Try our new research platform with insights from 80,000+ expert users
Aekantak Vashistha - PeerSpot reviewer
Cloud Engineer III at Insight
Real User
Top 10
Intune centralizes device, application, and policy management, enhancing IT efficiency and security, though some custom deployments require additional innovation.
Pros and Cons
  • "I like how Intune brings everything into one place. For example, you can set up conditional access to applications and devices inside Intune. I also like the segregation inside the Intune devices. You can segregate them by Windows, iOS, iPadOS, macOS, and Android. You can sort it by platform, so you don't need to go into the devices section."
  • "I rate Microsoft support four out of 10. Support is one area where Microsoft needs to improve a lot. I recently raised a ticket for a Microsoft Azure issue, and it took two and a half weeks for support to reply. They need to improve support across their entire catalog of products."

What is our primary use case?

You can use Intune to manage devices for any size project, from a small business to an enterprise-level project. You can manage hundreds of thousands of devices. Intune can manage on-prem and cloud services. We are working with large enterprises mostly.

How has it helped my organization?

Intune encompasses all devices, applications, and policies that can be deployed within an organization through a single portal. In the event of an outage, it simplifies the management and resolution of issues or policy adjustments. It allows for the management of security profiles, applications, and devices from one portal across any operating system platform.

Consolidating everything in one location enhances the efficiency and productivity of IT administrators. Since adopting Intune, our IT team's productivity has increased by 20 to 30 percent. Additionally, the integration of Copilot has further improved our efficiency by 5 to 10 percent.

However, there are exceptions. Certain applications cannot be deployed easily via Intune. Win32 deployment is necessary for these, which can be challenging as it demands extensive testing to release a custom package from Intune. More innovation is needed to deploy custom applications, which would greatly benefit us. For most enterprise scenarios, application deployment is relatively straightforward.

Hybrid environments call for innovation, particularly with hybrid enrollments using GPO. While most autopilot hybrid scenarios and co-management run smoothly, I have encountered issues with hybrid GPO enrollments due to their complexity.

Intune is a leading secure solution in the Indian market. It allows the creation of any conceivable security policy. With the addition of Purview and DLP modules and integration with Microsoft Defender for Endpoint, security has never been a concern, and our security posture is nearly impeccable.

Intune has also facilitated vendor consolidation. It is our primary recommendation for an MDM solution because it offers the productivity and features that would otherwise require integration of multiple solutions from other vendors. The industry is now transitioning from on-premises Intune to cloud-based management.

Intune enables the deployment of any security solution. Although it does not integrate, it allows for the deployment of a wide range of security measures.


What is most valuable?

I appreciate how Intune consolidates everything in one location. For instance, it allows the setup of conditional access for applications and devices directly within Intune. The segregation feature within Intune devices is also beneficial. Devices can be categorized by Windows, iOS, iPadOS, macOS, and Android, and sorted by platform, eliminating the need to navigate the devices section.

The app management feature has seen significant improvements. Initially, navigating the app section was quite challenging, but now, all my concerns have been addressed. It's possible to deploy or manage any application, with reports and app-protection policies accessible in the same section, which is quite convenient.

I would rate the user experience at nine out of 10. Having utilized various MDM solutions from Microsoft, Cisco, and VMware, I find Intune to be superior. We employ Microsoft Defender for Endpoint and DLP policies in Purview, along with multiple security policies such as baselines and BitLocker for encryption. This integration simplifies the administration of security features from other tools in one place.

The most sophisticated analytics we've utilized are group policy analytics. As a consultant, I often handle multiple migrations, primarily from on-premises to the cloud. Group policy analytics are particularly useful in these scenarios as we migrate on-premises policies. If Intune lacks support, we must either start anew or seek alternatives.

Copilot is beneficial as it supports various CSPs or policies. Despite extensive use, one cannot be fully versed in everything about Intune. Whenever there's confusion, Copilot is a valuable resource to clarify and ensure the feasibility of creations within Intune. Copilot assists in profile creation and assignment considerations.

