and data. This allows users to recover a lost phone and restore their personal information. Intune empowers us to be more proactive, eliminating the worry of accidentally wiping a misplaced device.

Microsoft Security Signals has become an invaluable addition because it provides centralized reporting capabilities. This one-pane-of-glass view empowers us to easily communicate our security posture internally to management and externally to regulatory agencies and auditors.

I'm impressed with the Intune endpoint privilege management feature. It's allowed us to reduce even the admin team's permissions significantly. Now, they typically lack access to most things, but the system elevates their privileges just in time for them to complete specific tasks and then demotes them again afterward. This least-privilege approach has been fantastic, and the built-in integration across the entire Microsoft stack is a major advantage. It saves us the hassle of purchasing and integrating a separate solution – it's simply there and works seamlessly.

Implementing least privilege access through Endpoint Privilege Management has significantly improved our organization's attack surface. For example, our Microsoft Secure Score was around 60 percent before adopting the solution, and it's now up to 98 percent. This reduction in the attack surface has also enabled us to implement various remediation measures and establish context-based security. For instance, even if users enter the correct password and complete two-factor authentication, we can require additional authentication if they log in from an unfamiliar location, such as a new country or state. This multi-layered approach provides us with an enhanced sense of security.

Intune has helped reduce the risk of security breaches in our organization.

We had another deployment solution for Apple iOS and Mac devices. Additionally, we also managed a few Linux boxes with an unsupported management architecture. We were able to migrate all of those devices to Intune.

Intune has helped consolidate vendors. 

The integration with macOS and mobile devices specifically iOS, iPhones, and iPads was challenging in the past, requiring separate solutions and manual processes. Fortunately, now everything is streamlined into a single, unified platform.

I would like some integration with the Microsoft reporting platform Power BI.

I have been using Microsoft Intune for five years.

Microsoft Intune is stable.

The scalability is good.

We used System Center Configuration Management, and we did it all on-prem. When Covid hit we switched to Intune.

Microsoft documentation has traditionally been criticized for its complexity and search difficulty. While some improvements have been made, many users still rely on online forums and YouTube videos for basic setup and troubleshooting. As a result, the onboarding experience can feel less polished compared to competitors like Malwarebytes, which offer more hand-holding during installation and configuration. Unfortunately, navigating Microsoft products often requires independent research and trial and error, which can be a barrier for new users.

Consolidating vendors has lowered our licensing costs. However, some features included in Microsoft's Intune might be 50 percent more expensive if purchased separately from another vendor. Specifically, if we consider upgrading Azure Active Directory or Entra to the P2 level, adding Intune capabilities, and acquiring the full Intune suite, Microsoft offers a significantly lower per-user cost compared to external vendors. With Microsoft, it's just a couple of dollars per user, while external vendors typically charge $10-$14 per user for similar functionality.

I would rate the price a four out of ten with ten being the most expensive.

We evaluated several options, primarily security solutions like Malwarebytes and Sophos, which offer remote management capabilities. Ultimately, we opted for Intune.

This is a case where remote management was initially implemented as an afterthought, primarily driven by anti-phishing and anti-malware threat response needs. Subsequently, it became the sole platform for endpoint management, despite limitations in its functionality and granularity compared to solutions like Intune.

I rate Microsoft Intune an eight out of ten.

I'm conflicted about consolidating our vendors. On the one hand, it would simplify things considerably, which is appealing. However, I worry about relying solely on one supplier, preferring a layered approach with multiple vendors. Ideally, we'd maintain a multi-vendor setup, but the current complexity makes it challenging. There are currently vulnerabilities related to Microsoft's primary factor authentication, including several unpatched zero-day exploits. These represent ongoing security concerns.

It's crucial for our organization that the Intune suite integrates seamlessly with Microsoft 365 and Microsoft Security, both for cloud-based and co-managed devices. This is especially important considering the recent trend of moving data back on-premises. We believe a hybrid environment offers the best of both worlds, but many tools are cloud-only, making them incompatible with our on-premises servers or unable to manage them effectively. Thankfully, the Intune suite has addressed this gap, providing us with much-needed flexibility and functionality.

