Microsoft Intune Reviews

We've experimented with and deployed Autopilot for building and deploying software through Intune, utilizing Intune policies to modify Azure AD joined systems, now referred to as Entra joined. This covers the entire scope of Intune that we've explored and implemented.

We are a consulting company with extensive experience in deploying Intune. We utilize Intune for hybrid join Entra machines. For clients who have the necessary licenses, while Intune is not a full-fledged Remote Monitoring and Management solution, it can serve as an effective replacement for RMM if you are a Managed Service Provider.

While more mature tools exist for securing hybrid work and protecting data on BYOD and company devices, Intune is a viable option for clients who want to leverage MDM with their Premium or E3 license, especially if cost is a major concern. Despite some challenges with Samsung Knox and iOS devices, Intune has shown improvement, and these issues are less frequent. As Microsoft doesn't have a native phone, limitations are inevitable.

The Mobile Device Management in Intune is a valuable feature.

Microsoft recently separated Defender into Security. Intune does not centralize all endpoint and security management tools into one place. It used to be more centralized.

The Microsoft support has been subpar for some time now. Troubleshooting issues often require us to involve a partner, which isn't an ideal or easily manageable solution given the challenges with Microsoft support. We need a reliable partner, but that partnership might still require Microsoft's assistance.

We've faced significant pushback with Copilot as our clients aren't seeing a favorable cost-benefit analysis. Many are opting for ChatGPT Enterprise instead of integrating Copilot into their workflows. We initially expected significant value from Copilot, but Microsoft's pricing is excessive, and the product itself is not exceptional. It remains quite rudimentary in its current state.

Microsoft should not rely on partners to fix issues. While users can open tickets with Microsoft, they often cannot resolve the problems themselves and must engage a partner. This is not an à la carte solution. Perhaps when Copilot eventually becomes available, it will address this. It's not Intune's fault, as it is used frequently.

I have been using Microsoft Intune for ten years.

The technical support is not good.

Negative

We tried numerous solutions prior to Intune, but Microsoft's inclusion of it within their licensing model incentivized us to adopt it. Since we were already paying for the license, it made sense to leverage its full potential and maximize our investment.

If you're subscribing to Premium or E3, there are no additional costs for Intune, it's included. However, with lower-tier plans, you don't get the full suite of security features. Depending on your specific licenses, you might have some level of Advanced Threat Protection, Endpoint Detection Response, or other Defender tools, but not the complete package. Generally, for around 300 users, you get decent protection with Defender for desktop and server – it's a good value. But with E5 licenses, you're at the enterprise level, and you get what you pay for, so expect add-ons. I don't think Microsoft would position Intune as a primary security product anymore, given their recent cloud changes and the focus on Defender. Intune is useful for patching, but it's not a comprehensive security solution in itself. That's why Microsoft has rebranded their security offerings under security.microsoft.com.

I rate Intune six out of ten.

Many of our clients with premium or E3 or above licenses use Intune because it's included in their Microsoft solution. They prefer to leverage a Microsoft product over a third-party alternative. Additionally, Intune allows us to maximize the value of our clients' existing licenses. Therefore, if a client has a premium license, has under 300 users, or is on E3 or above, there's no reason to use another solution when Intune is readily available.

Microsoft recently transitioned from Intune to Endpoint, then back to Intune. Additionally, they moved certain security aspects of Purview into a separate deployment, as is the case with their ATP Defender Suite. This shift signifies a move away from a single, unified management interface to a more distributed model.

We use the enterprise application management feature to roll out apps. While there are better tools available for app discovery, deployment, and automatic updating, Intune's inclusion in the Microsoft bundle keeps costs down. Although Intune may not be the ideal solution for automated application deployment or MDM, its integration with Microsoft licenses makes it a worthwhile option, especially with the expectation of future improvements from Microsoft.

We use the Advanced Endpoint Analytics but it is no longer in Intune. It's been moved over to the security portal for Defender.

The endpoint analytics feature, which helps proactively detect and remediate anomalies and endpoints, is now part of Microsoft Defender formerly known as Advanced Threat Protection. Gartner rates it very highly. To perform threat hunting, we need the appropriate licensing, such as a P2 Defender license. This functionality is not available within Intune. We are transitioning from the older Advanced Threat Protection to the newer Microsoft Defender platform. Previously, configuration was done through Intune, but now we manage it through the Microsoft security site.