My perspective on tools like Copilot is that they are artificial; the intelligence aspect is still emerging in the AI industry. Nevertheless, Copilot is a well-maintained and informed tool.


What needs improvement?

Microsoft currently restricts deployment to PowerShell or XML scripts, so it would be beneficial to support additional scripts such as command scripts, C languages, or TypeScript to enhance systematic compliance.

While the UI has been updated, it could be made more accessible. Navigating to a specific section in Intune requires multiple clicks through different areas before arriving at the intended destination, indicating the UI could benefit from further improvement.

The process of application discovery and deployment is relatively seamless. Nonetheless, there is room for enhancement in the reporting aspect. Intune still lacks comprehensive reports, and notably, its failure reporting does not succinctly communicate the full extent of an error.


Buyer's Guide
Microsoft Intune
October 2024
Learn what your peers think about Microsoft Intune. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.

For how long have I used the solution?

I have used Intune for more than six and a half years. 

What do I think about the stability of the solution?

I rate Intune 10 out of 10 for stability.

What do I think about the scalability of the solution?

With Linux and Chrome OS now supported, the scalability has reached 100 percent. Every device or endpoint operating on our OS can be enrolled in Intune. 

How are customer service and support?

I would rate Microsoft support as four out of ten. Support is an area where Microsoft could significantly improve. I had an issue with Microsoft Azure recently, and after raising a ticket, it took two and a half weeks to receive a response. There is a need for enhanced support across all their product offerings.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We have utilized Cisco Meraki, VMware Workspace ONE, and Jamf for managing Apple devices. However, Intune stands out among these options because it overcomes application deployment limitations that others have. While some support only Apple or Windows devices, Intune excels in compatibility, supporting Android as well. Moreover, Intune can implement more security policies than any other MDM solution available.

How was the initial setup?

Hybrid enrollment is typically complex, yet cloud autopilot simplifies the process considerably. It's possible for anyone to grasp cloud deployment within five to ten minutes. While the most intricate enrollments, involving thousands of devices, may take two to three weeks, a cloud-based deployment can be accomplished in approximately one week.

What about the implementation team?

This was completely in-house.

What's my experience with pricing, setup cost, and licensing?

Intune is considered moderately priced. It is available as part of a bundle with Microsoft 365 E3 or E5 licenses. While the E5 licenses are somewhat costly, Intune offers some more affordable solutions.

Which other solutions did I evaluate?

Yes, we evaluated Cisco Meraki and VMware workspace One.

What other advice do I have?

I give Microsoft Intune a rating of nine out of ten. Intune stands out as one of the top solutions in the market, and its capabilities are expanding with the integration of cloud PCs, Chrome OS, and Linux systems. For any large enterprise, I endorse both Intune and Defender.

The recent CrowdStrike outage, which is the largest in IT history, affected only systems without Microsoft Defender but with CrowdStrike. This incident underscores the importance for enterprises to transition towards deploying Intune and Defender for enhanced security.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
GauravMukherjee - PeerSpot reviewer
IT Infra Lead at Coforge Growth Agency
Real User
Easy to package applications and manage device updates through Intune

What is our primary use case?

We use endpoint management, both SCCM and Intune, so it is a hybrid model that we use in order to manage applications, patching, updates, and operating system deployment with Intune. We also use Autopilot for deployment.

How has it helped my organization?

Intune has been effective in managing various mobile devices. It would be Apple Business Manager for Apple devices, the iOS tray. It's easier to manage from Intune compared to Android. I've recently heard that Android devices will no longer be managed from Intune. The MDM part is moving away.

Intune's app management feature for supporting business operations is very easy and seamless for an admin to package applications on Intune. It's also very easy to track logs on the end-user device to understand deployment or push failures. Application management works really seamlessly with Intune.

Moreover, Intune has made it very easy to package and deploy LOB apps like MSI and MSI X applications available on the Microsoft Store. This is very helpful.

Intune brings all of the endpoint and security management tools into one place. Microsoft has integrated all its cloud platforms, like Defender for Endpoint and Intune for endpoint management. We can easily manage the Defender part from the Defender portal for endpoints, and it's very easy to track vulnerabilities on the Defender portal as well. 

