Microsoft Intune Reviews

I use the solution across my full enterprise. That means for me roughly 4,000 devices, with 2,000 being desktops, 2,000 being laptops, and then maybe another 2,000 mobile devices.

The most valuable feature I have found is the access control. It integrates with Endpoint Manager. The reason for that is that it has allowed me to customize my organization's policies.

The security posture is very good. It's very customizable. 

Overall, my user experience with Microsoft Intune has been great. It's offered a very smooth transition and I'm very positive on the product.

I am just starting with Microsoft Security Copilot. My experience with Copilot, and Microsoft Intune Copilot in general, has been incredibly positive as it's a skill multiplier for daily operations.

It's an absolutely critical application that I use every day. 

Intune helps with app discovery. It's a game changer as it provides so much overall visibility.

I have analytics available. It's a wonderful tool, and I love the amount of data it's able to extract. 

Intune is reducing our attack surface and improving our security posture.

Microsoft Intune has potential for improvement; I would like to see a lot more customization in the reporting tools.

I have been using the solution for four years.

My assessment of stability and reliability is that the uptime is fantastic, and I haven't had any issues.

Compared to my previous solution, it's incredibly easy, and it's scaled to the entire organization. Within a month, I had gone from zero to full deployment.

My experience with customer support or technical support is that they have been nothing but excellent.

Positive

Previously, I was using IBM to address the same issues. I made the switch since it was both more cost-efficient and Microsoft is best in breed.

The deployment was incredibly easy, and it's scaled to the entire organization; within a month, I had gone from zero to full deployment.

Intune has been helping us reduce the cost of devices per user and offers trusted effectiveness for maintaining the accuracy of those devices.

I don't have specific ROI data points. 

The licensing has been fantastic and the support we've received from Microsoft has been impressive.

I wasn't involved in the RFP process. 

I do not use PKI yet; it is on our task list, and it's on the list to get done, but it hasn't been completed. The reason it's on the list to get done is that I want everything in the same platform, just so everything integrates and supports each other.

My assessment of endpoint analytics is that it's a wonderful tool, and I love the amount of data it's able to extract; I can provide examples of how these features work.

On a scale of one to ten, I rate Microsoft Intune a ten.

Microsoft Intune is primarily used for mobile device management (MDM) and mobile application management (MAM) to secure and manage corporate devices, applications, and data.

Microsoft Intune has proven to be highly effective in managing Windows, macOS, iOS, and Android devices. From inventory control and application management to security and compliance, Intune streamlines IT operations, significantly reducing management time. This efficiency allows IT staff to focus more on providing care and support to end users.

Microsoft Intune has significantly enhanced our organization's IT operations by streamlining device management, strengthening security, and improving overall efficiency. Key improvements include:

•  Simplified Device Management: Centralized control over Windows, macOS, iOS, and Android devices, reducing manual configurations and deployment time.

•  Enhanced Security & Compliance: Automated enforcement of security policies, including encryption, access controls, and compliance monitoring, ensuring data protection and regulatory adherence.

•  Improved Application Management: Seamless deployment and management of business-critical applications, reducing downtime and improving user experience.

•  Efficient Remote Work Support: Secure access to corporate resources for remote and hybrid employees, enabling productivity while maintaining security.

•  Reduced IT Workload: Automation of routine tasks, such as software updates and policy enforcement, allowing IT staff to focus on higher-value initiatives and user support.

From my expertise with Microsoft Intune, the most valuable features likely include:

1. Zero-Touch Deployment with Autopilot

• Why? It simplifies device provisioning, allowing new devices to be automatically configured with the correct policies, applications, and security settings. This reduces manual setup time and ensures consistency across the organization.

2. Endpoint Security & Compliance Policies

• Why? Enforcing security baselines, BitLocker encryption, and Defender settings ensures devices remain secure and compliant with industry standards, minimizing security risks.

3. Conditional Access & Integration with Microsoft 365

• Why? Conditional Access helps control who can access corporate resources based on device compliance, location, or risk level, enhancing security without disrupting productivity.

4. Mobile Application Management (MAM)

• Why? It allows control over corporate apps without managing an employee’s entire personal device, making it ideal for BYOD environments while protecting sensitive data.

5. Remote Actions (Wipe, Lock, Reset, and Remote Assistance)

• Why? The ability to remotely wipe lost or stolen devices, reset user passwords, or assist employees in troubleshooting reduces downtime and enhances security.

6. Software & Patch Management

• Why? Automating Windows updates, deploying critical patches, and ensuring app versions remain up to date improves security and reduces IT workload.

Microsoft often updates and modifies the user interface without providing timely documentation for administrators. Changes such as relocating options, renaming settings, or removing features altogether can create confusion. As a result, administrators must search through Microsoft documentation— which may not yet reflect these updates— to identify and adapt to the changes.

I have been utilizing Microsoft Intune across various deployments of the M365 GCC, GCCH, and commercial platforms for approximately 8 to 9 years.

The system itself is great. It is on an enhanced platform that I do not have anything to worry about. The only part I need to worry about is my own redundancy on my side since if my circuit goes down, I will lose connectivity to the platform.

Intune scales effectively as your organization grows. As the user base increases, the cost per user decreases, making it a sustainable solution. Additionally, features like Windows Autopilot simplify zero-touch deployment and device provisioning, saving valuable IT time as you scale.