I started using this solution in the summer of 2021. It was three years ago, and I remember it was to deploy new computers. I aimed to get a brand new laptop with the processing system entirely configured and ready to work with applications deployed.

I would say Autopilot is a feature I really like. It allows us to send a brand new computer directly to the user without needing to go through IT. This capability is powerful as it allows us to remove any compromised device remotely, whether it gets stolen or not. 

It's a great product to secure data, although it might be a bit more complicated with iOS devices when you're using your own device. It's nice for mobile devices, though smartphones might be less suitable compared to personal computers. This solution saves us a lot of time once it's implemented.

I would like to see better integration with Microsoft. There are a few things I can still do with Jamf that I am unable to do with Intune yet.

I have been using the solution for three years.

Stability issues almost never happen. The worst case I experienced was when Autopilot failed a couple of times, but that's the only issue I had.

I did not use any previous solutions except Jamf for Apple devices.

The initial setup was somewhat between easy and difficult. It took about a month to learn how to use it, initially in a small environment. During the first implementation in March, I did not like all the new features as they took time.

I used it twice. The first implementation took a long time, and there were two of us the second time.

I am sharing my experience between Intune and Jamf. Regarding the user experience, I'm not sure that users realize what Intune does for them. It automates tasks so that from their perspective, things happen automatically without understanding what is being done. 

I'm not sure about the name, but I had a personal plan because I started using it without training. It took a few weeks to learn how to use it properly. For application deployment, maintaining packages for updates is necessary. I advise using a testing environment and taking the time to understand how this will impact the infrastructure before putting Intune into production. 

Overall, I would rate this product seven out of ten.

Our primary use case is managing our devices and policies and having a consistent way to manage devices on the Windows side.

Implementing Microsoft Intune has provided a more streamlined and consistent method for device management across our multiple domains, effectively consolidating our administrative efforts.

The Microsoft Intune user experience is good. I would rate it eight out of ten.

Within Intune, managing policies and having a consistent way to manage devices is valuable.

Intune is a constantly evolving product, with Microsoft prioritizing its development over on-premise tools. While no specific feature requires immediate improvement, the ongoing expansion of reporting and inventory capabilities promises to enhance its utility.

I have been using Microsoft Intune for at least seven years.

The Microsoft Intune stability is getting better, and I would rate it eight out of ten. A couple of years ago, the performance was not as good as it is now, but there are noticeable backend improvements.

Microsoft Intune's scalability has improved over the years.

Positive

We used Configuration Manager and are continuing to use it. The addition of Intune was due to Microsoft's direction.

I would rate Microsoft Intune eight out of ten. Nothing is perfect, but it's good.

We began using Copilot, but it is currently restricted to a select few. Due to its potential for increased productivity and improved user experience, we are advocating for its wider adoption.

I support mobile technology for the Department of Homeland Security first responders nationwide, particularly in the weapons of mass destruction area. This diverse group includes first responders, firefighters, and police, explicitly located in high-risk urban areas like New York, including Northern New Jersey and Southern Connecticut, Chicago, San Francisco, and Washington D.C. Additionally, a mobile deployment group travels to major events like New Year's Eve in Times Square, Pro Bowls, Super Bowls, and World Series games, carrying chemical and biological detection devices with Microsoft Intune integrated into their mobile technologies.

Intune consolidates our endpoint and security management tools, providing a centralized solution for controlling security and ensuring compliance with the federal government, NIST, and ISO standards. This centralized control is crucial for maintaining a secure and compliant environment.