It's just a matter of installing the Defender client on a device, and we can easily see all the scan results from that device on the portal. So it's very easy and simple, and the security information is all on the dashboard, ready to be presented to the client.

Automatic updating can be challenging for apps not available on the Microsoft Store. We need to package and download those apps, and it's not just pushing them; we need to create scripts to uninstall previous versions. That's a caveat compared to SCCM, where we can integrate third-party tools to manage third-party applications. I hope they will soon integrate something like Patch My PC. Apart from that, it's good.

We don't use the advanced endpoint analytics but, we use the basic features available on the dashboard. We have various data sources and get a lot of reports from there.

We also don't use Intune PKI as of now because we manage PKI from our on-prem environment. But we have seen that BYO CA (Bring Your Own CA) is now available on Intune. We can bring our own CA to reduce the load on the on-prem infrastructure. That's one of the features we need to test.

Overall, Intune provides a more secure and easily monitored environment, with live and native support, unlike other tools. For example, we might get data that is seven days old with other tools, but with Intune, we get data that's only eight hours old. This helps us understand what applications run on a particular machine and which operating system is installed. Intune has saved us time and provides valuable features.

What is most valuable?

The best features are application and update management. In the context of updates, it's very easy to manage device updates through Intune because they pull updates directly from the internet. We don't have to select and push updates as we do with SCCM. 

For application management, we have many options for packaging applications. 

The overall user experience of Microsoft Intune a ten out of ten. There are certain limitations, but I would still rate it ten out of ten compared to Jamf, Tanium, and BigFix. I find Intune far better and easier to use.

I also tested the enterprise application management feature. The way we are packaging using Windows 32 apps and LOB apps. These are pretty simple to manage.

We recently introduced Copilot on Microsoft 365 portal to help draft emails. We were highly dependent on Grammarly before, but Copilot has replaced it and saved us the licensing cost. That's one way we use Copilot.

Copilot won't protect our environment. It's just an AI tool. Defender is responsible for protecting our environment. Copilot can answer our questions quickly, without needing to browse through Google or a browser. It's integrated into almost every application. We can click on it and ask our questions.

Copilot has reduced the load of typing. We can just give it a brief instruction, like "draft an email to my manager regarding a new joiner," and it generates a draft. This saves us time and typing effort. We just need to proofread it.

We've only seen Copilot so far. We haven't tested any other AI tools in Intune yet. Copilot is very useful, and it's a Microsoft product.

What needs improvement?

The challenge we experience is with Mac management. We find Intune not capable enough to handle Mac devices, configurations, or operating system deployments. However, it's easy to manage Windows devices. Mac itself has a lot of restrictions. Linux and Mac operating system compatibility need improvement. Also, they need to work on making GPO (Group Policy Objects) compatible.

Microsoft needs to work on Autopilot and make it simpler at the end-user level.

We also face challenges managing group policy. Many group policy objects that we can manage from on-prem Active Directory can't be managed through Intune. That's something Microsoft needs to work on, and I'm sure they will.

For how long have I used the solution?

I have been using it for more than four years. 

What do I think about the stability of the solution?

It is a stable solution. I would rate it a nine out of ten.

What do I think about the scalability of the solution?

Everyone in our organization uses this solution. But, for the project I am involved in, just 15 people use it. 

We have medium to enterprise businesses as our clients. 

I would rate the scalability an eight out of ten.

How are customer service and support?

The customer service and support are average. Sometimes I feel they don't even know about their product. 

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I can compare it to Tanium. When I was doing a POC in place of Intune, we needed to compare other tools as well. Tanium is a good tool, but I can't find any other tool that can replace Intune with so many features.

I like the user-friendliness of Intune's GUI and the fact that we get so many features under one roof has attracted our attention.

How was the initial setup?

The deployment of Intune depends on the environment in which it is being deployed. In our case, it was pretty simple because we didn't have much insight. However, depending on the requirements of a different environment, it can become complex.

The deployment takes a couple of months would be a good estimate. You need to plan everything and then execute, and migration is involved.