The need for Microsoft support was minimal due to our ability to rely on available documentation, even though some of it was somewhat outdated. We were able to effectively use this documentation to understand the functionality and features of Intune within our organization's operations. While there were occasional gaps in the documentation, our internal expertise and familiarity with Microsoft 365 allowed us to navigate and implement the necessary configurations without significant external support. This proactive approach helped streamline the deployment and ongoing management of the platform.

Neutral

No, switching is unnecessary. Microsoft allows for the integration of third-party solutions or the development of custom alternatives within Power Platform.

The initial setup of Microsoft Intune can be considered relatively straightforward, but with some complexity that requires an engineering mindset for full optimization.

At a high level, the process involves configuring the service, setting up device policies, integrating with Azure Active Directory, and applying security settings. For organizations that already use Microsoft 365 services, the setup is generally more streamlined due to the integration with Azure AD, which simplifies user and device management.

However, for an engineer, the complexity arises in designing the policies, determining which configurations and security measures are required based on organizational needs, and ensuring that devices across multiple platforms (Windows, macOS, iOS, Android) are properly managed. The setup process also requires thoughtful planning to align with compliance requirements, such as data protection, encryption, and remote wipe capabilities. Configuring these settings with precision is crucial to avoid security vulnerabilities.

Moreover, the engineering mindset is essential when working with advanced configurations, such as conditional access policies, application deployment strategies, or setting up integration with other Microsoft services like Endpoint Manager or Defender for Endpoint. Testing and fine-tuning these configurations to ensure they work as intended across various devices and user profiles can add complexity but is necessary for long-term success and security.

Overall, while the setup can be streamlined, a thorough understanding of your organization’s IT architecture and security requirements is essential to leverage Intune effectively.

I collaborated with our in-house team to deploy Microsoft Intune as part of the broader Microsoft 365 suite. Together, we leveraged our internal resources and expertise to integrate Intune seamlessly into our existing environment, ensuring smooth deployment and configuration. By utilizing our team’s knowledge of our organization’s infrastructure and security requirements, we were able to customize Intune settings to meet our specific needs, providing a secure and efficient device management solution across the organization.

The resources required to house and manage numerous physical servers, maintain various third-party software license bundles, and handle the upkeep of the infrastructure—including costs for cooling, electricity, and regular maintenance—would incur a significant financial burden. When compared to an all-in-one, secure Microsoft cloud-based solution, the contrast becomes clear. The cloud eliminates the need for extensive physical maintenance, providing built-in security and scalability. It offers the flexibility to seamlessly integrate additional products, reducing the reliance on physical devices. This not only simplifies IT management but also reduces overall operational costs, making the Microsoft cloud-based solution the most cost-effective and efficient choice for businesses.

For businesses, especially those in regulated industries, the cost of security features like encryption, data loss prevention, and multi-factor authentication can add up quickly if purchased individually. However, with Microsoft 365, particularly in environments like GCC High, these essential features are bundled together, providing strong protection without the need for additional third-party solutions. For example, $1,000 per year for an end-user on GCC High is a competitive price when considering the built-in compliance certifications and government-grade encryption.

Although the pricing may seem high at first glance, Microsoft’s licensing model is structured to scale with the growth of an organization. As the business expands, the cost per user decreases, making it a long-term investment that supports growth and adaptability. Features like Windows Autopilot for zero-touch deployment, MDM (Mobile Device Management), and MAM (Mobile Application Management) simplify the management of an expanding device fleet, reducing administrative overhead.

A key advantage of Microsoft 365, including Intune, is its seamless integration with the wider Microsoft ecosystem. From SharePoint and OneDrive to Azure AD and Microsoft Teams, these components work together as a unified solution. The pricing reflects this comprehensive value, streamlining the management of various enterprise functions from a single platform and saving time and resources in the process.

We did evaluate other options, which were developed within Power Platform. These alternatives offer the same level of security, as they are built within the same platform as Microsoft Intune.

Overall, Microsoft Intune is a powerful tool for managing devices, securing corporate data, and integrating with the broader Microsoft ecosystem. A 9/10 rating reflects its strengths and the few areas where it could further enhance its capabilities.

Microsoft Intune was used by the organization that hired me. Microsoft Intune allows organizations to manage all devices. It is a cloud-based service that helps organizations manage and secure their devices such as laptops, smartphones, and iOS devices. We primarily used it for managing applications through mobile application management (MAM) and mobile device management (MDM). Device enrollment is another purpose of Microsoft Intune which automatically configures devices within the organization with their work accounts.

In the Microsoft Intune company portal, there is an option to develop and deploy applications that are trusted by the company. 

Additional use cases include compliance, conditional access, and endpoint security. To summarize, the main purposes are MDM for laptops, mobiles, and iOS devices; MAM; device enrollment; app deployment; compliance and conditional access; and endpoint security. I had access to compliance and conditional access, endpoint security, device enrollment, MDM, and MAM. App deployment was not part of my responsibilities.

Microsoft Intune provides valuable functionality for locating lost devices. Through the Endpoint Management Admin Center within Microsoft Intune, we can find the last seen location of enrolled devices that may have been stolen or misplaced. This requires device numbers, serial numbers, usernames, or IMEI for mobile phones.

Another excellent feature is the ability to enroll devices and set compliance status. Notifications can be pushed from the Microsoft Intune Admin Center to users' portals, informing them when devices are not compliant and providing steps to follow company policies.