My advice for any organization that is already paying for a Premium or above Microsoft license is to deploy Intune because it makes financial sense. Intune is not a bad tool but if they run into any issues, the Microsoft support is no good so they need to rely on a good partner to help resolve the issue.

Microsoft cannot fully replicate the functionality of a Remote Monitoring and Management tool. However, it could incorporate certain RMM features into its existing products or develop new tools that complement RMM solutions.

By implementing Intune, we are exposing aspects of our infrastructure to the cloud that traditionally would remain on-premises. This means relying heavily on Microsoft's infrastructure and security. As we saw a few years ago with the Department of Justice's issues, which were clearly Microsoft-related, placing all our trust in one provider can lead to potential problems. However, despite these concerns, we have not encountered any security issues with Intune to date. But at the end of the day, we are maximizing our license.

Intune deployment is straightforward if you're well-prepared, whether for a hybrid setup or a purely Azure-based one. Packaging new apps is generally well-documented, but troubleshooting can be trickier. There are helpful PowerShell scripts available, though they might not be easy to find.

We use Microsoft Intune to automate the onboarding and maintenance of our customers.

Before using Microsoft Intune, we struggled with software deployment and remote device wipe capabilities.

Most of the Intune is for all the remote devices, so it's all on-prem. For cloud, it wouldn't make too much sense.

Microsoft Intune brings all our endpoint and security management tools into one place. We use both Mac and Windows devices. Having all our endpoints and management tools in one place is helpful. I have a single place to check for current status and add and remove assets.

Microsoft Intune provides full endpoint visibility and IT control across device platforms. Having full endpoint visibility and IT control across device platforms allows us to deploy and manage the systems more effectively.

Intune works well and is seamless for the users.

Intune has allowed us to standardize better.

Intune's use of Microsoft security signals has improved our security because we can now take remote action on these systems as well as have a more common deployment.

It has helped to reduce the risk of security breaches in our organization because of the standardization and single sign-on.

It has also helped us reduce the number of IT staff, saving us costs.

The Asset Management and Auto Pilot are valuable features.

One of the other features we leverage is the single sign-on that Intune facilitates.

The Mac integration has room for improvement.

I have been using Microsoft Intune for two years.

I have not had any stability issues with Microsoft Intune.

Microsoft Intune is highly scalable.

Although I have not used the technical support for Intune, I am not happy with Microsoft's technical support in general.

Negative

The initial deployment was complex until we understood the process. We went through a simple dev test and then prod methodology. 

Two to three people were required for the deployment.

We implement Intune for our customers.

For organizations that are a Microsoft shop, the pricing is compelling. To buy it outright, it's two dollars a seat, which is cheap. The price is worth it.

I would rate Microsoft Intune an eight out of ten.

We have 400 users across multiple regions internationally.

Given the evolving security landscape in the cloud, it's crucial that Intune Suite is integrated with Microsoft 365 and Microsoft Security for both cloud and co-managed devices.

Maintenance is required to keep the packages up to date for any software we deploy. We have four people that deal with the maintenance.

I recommend planning and understanding how Intune will be used before deploying it.

We use Microsoft Intune to manage our corporate devices such as mobile devices.

Microsoft Intune unifies all of our endpoints and security management tools.

Since Intune is part of Microsoft and managed under one umbrella, we don't need any third-party solutions and we can control everything from Intune which enhances our IT and security operations.

Microsoft Intune provides full endpoint visibility and IT control across device platforms ensuring our data is secure.

The user experience for Intune is good.

Microsoft's security signals within Intune improve our security posture.

Endpoint Privilege Management enables us to enforce least privilege access. We can assign different types of access based on each user.

Our attack surface is minimized because if there are any threats or suspicious activity, the affected device is automatically blocked and it becomes non-compliant. The application and company data become inaccessible until the issue has been resolved. These actions also trigger email notifications to inform us of the situation.