Intune works seamlessly with Microsoft Defender. With other security solutions, we see a lot of challenges. It depends on the complexity and scale of the environment. But it's really compatible with Defender and Intune integrates well with other security solutions.

Intune requires maintenance. It requires internet access because we need to manage certificates, check on the DMF file, and clean up stale devices.

What was our ROI?

It has helped admins immensely in order to manage those endpoint devices. With other tools, the device needs to be on the office network or VPN. Intune removes this dependency. 

We can manage devices through the internet, and we won't miss any devices that are offline.

It has saved 60% of our time. I can't put an estimate on cost savings, but it has saved a huge cost because we don't have to manage infrastructure anymore.

What's my experience with pricing, setup cost, and licensing?

It's a little expensive, but it's worth having.

What other advice do I have?

Compared to other tools in the market, Intune is a good tool to go with. It's a little expensive, but it's really good because we have almost everything under the same umbrella. The features that Microsoft offers are not available in BigFix, Tanium, or Canvas. But it also depends on your budget.

I would definitely recommend it. We get promoted features, and it's easy to use. The ease of use is really attractive for admins, especially compared to other tools.

Overall, I would rate it a nine out of ten. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Microsoft Intune
October 2024
Learn what your peers think about Microsoft Intune. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
Farasat Hassan - PeerSpot reviewer
IT Admin at a financial services firm with 10,001+ employees
Real User
It helps consolidate our endpoints, provide flexibility for users, and save costs
Pros and Cons
  • "Microsoft integrated BitLocker and Active Directory into Intune, simplifying management."
  • "There's a significant discrepancy in Intune pricing between tenants."

What is our primary use case?

Previously, when dealing with COVID-related issues, we had to bring laptops to the office network to resolve problems physically. However, with the introduction of Intune and autopilot, we can now build and manage machines remotely. Intune allows us to upload our operating system and create a tenant, enabling users to enroll and build machines anywhere with an internet connection. This eliminates the need for physical device management and reduces downtime. Additionally, Intune simplifies application management by providing a centralized platform for accessing and deploying applications without requiring multiple servers. Overall, Intune offers significant improvements in device management, flexibility, and efficiency compared to traditional methods.

Currently, we operate Intuneas as a hybrid model. While devices are enrolled in cloud-based Intune, updates are still being deployed from our on-premises SCCM. A complete migration to the cloud will take time, especially for larger organizations with tens or even hundreds of thousands of machines. This transition is hindered by legacy applications that are incompatible with Intune. To facilitate a smooth migration, Microsoft must either enable the use of these legacy applications within Intune or provide equivalent cloud-based alternatives.

How has it helped my organization?

Historically, application management involved installing software on users' machines. However, many organizations now utilize software-as-a-service models that are accessible through web portals like Intune. We also employ App-V to virtualize legacy applications, allowing access to any physical or virtual machine. Our current methods include direct endpoint installation, SCCM deployment, and App-V server hosting applications. We introduced App-V as a virtual application platform to address challenges like developer environment inconsistencies and license costs. By centralizing applications and implementing a first-come, first-served licensing model, App-V reduces costs, improves accessibility, and simplifies management.

Intune consolidates our endpoint and security management tools into a single, user-friendly platform. It seamlessly integrates existing on-premises policies, allowing for easy creation or upload. Organizations migrating to Intune or replacing on-premises Active Directory can effortlessly establish new policies. Unlike the complexities of on-premises management, Intune simplifies policy creation and implementation through a click-based interface, eliminating registry changes. Additionally, Intune's cloud-based architecture ensures consistent policy application across devices, avoiding the delays and potential bandwidth issues associated with on-premises servers. Microsoft's robust infrastructure provides reliable performance, making Intune an efficient and effective solution for managing endpoints and security.

Intune users appreciate its flexibility compared to traditional on-premises Active Directory systems. For instance, with on-premises AD, policy implementation requires the user to be physically present in the office. In contrast, Intune enables remote policy management, as demonstrated by the scenario where a user's account is locked on an Intune-managed laptop. Even if the user cannot log in to the device, unlocking the account in Azure AD automatically unlocks it on the laptop, regardless of location. This significantly improved over previous methods involving complex workarounds like sharing local profile passwords. Intune's integration with Azure AD simplifies account management and provides seamless access for remote users.