Microsoft Intune saves approximately 20% of time and resources through automated features that enable quick resolution and guided SOPs. It reduces troubleshooting and support time by 30-40%. The security compliance capabilities make it widely adopted across organizations. The user experience is robust, and the pricing model is budget-friendly. Its integration with Azure AD and Microsoft 365 applications adds significant value.

Microsoft Intune could be improved in several key areas. Policy and app deployment should be faster, as it currently takes between minutes to hours to apply, with an average of one hour. This could be enhanced by adding real-time sync or faster push intervals for critical changes. When users transition between devices, the process takes 45 minutes to one hour, which could be optimized.

The error reporting system needs improvement, particularly for automatic retry of failed installations. In the Microsoft Intune company portal, when application downloads fail, users must manually reinitiate the installation process. An automatic retry mechanism for failed installations would enhance the user experience.

I have been using Microsoft Intune since 2019.

Microsoft Intune demonstrates excellent stability with a rating of nine out of ten, providing a very stable experience.

In my role as an IT administrator, I have overseen Microsoft Intune implementation for approximately 10,000 users across multiple organizations. My previous organization had 7,000 plus users, and my current organization has between 3,000 to 4,000 users.

When comparing Microsoft Intune to alternatives such as Unified Endpoint Management solutions, VMware Workspace One, and Google Endpoint Management, each has distinct strengths. For Microsoft environments, Microsoft Intune rates five out of five, while Ivanti (formerly MobileIron) rates three out of five, and Google Endpoint Management rates two out of five.

For iOS environments, Microsoft Intune rates three out of five due to compatibility issues, MobileIron Ivanti rates four out of five, and Google Endpoint Management rates 3.5 out of five. Regarding user interface and ease of use, Microsoft Intune scores five out of five, Ivanti three out of five, and Google Endpoint Management four out of five.

In security and compliance, Microsoft Intune achieves five out of five, Ivanti four out of five, and Google Endpoint Management three out of five. For budget-friendliness, both Microsoft Intune and Google Endpoint Management rate five out of five, while Ivanti rates four out of five.

Microsoft Intune provides an excellent experience for both employees and IT administrators. While the user interface requires some initial guidance for new users, it is straightforward for IT administrators to navigate. The platform ensures device compliance effectively, earning a five out of five rating for user-friendliness.

Maintenance requirements for Microsoft Intune are minimal compared to on-premises applications such as SCCM or Active Directory Certificate Services. Required maintenance includes policy and app management, monitoring and troubleshooting, OS and app updates, and license and user management.

I recommend Microsoft Intune to other users and companies due to its password policies, seamless Microsoft system integration, multi-platform support (Windows, iOS, Android, macOS), simplified device enrollment management, cost-effectiveness, and smooth user experience. It represents a future-proof investment for companies.

Regarding Mobile Application Management, I have worked with MAM policies including conditional launch, PIN encryption, data encryption within apps, and copy-paste restrictions.

Overall rating: nine out of ten.

We are using Microsoft Intune for the management of desktops and laptops because we have a business where we don't have all users in the office. Many of them work from home from different countries. Management of the devices was almost impossible with the tools that we were using before, such as ServiceDesk. We are using Office 365, and we are Microsoft users in a Microsoft environment. After that, we decided to grow with Microsoft Intune. Initially, it was planned to better manage the devices and serve as a deployment tool.

Microsoft Intune has definitely affected IT productivity in our company. We shortened the time for issuing new PCs and changing PCs. It enforced our security and deployment of the Gold Build. We were waiting for that; it shortened that time significantly, and we got our security certifications regarding that very fast after we bought it. Junior technicians and help desk staff had much less time to spend on the deployment of the PCs.

We are using the endpoint privilege management feature and find it very useful and good.

The thing I appreciate most about Microsoft Intune is that the management of the devices was very simplified. We have all machines connected to it at all times, whether they are in the office or working from home. The greatest thing is that we create unique deployments for security, which we call the Gold Build Windows 11, and the deployment of that operating system with all the security settings that we set up for our business is very easy; it is much simplified compared to before. We created everything that we needed on Microsoft Intune, and all you need to do is just set up a new PC or an existing one, put it on the network, and let Microsoft Intune do everything else in order to have a completely full machine with everything you need from one place. Everything that you need to change, when we decide to change something, is in one place and will be deployed immediately.

Reporting can be better. Only global administrators can see detailed reports at the moment, and I don't want to use the global admin. We have only two global administrators in the USA and Europe, and it should be available for the global reader role because currently, when I need to do some reporting, I have to send a request for the global admin report.

We didn't have any complaints in terms of user experience, from administrators or from users. The only problem for us was that we had different access levels for the administrators, and that was very hard to accomplish. That was the one part that we were keen on and contacted support. It's not so granular. That was the problem.

One thing that I don't appreciate in deployment is that it needs to be put in the group of the machines over the security group; you cannot put it into only one PC.

I started using Microsoft Intune in my last company, and I have been using it for almost two years.

We didn't have any issues regarding stability.

Microsoft Intune is very scalable.

It's a great suite for big companies that have over 3,000 users and many devices to manage. It's great from the management point of the devices, and also users; it's collaborative with Office 365, and the pricing is for companies that have more than 3,000 users.