Implementing Microsoft Intune has significantly improved the efficiency of our IT team. Previously, managing our devices involved juggling Active Directory and SCCM, requiring multiple tools and a scattered approach. Now, with everything centralized in the cloud, we have a single portal, a single point of control, and a single subscription. This eliminates the need for dedicated servers and complex hardware setups, reducing the need for manual monitoring and update triggers. With Intune, everything is under one umbrella, offering a wide range of options with just a click. No more complicated settings or fragmented workflows. We simply choose the desired policy, perform a few clicks, and our machines are enrolled and updated seamlessly. This streamlined approach has not only boosted our IT team's productivity but also enhanced our overall security posture.

Intune has helped reduce the risk of security breaches by up to 70 percent.

Microsoft Intune has helped our organization save costs.

The many policies available in Microsoft Intune for managing our devices are valuable.

The policies we had in SCCM and AD offered features that are missing from Microsoft Intune.

I have been using Microsoft Intune for one year.

I would rate Microsoft Intune's stability a seven out of ten because it needs more granular policies.

The first level of support is not good but the higher levels are knowledgeable and they are available 24/7.

Neutral

We previously used Microsoft System Center Configuration Manager and switched to Microsoft Intune so we could better secure our personal and corporate devices.

The initial deployment was straightforward. We need a license to join the machines to Azure and then apply the policies we create.

One person is required for deployment.

The implementation was done in-house.

I am satisfied with the pricing.

I would rate Microsoft Intune a seven out of ten.

Intune has helped us consolidate vendors. The consolidation has saved us on licensing costs.

We have 100 plus customers and a team of 20 people using Microsoft Intune.

It's important that Intune's suite is integrated with Microsoft 365, and Microsoft Security for both cloud and co-managed devices.

Intune does not require maintenance but we do need to monitor the status of our devices.

I recommend trying Microsoft Intune.

Microsoft Intune is used for Mobile Device Management. We enrolled our mobile devices as well as the mobile device solution for corporate devices. We have a lot of policies such as the compliance policy, and the conditional access-based policies for the corporate mobile user and we use the solution to assign their  Outlook Teams and other configurations for the organization. 

We use Intune to design compliance policies that apply to corporate devices and to wipe data from devices when users are terminated. Intune is also used for mobile-based solutions, but we have recently explored its capabilities by using the Autopilot feature. With Autopilot, Windows 10 devices can be reset and new versions of Windows 10 can be deployed from Intune.

Intune has many benefits from the Microsoft perspective. This solution can manage Windows 10 devices, app management, and provide security solutions. We don't need to worry about our network connection, and we'll be more secure with regular security patches and compliance. Since everything will be deployed through the internet and users will log in using the internet only, the risks have been mitigated. Security updates, security patching, and the application will be targeted from Intune. The location tracker will be available to track where the device is and the user's location. The user will be restricted from accessing certain applications using compliance policies. Conditional access policies will be based on the reason why the user needs access to the application.

Microsoft Intune is one of the best products in the industry for managing Windows devices. The solution has more feature restrictions. The conditional access policies also eliminate the dependency on the on-prem network for the devices. The solution also manages our security settings and a lot of other beneficial features such as Microsoft Purview which gives us the compliance portion. We can manage all aspects of our device from a single console, including M365 services. This allows us to configure data classification types, such as public, private, internal, confidential, and highly confidential.

The best feature is that we don't need to worry about downtime. We don't need to worry about the network connections of our office or the virtual private network. Everything is being done through the internet. Using Intune Autopilot, we can configure and deploy everything to the devices.

We need the capabilities of the Cloud Management Gateway (CMG) to be enhanced through Intune instead of Azure. I suggest that Microsoft consider this. If the user already has a subscription to Intune, they should not need to buy an additional subscription for Azure services.

The support needs improvement. When we need support, we don't get a response within the SLA because the support has been outsourced.

I have been using the solution for five years.

Microsoft Intune is a stable product. For the configuration, we could reach out to technical support, but other than that, we need not worry about anything. If we have configured the product correctly and we are not going to enhance any additional capabilities in Intune, then we need not worry about technical support.

The solution is extremely scalable. I give scalability ten out of ten.

Microsoft has outsourced its technical support so if we raise a ticket with severity, the technical support team may not be able to respond to us within the timeframe or the standard we expect. Sometimes we get the call within four hours. Sometimes we won't get that call for a day or more. The service side is pathetic now. To get support from Microsoft, we need to have our TAMs in place and then we need to submit the ticket. If we have already aligned a TAM for the tickets, we get support from Microsoft.