We manage multiple users who use Azure AD and Azure VDI machines but often prefer using the VDI machines over their laptops. To address this, we proactively contact users whose laptops haven't reported to Intune in 20-30 days, informing them of potential removal and providing additional notifications through tools like Nexting or SysTrack. We also send emails to users whose assigned machines are inactive, warning of removal if usage doesn't resume within 30 days. Additionally, we monitor machine downtime, login times, and compliance status while pushing necessary policies and updates. Our organization utilizes a hybrid model combining Intune for machine management and BitLocker encryption with SCCM for software updates due to the ongoing migration from on-premises to cloud-based solutions. While Intune enrollment and management are in place, we anticipate a full transition to Intune in the future.

We are using Intune Suites Cloud PKI to assign certificates to users. Previously, we managed Microsoft certificates on a hosted server. This process was manual. However, Intune now automates certificate management. Once a machine connects to Intune and authenticates, the necessary certificates are pushed without manual intervention. VPN login requires both a user and device certificate for compliance. Intune offers certificate management from both Microsoft and third-party vendors. Due to cost considerations, we are transitioning to a different certificate provider within our organization.

We have implemented Copilot in Microsoft Teams and Zoom to improve meeting efficiency significantly. Copilot automatically generates meeting minutes, including attendee lists, saving valuable time compared to manual creation. Additionally, it provides real-time meeting summaries, allowing latecomers to grasp discussed topics quickly. By automating these tasks, Copilot frees up approximately half an hour per meeting, enabling us to focus on more productive activities.

For IT and security operations, our company has implemented Copilot by hosting all ChatGPT features on-premises. As a financial company, we cannot access external AI tools directly. Therefore, our system interacts with our server rather than the Internet, allowing us to utilize ChatGPT capabilities based on our specific business needs.

Intune has significantly improved our device management process. Previously, we had to physically build machines on-site, requiring users to come to the office. Now, we can remotely push updates and assist users from anywhere, saving them time and eliminating the need for travel. Additionally, Intune's dashboard provides comprehensive insights into our device fleet, including compliance status, update failures, and application installations. This centralized view has increased our efficiency and proactivity in addressing issues compared to our previous reliance on SCCM reports.

When enrolling personally owned devices, Intune applies organizational-level settings. This prevents downloads to local machines when using Office 365 applications or Teams. We can restrict downloads to specific containers that cannot be copied to other folders. Alternatively, we can limit application usage to on-premises or organizational machines. While our current setup allows Office 365 access on handheld devices, downloads and uploads are blocked. Intune offers this level of control, preventing data transfer to or from the device, regardless of whether it's personally owned or a company-issued app.

We are upgrading our privilege management policies to mirror those already existing in our on-premises Active Directory. While we are not making substantive changes, Intune's endpoint privilege management offers significant improvements over our previous approach. By consolidating multiple policies into a few comprehensive ones, we can more effectively restrict user actions based on organizational hierarchy. This streamlined process eliminates the need for extensive group management in Active Directory and saves time overall.

Once implemented, our policies will reduce the attack surface by restricting service access only to users possessing an infrastructure organization certificate, which we have obtained. Additionally, we will enforce IP-level restrictions, preventing access from personal devices or those outside our specified IP ranges. We can implement these restrictions at the IP, device, or certificate level.

Intune has significantly reduced our costs. Previously, we managed multiple servers, but now we rely solely on a CCM server, which will be decommissioned soon. This eliminates the need for on-site server infrastructure, backup systems, dedicated staff, and extensive network support. With Intune, we can host the CCM server in a central location and avoid latency issues associated with multiple servers across different regions. Additionally, expanding to new offices no longer requires building additional data centers. Intune's cloud-based platform allows remote access from any location without needing on-premises infrastructure. As a result, many organizations, especially smaller ones, are adopting cloud-based solutions and eliminating the need for physical servers and laptops. Employees can leverage their own devices to access applications through Intune, further reducing costs and increasing flexibility.