We contacted them when we had the issue with the serial numbers of the machines. Microsoft support was not very responsive, and it took approximately one and a half months to get on a call to clear what the problem was. Every time they changed technicians, we had to explain the problem again. We were explaining for one and a half months without getting help. We ultimately resolved the problem ourselves. They are not responsive and not intuitive in giving solutions.

Neutral

We used Service Desk Plus previously. At the moment, we are using other management tools, but very soon, we will go for Microsoft One. Between Service Desk Plus and Microsoft Intune, I prefer Microsoft Intune because of its pricing and features.

In terms of app discovery, deployment, and automatic updating, it's great; although sometimes, it's very hard to find the deployment version of the applications for Microsoft Intune because some software companies do not create them. For example, we find it much simpler in other software, such as Datto. We use Datto for remote access and deployment of some specific applications, but for most applications, we use Microsoft Intune. 

The initial deployment was not difficult for me. The project took one month to deploy.

We saw the benefits of Microsoft Intune after some time. We had some issues, and we contacted support at Microsoft. We used a lot of non-brand machines, and that was the issue. We couldn't enroll them in Microsoft Intune because they didn't have serial numbers, and unfortunately, Microsoft couldn't help us on that. We solved the issue by ourselves by writing down in the BIOS our internal number with a script, and that was the solution. After we crossed that bridge, it was much better.

We had a very small team; three engineers were doing the implementation.

The overall pricing of Microsoft Intune is good for companies that have big IT budgets, 3,000 or more users and devices.

We started using Copilot, but we stopped the usage of AI at the moment in our domain. We want to make it more granular in terms of who can use it. Our end users cannot use it. It was a request from our clients to set that up at this point, and we have an IT department in the company that will make improvements. We took Copilot professional licenses, and it's very good.

It is important for us that the capabilities of the Intune Suite are integrated with Microsoft 365 and Microsoft Security for both cloud and co-managed devices. We are still in hybrid mode, but within Intune, Office 365, and Azure, we will soon be in the cloud, totally independent of anything on the ground.

I would rate Microsoft Intune an eight out of ten.

I have worked on multiple projects during these four years and encountered various scenarios with Intune. The major issue I found is Intune's vastness; it has numerous features within a single MDM portal. We can deploy unlimited features from the Intune portal to manage devices and protect the environment. Intune's capabilities are extensive, but there is room for improvement in certain areas, particularly reporting. Intune's reporting functionality is still under development, and we can anticipate further advancements in this area.

I previously worked as a solution engineer and am currently a call center agent in IT. I have worked on all sorts of Intune-related issues, including those related to mobile devices, Windows devices, enrollment processes, and policies. My expertise includes Autopilot, GP enrollment, the enrollment process for Windows, iOS, and mobile devices, as well as configuration profiles for multiple devices and platforms. I have also worked on scripts. As an escalation engineer, I have dealt with a wide variety of user issues.

The primary benefit of implementing Intune is the ability to manage devices, including controlling access, deploying applications, and enforcing restriction policies. As administrators, we gain control over which applications and websites users can access on their devices. Additionally, we can seamlessly deploy applications and configure network settings according to our organization's or client's specific requirements. Intune enables us to manage devices, deploy applications, and enforce policies, ensuring that devices within our environment adhere to our company's standards.

My deployment is primarily cloud-based, but I also have knowledge of hybrid environments. I have limited on-premises experience, having only observed local Active Directory servers. I can configure them theoretically, but I wouldn't consider myself a trained engineer in that area. With hybrid environments, I understand how to implement and integrate the hybrid components with Intune for a seamless and error-free deployment.

We can integrate endpoints directly into Intune, enabling us to access the options on the Intune portal. Intune is a seamless feature that collaborates with various services within the Azure ecosystem, essentially relying on Azure for its functionality. An essential collaboration exists between Azure AD and Intune. Similarly, Defender, another Microsoft service, must be integrated with Intune to remediate threats. In essence, Intune is a unique entity that requires communication with other Azure services. Configuration and connectivity are necessary to achieve this integration. Once integrated, we can access other endpoints directly from the Intune portal.

The user interface is straightforward, and the configuration profiles are easily accessible to the administrator. There are multiple ways to implement a single setting or policy on a device, including the deployment of several policies. A new feature allows for the creation of policy sets that can be deployed to different locations within an organization, streamlining management for administrators across multiple regions. This is a valuable feature that saves time and increases efficiency. Policy sets can be created, and locations can be assigned to them, ensuring that any enrolled device or user within that location receives the predefined policies. Group tags further enhance this process by automatically applying policy sets to devices or users added to specific group tags. Overall, Intune offers numerous features that enhance administrator productivity, including the ability to efficiently manage and track policy deployments.

The enterprise application management feature is excellent. If we've deployed applications using the application management services, we can provide updates directly, eliminating the need to repackage them. With application management, if an application is deployed in a region with multiple devices, those applications automatically update once an update is available. It's one of Intune's best features and was recently integrated. While I need to explore it further, I've previously used it to deploy applications in a region, and any auto-updates from the store were applied seamlessly. This is a significant benefit of Intune.

The PKI process in Intune is excellent, though it can be complex for administrators. Intune's reporting has improved since last year's changes, and removing one PKI component has simplified the troubleshooting log collection. Once correctly configured, this reliable feature allows direct certificate deployment to users and devices, eliminating the need for constant password and user ID entry. Users can seamlessly log in with their certificate across various applications, such as email or VPN profiles, enhancing convenience and security. Overall, Intune's PKI capabilities significantly benefit streamlined authentication and access management.