Neutral

Previously we were using Microsoft Configuration Manager. The Microsoft Configuration Manager is the dedicated server for managing devices on-prem. We need to make sure the device is on the same network through which the policy is getting replicated. The dependencies with that server as well as with the network are important, and the devices need to be online on the network. Using Intune as a backup solution, if the device is not on the network or if the device owner is not in the location but it has an internet connection, then we can deploy all our physical solutions onto the devices. We are using both, the Microsoft Endpoint Configuration Manager as well as Intune, since a couple of policies are still only being managed with the Configuration Manager.

The initial setup is straightforward. Once we have subscribed to the license, we will receive our tenant ID and organization ID. We can then access the portal and configure whatever we want. To save the configuration, we must enable it from the portal itself. The Azure Ready Connect GUI console makes it easy to join devices to Azure and to create and deploy conditional access policies.

We have four or five global administrator access levels in our organization. The most limited level is for the global administrator, who can be limited to one person. We need to involve them to enter the password while configuring the CMG, and then the Microsoft support in case we are missing any configuration during the installation or managing Microsoft Intune.

We deployed across more than 10 to 15 countries. The solution is used in India, the US, and England.

We have seen a return on investment using Microsoft Intune. We can save money by establishing our management point and cloud distribution point in Azure. Cloud support is an additional cost. We have to pay Microsoft for the VM, which doesn't act as a management point and the cloud distribution point for the endpoint. Endpoints are the on-prem devices.

Earlier, Microsoft used to give the license using the MSDN subscription, now the subscription part uses the M365 E3/E5. Existing E5 license holders for M365, Intune, and Azure, receive a free license.

If we're only upgrading to Windows 10 for the monthly security patches, Ivanti has Patch Now. Patch Now is a solution that gives us the same set of capabilities as IBM BigFix, but Intune has enhanced capabilities. Ivanti Patch Now is another product similar to the Microsoft Configuration Manager console and we have to make sure the device is on the on-prem network itself. Intune is a cloud-based solution that does not require the device to be on-prem. Everything is in the cloud, including device tracking, writing, and initiating remote connections.

I give the solution a ten out of ten.

I manage the endpoints for the implementation strategy and use the desktops or Windows for migration. I'm not from the mobile device management team, but I can give presentations on how the devices will work in the Autopilot zone with Intune. I'm also familiar with conditional access policies and what needs to be in place for a successful migration.

We have 35,000 end-users.

Maintenance is minimal. There have been no reports of any outages from the cloud perspective, meaning that any downtime is from Microsoft itself. However, on-prem systems may experience challenges. We don't need to worry about downtime and all the systems will still be operational.

New customers are definitely going to reach out to Microsoft for purchasing all the products. Microsoft will have its own lab. They will give us the live demo from the lab, but that won't be a feasible solution. We should check and bring that solution to our environment. It would be good if we can create our own test environment and then ask Microsoft to perform all those configurations and just train our engineer about the Intune part. We will know all the legacy parts of our environment which could impact when we are moving our devices to Intune, either the legacy app, legacy hardware, whether those devices are supported, the TPM, the Tested Platform Module, the BitLocker configuration, everything we need to understand before we move our device to Intune.

I worked with Microsoft Intune.

Third party integrations are very convenient to use with Microsoft Intune.

Whatever is required is available in Microsoft Intune. Remote access functionality could be added in future updates.

Microsoft Intune is currently overpriced.

I have been working with Microsoft Intune for six years.

Microsoft Intune support needs improvement and they could work on enhancing their support services.

Microsoft Intune is the best among competitors, though I haven't worked with other similar tools.

I would rate it an eight out of ten. 

I use it for deploying software and managing devices.

Microsoft Intune brings all of our endpoint and security management tools into one place. I can log into only one console and jump from one system to the other system seamlessly.

It is easy. When I hand out a new device to new users, I ask them to enter their email address and password. They just need to give the device 15 to 20 minutes, and it is done. Users can then start working on their devices.

It just works. I do not have to run after the software to see if it is the latest update. It just runs. It is setup-and-forget.

Microsoft Intune makes it easy to secure hybrid work and protect data on company and BYO devices. Once you have set up all the rules, it just works. You cannot mix personal data with company-related data. Also, no data can be extracted from the business aspect to the personal one.