We can primarily manage security posture through Intune. However, due to pricing, we will likely use a third-party solution for device certificates. Interestingly, Microsoft seems to be introducing third-party vendor options within their portal. Ultimately, the security team will evaluate all options, including Intune, considering factors like policies, pros, cons, and pricing before deciding.

Intune Suite's integration with Microsoft 365 and Microsoft Security provides robust capabilities for centrally managing both cloud and co-managed devices. Previously, managing Exchange, Active Directory, and applications required separate teams, but Intune has streamlined this process, enabling efficient management of all mailboxes across devices from a single platform. It's incredibly easy to manage, allowing for remote administration and policy creation. Unlike the previous process of manually creating and testing Group Policy updates, Intune simplifies policy creation and testing with just a few clicks. Additionally, Intune eliminates the challenges of server-based upgrades by providing centralized management and control.

We are currently utilizing multiple security solutions, leading to a complex environment. Due to cost considerations, we are transitioning from Microsoft's device certificate to a solution from a different vendor. Additionally, we are integrating this new solution with Intune and have replaced Jamf to manage our MacBook fleet. This change eliminates Jamf license costs while allowing us to manage Mac devices through Intune centrally. Similar to our previous use of Jamf, we incurred costs in a previous company but have successfully eliminated them by consolidating management within Intune. Furthermore, we are exploring Microsoft's evolving Office 365 licensing options. The latest E5 license offers integrated phone capabilities, replacing the need for separate devices like Cisco or Avaya phones. This consolidation allows users to make domestic and international calls through Microsoft Teams directly.

What is most valuable?

Previously, we relied on third-party applications like PointSec for mobile device security before Microsoft introduced BitLocker. PointSec required complex management, including console login, authentication, and handshake processes. BitLocker offered a cost-effective solution, initially used independently of Intune. However, Microsoft integrated BitLocker and Active Directory into Intune, simplifying management. While our previous company used an outdated AD environment that was difficult to migrate, Intune's integration with AD FS eliminated these concerns. Intune now allows us to easily manage BitLocker, including remote device wiping, providing enhanced security and control over mobile devices.

What needs improvement?

We currently aren't building any data centers. Previously, we did, but now we're facing a tenant-related issue. When accessing a US-hosted Azure machine from India, latency is a problem regardless of whether we're using a data center, our own, or Intune. I believe Microsoft could offer a feature to create a nearby tenant, allowing users in India to create one there rather than dealing with multiple tenants, policies, and groups for different regions. For example, if a company with a US-based data center expands to India, they currently need to create a separate Indian tenant to provide machines for Indian employees. Instead, Microsoft could potentially offer a peer-to-peer connectivity solution or similar approach, enabling access to US-based machines from India without requiring additional tenants or administrative overhead. This would simplify management, as administrators wouldn't need to handle separate tenants for each region.

There's a significant discrepancy in Intune pricing between tenants. Previously, my company assigned Canadian machines to Indian users due to a lack of Indian tenant options. This resulted in exorbitant costs compared to the drastically lower pricing for identical configurations in India. Given that Microsoft can determine the user's location based on IP address, they could potentially adjust pricing accordingly. For instance, a Canadian machine accessed from India could be charged a reduced rate similar to locally provisioned machines. This would align pricing with the actual location of use rather than solely relying on the tenant or data center.

Intune's lack of support for legacy applications is hindering rapid migration to Intune or Microsoft platforms. Organizations are reluctant to switch due to Intune's limitations and potential cost implications compared to alternatives like AWS or Google Cloud. While many organizations are using Intune and registering applications, they often rely on other cloud providers for specific services like storage or SQL. Given the extensive use and reliability of platforms like AWS over the past decade, Microsoft should consider offering competitive pricing and comparable services to encourage wider adoption of Intune.

For how long have I used the solution?

I have been using Microsoft Intune for two and a half years.

What do I think about the stability of the solution?

I have never experienced any stability issues with Intune. If something occurs, it is resolved in a fraction of a second. I would rate the stability ten out of ten.