How we use Copilot depends on the specific needs of the enterprise. For clients with an existing on-premises environment, which typically includes multiple servers and domain controllers, there's often a gradual desire to migrate to the cloud. In these cases, we recommend Copilot, where we can implement an Intune environment and facilitate the gradual transition of devices from SCCM to Intune. These scenarios represent the primary use cases for deploying Copilot for device management, as it offers an optimal solution for managing devices during the on-premises to cloud transition. For remote users unable to access the physical office, device enrollment ensures cloud-based management. In contrast, restricted environments necessitate on-site presence. While VPN offers an interim solution, enabling remote device management through on-premises connectivity, it incurs additional costs. Ultimately, we advocate for cloud adoption as a cost-effective and simplified approach to device management, aligned with the ongoing evolution towards cloud-based solutions.

Intune has significantly improved our organization. Firstly, it allows users to work securely from anywhere, as the device is managed and policies, settings, and restrictions are deployed over the cloud, regardless of the location. Additionally, we can deploy various policies and regulations for security, simplifying device management. From an admin perspective, Intune streamlines device management by allowing us to simultaneously deploy policies to multiple devices. Enrollment is also effortless, as devices can be shipped directly from the vendor to the user and ready for use. This eliminates the previous admin tasks of deploying custom OS images and managing policies via SSCM, ultimately improving productivity.

Intune's ability to secure hybrid work and protect data on company and BYOD devices involves security restriction and conditional access policies. These settings provide significant device security. For instance, we have unconditional access policies and app protection policies. These policies allow us to secure data users might share with other devices or native applications. With conditional access, we can require devices to be managed by Intune before accessing corporate data, ensuring they receive necessary restriction and protection policies to prevent sharing corporate data with unauthorized applications. This significantly enhances corporate data security. While user agents offer data security benefits, Microsoft Defender and Office 365's data loss prevention policies strengthen our overall protection.

Intune has helped save 90 percent of our costs.

The security provided by Intune is excellent. The security policies deployed through Intune significantly enhance device security, encompassing data protection, device restrictions, Wi-Fi settings, and proxy configurations. Additionally, Intune can deploy antivirus software if we have the appropriate licenses, further bolstering security. Overall, I'd estimate that Intune provides roughly 80 percent reliability in terms of security.

Intune's ability to integrate with Microsoft 365 and Microsoft Security for both cloud and co-managed devices is crucial because, in isolation, Intune is limited. To make its features work reliably and meet specific requirements, integration with Office 365, Defender, and local AD is necessary. This integration enhances security on devices and enables advanced features like data loss prevention through Office 365. While Intune offers security policies, integration with Office 365 unlocks their full potential for comprehensive device protection.

What I like most about Intune is its seamless enrollment process, particularly the Autopilot method. Autopilot allows bulk enrollment of devices, making it easy for end users, even those without technical expertise, to use their devices immediately. While there might be occasional error messages during configuration, when done correctly by the administrator, Autopilot is the best feature currently available.

Intune is excellent. It is constantly evolving, from the legacy portal to the current endpoint management; we are seeing a gradual number of changes, and many features have been implemented and added to the Intune portal. The interface is great and user-friendly. Even someone without much MDM experience but needing access to the Intune portal would be able to understand that these are Windows devices and these are the policies they can deploy. The portal's overall UI is user-friendly. Furthermore, the categorization of devices and policies on the portal is excellent. We can categorize devices, look for conditional access, and check for configuration compliance in a specific location. The categorization is the best way currently available.

The worst aspect is the reporting. We are still in the development phase of reporting, and it is not always accurate. Sometimes, we don't receive the correct report, devices aren't listed as they should be in the Intune portal, or deployed applications and user policies aren't reported by Intune even though they are present on a device. There is room for improvement in Intune's reporting capabilities.

If my organization has sensitive data we don't want to leak, deploying the policies can present technical challenges and potential loopholes. While 90 percent of end-users are not technical enough to find these loopholes, a user trained on Intune who understands the background processes and policy weaknesses could pose a security risk to the organization.

App protection policy and compliance state. Recently, I encountered a user scenario similar to one I've experienced as an administrator. If my device is enrolled in Intune but not through a corporate method, some loopholes allow administrative control of the device itself. We can un-enroll the device and remove the management profile, yet the Intune portal will still show the device as compliant because it captured the last compliance state. As long as the device reports to Intune, its compliance status in the portal remains unchanged, regardless of its actual state. Only when the device stops checking in with Intune will the last compliant state be displayed, with no indication of non-compliance. The device's Intune compliance state will show the last check-in time. We can leverage the newly integrated data loss prevention feature in Intune to improve the app protection policy, which is currently inconsistently effective. With the appropriate licensing, deploying data loss prevention policies can enhance our protection strategy.

I need to delve into reporting and analytics. The policies, restriction policies, enrollment limitations, and everything else are great. However, one current limitation is that we can't roll back security baseline policies deployed from the Intune portal to a device. Those changes are permanent if a security policy changes the device's registry. If an administrator mistakenly deploys settings from a baseline policy instead of a restriction policy, the only recourse is to reimage the device. In my opinion, baseline settings shouldn't be permanent. However, as developers of the Intune portal, there must be some significance to these clients.