Endpoint analytics help proactively detect and remediate anomalies on endpoints. We receive alerts from various detection devices, including biological, radiological, and mobile platforms. A common challenge with Bluetooth or similar technologies is maintaining connectivity, whether it's Bluetooth or Wi-Fi. Additionally, we need to protect the Wi-Fi network itself. To address these security concerns, we often use proprietary connectivity protocols to ensure data integrity and prevent hacking, fraud, or unauthorized access.

Intune's Cloud PKI helps us manage our current and historical actions. We can easily access recurring tasks and look for common problems, which is an important attribute of using the cloud service.

For our benefit, Intune is very useful. However, the challenge is keeping it up to date and dealing with shift workers across different time zones. When deploying to the New York region, multiple fire and police departments use these devices. We maintain a database to track deployment status and device updates to ensure effective management. Devices unused for 90 days are suspended with the carrier to avoid higher fees for inactive devices. Although maintaining these devices can be challenging, we closely monitor them and collaborate with regional directors to ensure they are turned on at least every 90 days for automatic updates.

We use the privilege management feature exclusively for points of contact or location managers. Due to the group's diversity and the inclusion of shift workers, these individuals require specific access from an identity management perspective. We only permit access in these designated areas.

Intune saves costs for the federal government.

One reason my employer switched to Intune was the integration of Intune with Microsoft 365 and Microsoft Security.

We deploy applications and manage infrastructure based on specific needs, including lockdown services to prevent unauthorized app downloads. We utilize management controls for this purpose. Currently, it's a small environment consisting of approximately 20 major locations nationwide, with plans for future expansion. The management control feature is the most valuable.

Intune endpoint analytics can be challenging. However, factors like usage patterns, timeliness, and time of day can provide valuable insights. We must also consider help desk tiers, change management processes, and other relevant factors. We must prioritize user-friendly reporting over complex, jargon-filled explanations to present these analytics effectively to the federal mobility group and leaders countering weapons of mass destruction, who may need to be more technical experts.

I have been using Microsoft Intune for 18 months.

The technical support has been good. We have priority, given that we work with first responders.

Positive

Before I joined as a contractor consultant, the government used VMware. They changed vendors, and the new vendor convinced management that Microsoft Intune was superior to VMware. I disagreed, having done a lot of business with VMware over the years. I believe any VMware issues could be resolved with the proper account management and connections in production and development.

They believed Intune offered superior controls compared to VMware, but a thorough evaluation wasn't conducted. Instead of adhering to federal government regulations that mandate due diligence when switching technologies, they bypassed the process. They directly consulted the individual heading CWMD at the time, whose recommendation led to their employment and subsequent contract. Their justification for the switch to Microsoft Intune was based on their assertion that it would enable them to perform better. Typically, an in-depth evaluation is conducted before any transition, highlighting the differences to the federal government and justifying the necessity of the change. Cost-benefit analysis might be a factor, but not always the deciding one. Improved engineering, deployment models, and infrastructure management could all contribute to the rationale behind such a decision.

I would rate Microsoft Intune nine out of ten.

The user experience is a learning process, and it's improving. We primarily deal with shift workers who share devices, making identity management difficult and necessitating tighter security. For first responders, feedback and chemical and biological device management for alerts aren't the top priority. They focus on murders, robberies, thefts, fires, etc. Getting them to update their devices is challenging. We try to set it up so they only need to reconnect their devices every 90 days, but depending on the vulnerability, it might have to be done sooner.

Intune is a necessary tool, and we're currently undergoing a transformation with one vendor leaving and another coming in. This involves going through documentation, projects, upgrade requirements, and processes. MDM is only necessary due to the number of tools we have, including Sonim rugged mobile devices and Panasonic rugged desktops used in police cars, fire trucks, and other mobile settings. Dealing with Sonim is challenging because our contract is with the carriers, AT&T, Verizon, etc., not the federal government. Attestations and an executive order 14.28 about managing technology on these devices exist. Sonim is developed and manufactured in China, raising concerns about mobile technologies and managing them through third-party suppliers from non-friendly countries. All these factors contribute to the challenges in MDM.