What do I think about the scalability of the solution?

I would rate the scalability of Intune nine out of ten. The scalability is dependent on the configuration. To increase usage, we have to pay more.

How are customer service and support?

The technical support is good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previously, we relied on SCCM and on-premises Active Directory, which was challenging due to manual account management and group assignments. Intune has significantly improved this by allowing us to implement policies upon user creation and automatic replication. Active Directory management was often problematic, with group removals due to scripts and inconsistent replication across different locations. Intune's cloud-based nature ensures faster updates and accessibility regardless of location or VPN status. This flexibility benefits both IT staff and end users. Intune's integration with Windows and potential for future enhancements, such as system health monitoring, make it the leading choice over third-party solutions.

How was the initial setup?

Intune deployment is straightforward. Even end users can perform it. All organizational laptops have a built-in operating system. Resetting a laptop returns it to factory settings, automatically installing the enterprise OS, ready for Intune enrollment. The only requirement is internet connectivity. Enrollment is simple: log in to the laptop, press Shift, restart, and the device enters enrollment mode.

Deployment time varies based on the operating system's complexity. At my previous company, we deployed twelve applications within the OS. Currently, I manage the deployment of over forty applications through autopilot. The exact duration depends on the specific OS configuration, including the number of applications and other bundled components. Generally, it can take anywhere from two to three and a half hours to complete the process.

What's my experience with pricing, setup cost, and licensing?

Microsoft's pay-as-you-go pricing model for Intune could benefit from a Google-like approach. While Microsoft charges for actual usage, it lacks discount options. In contrast, Google offers discounts based on usage duration, rewarding customers for extended service utilization. AWS also provides organizational-level discounts, demonstrating alternative pricing strategies. Intune's current focus on cost savings through service adoption is effective, but incorporating usage-based discounts could enhance its competitiveness and attract more customers. While the current pricing is market-competitive, additional discounts could position Intune as a more compelling option.

What other advice do I have?

I would rate Microsoft Intune ten out of ten. Previously, we had to physically go to the office to build machines. Now, we no longer need to build them on-site, as Intune allows us to manage many aspects of devices remotely and easily without a VPN connection. It's truly a SaaS solution.

If someone is interested in using Intune, I would need to assess their enterprise's size, work location, and specific needs to determine if it's suitable. Intune is particularly beneficial for remote workforces and larger organizations due to its ease of management and scalability. I would evaluate their department structure, policies, applications, and existing infrastructure to provide tailored recommendations. Intune's cloud-based nature eliminates the need for on-premises infrastructure, reducing complexity and administrative overhead. Additionally, it consolidates management responsibilities, allowing for efficient oversight of various IT functions. Compared to traditional IT setups, Intune simplifies email management with cloud-based solutions like Office 365, offering increased storage, accessibility, and device compatibility.

Approximately 60 of our 100 employees utilize Intune, and the platform manages 100 percent of their devices.

Intune generally requires minimal maintenance, but this depends entirely on the complexity of our created policies, including allowed and restricted settings. While Microsoft offers guidance to minimize management efforts, adhering strictly to their recommendations is essential for full automation. Customizations may necessitate ongoing maintenance. Ultimately, closely following Microsoft's guidelines will optimize Intune management and minimize our workload.

We also use Bing Copilot, but I find Bing AI less effective than ChatGPT. Bing frequently requires multiple prompts before providing a response, whereas ChatGPT typically delivers accurate answers more directly. For instance, when asking for a Microsoft Outlook KB article, Bing requested clarification on the term "KB," while ChatGPT promptly provided relevant KB articles. It seems Microsoft's AI could benefit from further development to match ChatGPT's capabilities.