I have been using Microsoft Intune for four years.

I would rate the stability of Microsoft Intune seven out of ten.

I would rate the scalability of Microsoft Intune eight out of ten.

I was the Microsoft Intune Closure Engineer, working in a global support group. My role involved providing solutions for Microsoft, addressing tickets created by users or administrators worldwide. I would rate the overall Microsoft support an average of eight out of ten. The support process begins with a ticket being assigned to a junior engineer with basic understanding, which I'd rate a six. If the user's issue remains unresolved, it escalates to a level two engineer, improving the rating to an eight. In rare cases, unresolved issues are escalated to a senior engineer which would drive the rating up to nine out of ten.

Positive

Before Intune was introduced, we had to use Office 365 for MDM, which had limited options. Then came the legacy Intune portal, followed by the endpoint management folder, the most recent portal we've used. I've also used Jamf and AirWatch a bit, but I'm not as proficient with them as with Intune.

The initial deployment of Intune was complex, with deployment time dependent on the specific environment. For organizations with multiple sites, Intune deployment is particularly challenging and can take four to five months. The migration itself is not a simple task and can be time-consuming. Based on past experience, assessing existing security policies and applications from the on-premises environment is crucial before identifying what can be achieved with Intune, given its limitations compared to SCCM. While Intune can replicate some functionalities achieved through group policies, the migration process can still take a considerable amount of time, ranging from seven to eight months to even one and a half years, depending on the environment's complexity.

Microsoft licenses are costly. Organizations should determine the best license to get the maximum features based on their requirements. Intune comes with multiple licenses, including E3, E5, standalone Intune, and a few more. Microsoft 365 is also an option. There are almost seven license lists where Microsoft Intune is present, except for the standalone license. It's definitely costly. Microsoft could look further into providing some cost-cutting measures for the licenses.

I would rate Microsoft Intune eight out of ten.

Intune includes various features and categories, allowing management of operating systems like Linux, Windows, iOS, macOS, and Android. Its user interface, departmental organization, and enrollment process are all straightforward. However, based on my six years of experience with Microsoft products, including four years specifically with Intune, its reliability is around 80 percent. Occasionally, it doesn't report correctly, or devices fail to receive deployed configurations. In comparison, AirWatch seems more reliable. Despite this, considering my overall experience with Microsoft, it still offers one of the best management solutions. Intune's predecessor, SCCM, which manages devices on-premises, is more reliable because Intune is still developing.

I'm working on two accounts. Under one account, I have a growing number of devices. So far, there are approximately 300,000 Windows devices, 100,000 Android devices, and 250,000 iOS devices in one environment. The number of users is similar. In another environment, which I've been using, there are a large number of devices. It's taking time to load, but I would say there are approximately 400,000 to 500,000 Windows devices in this environment.

Intune is continually evolving. If a feature is currently unavailable or needs improvement, we typically provide feedback to the Intune development team, and they implement or enhance that feature in a future release. In new releases, developers add features, and if there's a need to further develop or enhance those features, we see those improvements in subsequent releases. Maintenance on the Intune portal is necessary to facilitate these dynamic changes. Additionally, the Intune environment itself requires maintenance. This includes managing user accounts and enrolled devices, as well as adjusting restriction and security policies as needed.

I recommend Intune because it offers multiple features within a single environment. Once deployed, you can manage iOS and other platforms from one location. However, there's a caveat: if you have a highly restricted or complex environment where security is paramount, such as in banking, federal agencies, or similar organizations, you might reconsider using Intune due to potential reliability concerns.

My use case for Microsoft Intune includes managing a fleet of about close to 800 laptops and another 500 mobile phone devices like iPhones. We migrated to Microsoft Intune to control and reduce the MSP cost, as our provider was very old-fashioned. As the solution architect, I create plans to ensure cost reduction and process efficiency, particularly regarding Windows patching. 

There wasn't any visibility regarding our devices. Most of the time, we couldn't tell which devices were turned on and which weren't. This lack of clarity resulted in delays with patches, as some devices were not powered on. Overall, it was a mess. To address this issue, we centralized everything into Intune, and we've been handling the patching process since last year. Additionally, we removed Bitdefender and whatever version we were using, and we implemented BitLocker.

From Microsoft Intune, everything is automated. If you need to get the keys, it's super easy for users to obtain them, and someone from IT should also be able to access them. We use Intune because it supports a hybrid environment, allowing us to manage both on-premises devices and our cloud-based services. This means we can still utilize our Active Directory organizational units (OUs) through Microsoft Intune's policies.

Eventually, we plan to migrate everything to Microsoft Intune. However, if we acquire another company that is behind in technology, we might still leverage the traditional Active Directory approach. This would involve integrating their domain into ours, while at the same time continuing to use Microsoft Intune.

We work in the agricultural supply chain, but we prioritize technology. We have the world's fastest terminal for grain loading and unloading, located in Vancouver, Canada. We operate our own trains and are responsible for nearly 20% of Canadian grain exports.

I find Microsoft Intune most valuable for its user-friendly automation and ease of use compared to other tools. We also started using Azure Windows Update Manager for our servers. Microsoft Intune is automated, where you don't need to be an Active Directory guru to manage OUs. This ease has significantly improved our patching process, allowing users to have options on whether they want to receive updates immediately or delay them, which enhances user experience compared to when we used other tools that forced reboots during meetings. With these improvements, I estimate we've reduced our patching costs by over $100,000 a month, as the MSP previously had to troubleshoot various issues manually.