Microsoft Intune's Endpoint Privilege Management feature enables us to enforce the least privileged access. For me, it is a big advantage to only have the rights I need and not the ones I do not need. For every specific case, I just request the required role for it, and afterward, I deactivate the role. From the security aspect, it is at a very high level.

It helps reduce data loss. It helps with data loss prevention. We also use multifactor authentication and block unknown devices and unknown users. Any external attacks are blocked via a lot of mechanisms. We can use our privileged roles only inside a closed network and with PKI-based authentication.

Microsoft Intune has affected the IT productivity in our organization in a positive way.

It is very important for us that its capabilities are integrated with Microsoft 365 and Microsoft Security for both cloud and co-managed devices. This feature was one of the major things when we started digitalization.

The ability to work from all over the planet is valuable. You just need a functioning and working Internet connection. You can enroll devices by binding the hash values in Intune. You can enroll them from wherever the person is. It makes no difference if he is sitting at home or office or is on vacation.

They are always rolling out updates. You get more and more possibilities to enroll devices and configure their settings and security. I have confidence in the setup they have provided so far. I, as such, do not have any specific inputs or needs. However, there is always room for improvement when it comes to scalability.

I have been using Microsoft Intune for almost six years. I am always using the latest version. It is a cloud platform, and it is updated almost every month with new features.

I would rate it an eight out of ten for scalability. There is always room for improvement when it comes to scalability.

Their technical support is great. We always get an answer from Microsoft.

Positive

We were using Microsoft System Center Configuration Manager. We did not use any other vendor.

Using Microsoft Intune did not help us consolidate vendors. Our strategy is to not mix up too many different vendors and have just one. The best thing is that if you want to use Microsoft Azure and Intune, you can use the features out of the box. You do not need big modifications. You can take the default and build everything around your needs, and it will work.

This is the platform for every enterprise. It is easy to manage all devices such as Windows, iOS, and macOS in one place. You can also manage Android devices.

Overall, I would rate Microsoft Intune an eight out of ten because there is always room for more modifications and improvements.

Our organization utilizes Microsoft Intune to safeguard company data on employee laptops and cell phones that might be used for remote work.

We use Microsoft Intune to ensure compliance on devices, both on and off-site. Intune enforces settings like requiring a screen lock and allows us to remotely wipe lost devices to protect sensitive company information.

Microsoft Defender offers a built-in Intune dashboard that simplifies our workflow. While reviewing security information in Defender, we can easily see non-compliant devices flagged by Intune, eliminating the need to switch between applications.

The Intune user experience has become significantly easier. While in the past we required detailed instructions for app installation, recent versions of the Intune app guide users through the process, eliminating the prior challenge of users struggling with installation.

Intune's biggest benefit is its seamless integration with existing Microsoft products in our organization. Since we're already a Microsoft shop, Intune leverages our familiar environment for a straightforward implementation, offering centralized control for our SOC clients. We likely saw the advantages quickly, as with other Microsoft products.

Microsoft Intune effectively secures our BYOD program. If we have employees who need to work from home for some time, we make sure to install Intune on their laptops first.

Microsoft Intune has improved our IT team's efficiency by allowing a Bring-Your-Own-Device policy and facilitating work-from-home options.

The most valuable feature of Intune is the ability to reset a lost device and remove all the data.

I have been using Microsoft Intune for almost four years.

The technical support gets the job done.

Neutral

I would rate Microsoft Intune seven out of ten.

A selling point for us was that Intune reports back to the Microsoft dashboards that we already use.

We are using it for the endpoint deployment piece.

By implementing Intune, we are trying to get everything off on-prem.

Because of the FedRAMP space and some of the pieces we are doing, such as the new policies for CMMC 2.0, we have more worries when we have anything physical. It just made sense to go for a cloud solution. Because we were already using Microsoft products and we were previously partially using Intune, it just made sense to use Intune.

Once you start getting things hosted in the cloud, rather than having to host the domain pieces yourself, they can be generally managed by Intune. One of the issues that we had when we had the hybrid or on-prem deployment set was that users would have to use a VPN to be able to change their user email or their password sets. Having to manage on-prem exchange was an issue as well. There were other things like that. As we are moving the pieces over, we are noticing a lot more availability and easier configuration of pieces for users.

Intune has helped us with compliance. We are using it for CMMC 2.0 compliance.