To improve Microsoft Intune, I suggest enhancing reporting capabilities, including better visualization and more export options for deeper analysis. Integrating Power BI reports would be beneficial, as it currently requires manual API interaction rather than having straightforward pre-built reports.

I have been using Microsoft Intune for about two years now.

I have an issue with my MSP who is providing Azure service and other things. I used to work at ExxonMobil, where when you called or sent an email, you would receive a response within an hour. However, with Microsoft, it takes a lot longer, and I’m not getting quick resolutions. Sometimes, I find myself bouncing around between different support groups. I believe that for smaller clients, there should be a special support system in place.

Neutral

We were previously using McAfee for security. At that time, we didn’t have Microsoft Intune. After we transitioned to Microsoft Intune, we used it to encrypt our devices. As a result, we removed Bitdefender, which was the McAfee equivalent, and started using the Microsoft version instead.

I was involved in the initial setup and deployment of Microsoft Intune. It depends significantly on how the initial Active Directory was configured, and we faced considerable challenges during the registration of a hybrid setup, as hybrid configurations are complex. While cloud setups are easier, hybrid is more cumbersome. It requires knowledgeable consultants or an adept IT team familiar with all features and registrations. Through three months of trial and error, we reached a setup that works for us.

We have a cloud engineer. We also have some analysts, so about four or five people were involved.

With these improvements, I estimate we've reduced our patching costs by over $100,000 a month, as the MSP previously had to troubleshoot various issues manually.

I've heard that they might take it away from the E3 license and charge us separately. I'm not sure if it's true or not. My E3 license covers Microsoft Intune, so I think we're good.

Microsoft Intune does not yet bring all endpoint and security management tools into one place as we are still integrating everything. We haven't yet started using Microsoft Endpoint Protection and are still relying on other tools such as Tenable.

The user experience with Microsoft Intune has improved significantly over time. When I started, there was a learning curve, but I find Microsoft to be consistently better than other vendors. I might be biased as I'm essentially a Microsoft shop being a Microsoft certified solution architect with six different certifications from Microsoft.

Using Microsoft Intune alongside Microsoft Office and integrating tools via Graph API allows for seamless extension within the Microsoft ecosystem, while integrating third-party tools can complicate management. My experience with Enterprise Application Management in Microsoft Intune includes managing some applications, although we haven't yet started with dashboards to show downloadable applications.

We use Microsoft Intune to manage Windows 11 upgrades, which proceed smoothly. With Microsoft Intune, I am managing devices, including mobile devices such as iPhones, but I plan to incorporate security endpoints soon, possibly next year. We conducted Windows 11 upgrades recently since the deadline for Windows 10 licensing is approaching. This project initiated last year with the focus on drive encryption, followed by transitioning rules from OU to Intune, and we are now proceeding with Windows upgrades.

We use the cloud interface of Microsoft Intune only, without utilizing any SDKs yet. 

I would advise adopting Microsoft Intune as soon as possible. It's crucial to manage a multitude of devices since efficient patching is essential for security. Outdated devices pose vulnerabilities for hackers. Microsoft Intune is a leading tool in this regard, as it passively pushes updates with minimal user intervention.

We currently have only our managers utilizing Co-pilot in Microsoft Intune by activating it specifically for them. I am familiar with Co-pilot, and I am also a manager. I have heard that the licensing for Microsoft Intune may be separated from the E3 license. Currently, I believe that my E3 license covers Microsoft Intune, enabling us to operate without concerns.

I would rate Microsoft Intune a nine out of ten.

We primarily use Microsoft Intune for managing laptops, cell phones, and mobile devices. We aim to have control over corporate data when it is on personal or company-owned devices. This control is crucial for ensuring data protection, especially when a device is lost or goes missing.

Microsoft Intune helps us avoid issuing everyone company-owned devices. We provide a stipend, allowing users to bring their own devices. This approach gives us leverage against other MSPs. It also enhances collaboration because clients already covered by specific licensing can optimize their usage of Microsoft Intune.

Intune's integration with Microsoft 365 is exceptional. It allows a cohesive management experience for users, especially for a small MSP like ours. The automated deployment and configuration using Autopilot and the ability to secure data on lost devices are particularly helpful features.

The solution's user experience is so simple I can give a two-page PDF on how to enroll a cell phone or device, and they can follow it. Automatic enrollments help us migrate large numbers of users.  We take it slowly with them, but they are surprised at how easy it is to enroll a device.

We're still preparing to turn on Copilot in our environment for testing, but we need to sort our security more. We're doing a demo of Copilot, and we're checking out the features. We use another tool to pull the device data, but having everything in a single pane of glass makes more sense. We have to pull this information from four windows now, so having everything in one place is simpler.  

Training will be much easier for us than training someone on 20 different. Giving someone a few videos and having them start going through it will be more straightforward. I'm excited to see the growth of Copilot with Intune.

I would like Intune to natively support easier report generation. This improvement would enable less experienced staff to run reports more efficiently without relying on additional tools or functions.

We have been using Microsoft Intune for at least six years.

Microsoft Intune is reliable. Devices do not frequently go offline, and any connectivity issues usually stem from the user's side, such as a device being turned off.

Microsoft Intune allows us to scale device management efficiently. The system is easy for both technical and non-technical users to navigate, supporting a wide range of devices without complications.