Intune provides full endpoint visibility and IT control across device platforms. You can individualize it for your company with the Intune Company Portal app. You can make applications and other things and have them deployed via scripts.

The user experience of Intune has been nice for other individuals from what I have seen.

A lot of security is achieved via Intune policy deployment cases. There is a baseline security set, and then a part of it was configured with some of the other things that we needed for CMMC 2.0 compliance. It is containerizing for cell phones in particular and not allowing specific connection sets. We have more cells than anything else. A lot of the users do not even need to touch a lot of the system sets that we use. We have not had any issues with user availability.

One of the things that you can do with Intune is that you can have approved app sets. As a corporation, you know that a user needs to use an application, so you can have it added to Intune Company Portal apps. You can have it pre-downloaded for the users without the need for an admin's intervention. For the apps that users could need or do need, you can either force installation or set it up for the user if they need it.

Intune certainly affects our organization's attack surface. We are utilizing DLP, domain policies, and things like that via Intune. It is nice to be able to make sure that the users can have their laptops, and there is also no need to have a VPN service for a lot of those. It makes it easier for each user's things to be isolated.

We started utilizing the app proxy service. If you have local applications that use a web URL, you can use the app proxy and have Microsoft handle the VPN connection set rather than needing a VPN yourself.

Intune has helped to reduce the risk of security breaches in our organization. Intune has saved us costs. It has helped us reduce our workloads. When doing the hybrid deployment, we have to manage our on-prem environment and have additional security for it. By moving into the cloud, we have reduced the electrical cost of the office. There is also a price difference. Hosting our own VM sets versus having them host in Azure are two different things. Doing cloud integrations with pieces is easier in Intune than on-prem. It has been a nice thing that we have been dealing with recently.

We are using it for its DM Hosting, user hosting, and end-to-end deployment as well. It is all very nice.

I would like them to stop making changes and not tell people they have already made the changes.

I know that their AI pieces are at the infancy stage, but allowing users to do more tagging for information would be an interesting thing because Intune also directly integrates with Azure. Because a lot of the devices are hosted with that, you also get a lot of tagging of user data and other things like that. Tagging is still at more of an infancy set. You get a lot of false flags.

There can also be a more simplified use case for app deployment. They leverage MSIs and WIN32. I am having a more washed-out EXE process. Rather than having to build the script sets yourself, having them autogenerated script based on you uploading in a default location would be nice.

We are still in phases. It is not simple to just do a hard cutover for a lot of it.

Even though it is a Microsoft product, Microsoft does not sell or support the product directly, so you have to talk to a third-party set that is considered their partner to be able to access support. Our partner is JourneyTEAM. After utilizing billable hours with them and other pieces like that, we have been getting a lot of nice support via them. I would rate JourneyTEAM a 10 out of 10. I really enjoy working with those individuals.

We were using Symantec, and we ended up using Intune. Symantec is a nice security piece, and it does some device management. There is a domain-joined service for laptops. Intune has a similar service set. You do what is called the hardware hash join into the Microsoft Intune to have the laptop cleaned by an organization rather than turning on a VPN and connecting to a domain service for a domain controller that an organization has. A lot of that is cloudly or natively handled by Intune. Especially if you go further with the Intune hardware hash joining process, there are some script sets that were put out. You can even do hardware hash harvesting from where you are purchasing, so you can have the OEMs give you the hardware hashes to be able to input that into your cloud environment. You then know that anyone cannot just walk away with the laptop because it is still joined to your Intune base.

In terms of differences between these two solutions, there is the domain service set. Intune manages the whole domain set, and then it also integrates into the other application sets. Intune is more of a product suite set. It also does the policy and detection pieces for devices, whereas Symantec is more strictly the policy sets and security.

Intune can bring all of your endpoint and security management tools into one place. For the use case that we are doing, we are leveraging additional security software as well, so there is a little bit of everything.

We are not using it for corporate assets. We are utilizing the M365 VM license set, which is a semi-part of Intune. That is how the users are reaching some of the remote corporate resources.

I would rate Intune a 9 out of 10. It is definitely a nice product, but there are nuances to it. Especially with them coming out with and changing name schemes for a lot of the features, you have to do digging to find the whole use case, but with all the options and different use cases, there is a lot to be gained.