I rate Microsoft customer service six out of 10. While some technicians go above and beyond, there is inconsistency, and connecting with the most helpful representatives is occasionally challenging.

Neutral

We initially used AirWatch for mobile device management before Intune matured. Eventually, Intune’s integration with Microsoft 365 became advantageous, allowing us to consolidate systems and migrate clients using alternative solutions back to Intune.

The setup, especially for mobile devices, has become entirely automated. Devices sync with accounts like Apple Business Manager or Samsung Knox, eliminating the need for hands-on configuration. From there, you can deploy everything by device or user login. 

Before, we used to bring them into our office. We would configure it and ship it out. We now pushed that back to the client and someone in charge of cell phone policy. Once they're powered on and signed in, everything else is taken care of.

We consulted Pax8, our partner, during the implementation for insights on licensing and Intune integration. Their support, coupled with information from Microsoft Ignite, helped address hybrid enrollment challenges.

We've seen a positive return on investment. The ease of use, along with automated features, proved beneficial when handling lost devices. A client successfully restored their wiped iPad and laptop, showcasing the system's efficiency.

Our company uses a flat rate model called stress-free IT. This model aligns with the necessary licensing, making it easy to cover features like Intune and conditional access, which are integral to our service offering.

We evaluated AirWatch (VMware AirWatch) and other mobile device management solutions before consolidating our clients under Intune due to its superior integration with Microsoft 365.

I rate Microsoft Intune nine out of 10. 

We use Microsoft Intune as an MDM solution for all of our Windows laptops and some of our company mobile phones. This serves as an endpoint solution we use so we can control the users' laptops or phones and have access to things on their devices.

Without Microsoft Intune, there would be a lot of cybersecurity attacks happening. We need to use Microsoft Intune so we know which devices can access all of our company resources. If they don't have Microsoft Intune, we automatically deny them from accessing company-sensitive information, so it serves as a layer to protect all of our assets.

I appreciate how easy it is to deploy certificates to end users to get control over their device with Microsoft Intune; that's what Microsoft Intune is known for, and that's what we use them for.

The user experience of Microsoft Intune is pretty easy. Initially, the user has to download a certificate, so when we first give them a certificate to download, they download it on their side, and once they verify themselves, we have access to their phone or laptop, which works pretty effectively.

We are using Microsoft Copilot with Microsoft Intune. Microsoft Copilot helps us with the deployment of Microsoft Intune. Previously, things were more difficult to manage, especially when certificates expire, as they need to be pushed out every year. Sometimes we forgot that, and then people's laptops stop working, so Microsoft Copilot helps us stay on track.

Microsoft Copilot is equally as important as Intune. The go hand in hand as it works in conjunction with Microsoft Intune to affect the deployment process.

Microsoft Intune can be improved by making it even more seamless for users to download their certificates. Currently, we have to push it out to their laptop and they have to do some work on their end, but if we could integrate it so it's seamlessly done and the end user doesn't even know that Microsoft Intune is on their laptop and it's just naturally there, that would be even better. This is especially true for Apple devices, such as Apple phones, where you have to push it out and the user has to accept or deny whether Microsoft Intune can have access to these applications. If it were easier for us to do it automatically without getting permission, that would be beneficial, but in today's environment, we have to get permission to access data.

To make it a perfect ten, it would be helpful if there was a better way to troubleshoot user issues, as I've had a few users with corrupt files before and had to redeploy it without knowing the root cause.

We have been using Microsoft Intune for eight years.

I would rate Microsoft Intune a nine out of ten for stability and reliability. We've never really had any issues with it in the past, and if we have, it's maybe one or two random people where their certificate is corrupt or something's wrong, so we just need to go back and redeploy it, which is not really a significant issue.

Microsoft Intune scales very effectively with our growing needs. The only requirement is more licenses, so once we get more licenses, we're able to deploy them more quickly.

I haven't needed to contact customer service or technical support, which is a good sign. Since I haven't had to use them, I have no experience with their quality of service.

Positive

We did not use a different solution. We started with Intune.

My experience with the deployment of Microsoft Intune was good. Initially, I didn't know much about it, so I had to review all the documentation, complete training, and watch videos to get familiar. Once I got a grasp of things, I tested it on my phone and laptop, and when it worked, I felt comfortable deploying it to more people. I eventually deployed it to about 7,000 machines as it scaled up.

The biggest return on investment for using Microsoft Intune comes down to protecting security. We are protecting all of our assets and using it as an endpoint MDM solution, which fulfills our needs.

Microsoft Intune costs about $7 per user per month, which is somewhat on the pricier end. That said, it's a reliable product, so it's fair. If it were less expensive, we would be able to roll it out to more people, so it's definitely something we're considering.

We use Microsoft Intune for Windows products and Jamf for Apple Mac products. I'm not sure if Microsoft Intune works for Macs. If they do, that's something we'd be interested in exploring.

I prefer Microsoft Intune because Jamf is not the most reliable solution based on my personal experience.

We do not use Microsoft Intune Suite's cloud PKI.

We also do not use the Enterprise Application Management features of Microsoft Intune Suite.

I haven't examined the Advanced Endpoint Analytics in the Microsoft Intune Suite yet. That said, we do have it; I just haven't had the opportunity to review it.

I rate Microsoft Intune a nine out of ten.