I recommend Microsoft Intune for larger organizations. Legacy applications may not be compatible with Intune, preventing their use. Smaller companies might consider Software as a Service solution like Office 365 instead, offering email, PowerPoint, and other tools without requiring Intune. Enrolling devices in Intune for small businesses might not be justified due to the costs and IT management overhead. However, for organizations with 1,000 or more employees, Intune can provide enhanced security and device management. If Intune pricing is scalable based on the number of enrolled devices, smaller companies could evaluate it. Ultimately, the decision depends on the organization's size, IT resources, and security needs.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
ManojNair4 - PeerSpot reviewer
Founder/Director at Augesys Solutions Pvt Ltd
Real User
Top 10
Replaces third-party products and is easy to deploy a configuration or policy to a system
Pros and Cons
  • "It's easy to deploy a configuration or policy to a system, especially when you don't have Azure AD. Now we are talking to all these small and medium-sized customers who don't necessarily have an on-premise Windows Active Directory. If they have invested in Office 365 Premium, this functionality becomes available to them."
  • "Reporting in Microsoft solutions is pathetic. With Intune, I'm getting a free inventory tool, but I don't get a reporting tool. When I go to Intune, I can see one machine's entire data in terms of the hardware and the software running on it, but I cannot generate a report for all the machines in the organization. The reporting is the only feature holding back the functionality that is already there."

What is our primary use case?

I'm an IT manager contracting with a European company. We had to onboard Windows machines to the Azure AD, but they did not have an on-prem AD. I prepped the Azure AD on the cloud, and I started to migrate the laptops to Azure AD. 

Once that is done, we need to apply policies, but group policies will not run from Azure AD because there's no on-prem AD to derive the policy from. Intune comes in handy there. It has multiple capabilities. You can create your configuration profiles in Intune that apply to Windows and Mac. You can create security profiles and configuration profiles, and you can apply browser settings to some extent. It isn't a small tool in terms of size or breadth of capabilities. It's very capable. Anybody who has used SCCM will see a lot of similarities.

How has it helped my organization?

Intune has many components that replace third-party products. For example, Intune creates an inventory of each machine. Otherwise, I'd need a third-party asset management tool. Intune can also tell me which users are accessing a given machine because it's integrated with Azure AD.

It's easy to deploy a configuration or policy to a system, especially when you don't have Azure AD. Now we are talking to all these small and medium-sized customers who don't necessarily have an on-premise Windows Active Directory. If they have invested in Office 365 Premium, this functionality becomes available to them.

That's considerable savings because you get Intune with Office, and you're getting slightly more advanced Azure AD capabilities. They also get MS Defender, which is there on the Windows client. This March, Microsoft introduced Defender for Business. They activated the business subscription with the Office 365 Business Premium subscription. If a customer is looking for an antivirus solution with a centralized capability, the product is already there. 

Intune allows you to control the policy if you want to control hard drive encryption. We have third-party tools in the market that we used to invest in. Today, we have Windows-native BitLocker, and I can use Intune to manage that BitLocker encryption.

What is most valuable?

Intune can set policies on each machine. I can create rules and apply them to individual machines. It's much easier than using the Azure AD system.

What needs improvement?

Reporting in Microsoft solutions is pathetic. With Intune, I'm getting a free inventory tool, but I don't get a reporting tool. When I go to Intune, I can see one machine's entire data in terms of the hardware and the software running on it, but I cannot generate a report for all the machines in the organization. The reporting is the only feature holding back the functionality that is already there. 

All the other third-party tools are doing the same thing, whether Atlassian, ManageEngine, or Ivanti. They all install an agent on your system. Intune also has an agent on your system collecting inventory details and sending them across the central console, but Microsoft doesn't have the reporting capability there. That is the only drawback I see.

For how long have I used the solution?

I started using Intune last year.

What do I think about the stability of the solution?

Intune is perfectly stable. We've had zero downtime.

What do I think about the scalability of the solution?

Intune will scale because it's a cloud system. We are not installing anything. It's a Microsoft service. I have it running on around 200 machines.

How are customer service and support?

I rate Microsoft support nine out of 10. In the past year, I've made 20 or 30 support requests on the Intune platform. Each time, it has been smooth. Usually, they sort the problem out on the first try. Once, the ticket was open for about two weeks because they had to do some backend testing on their side. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have used ManageEngine from a company called Zoho Corporation to do inventories and patching. Microsoft Intune lacks capabilities to patch Windows, Office 365, Acrobat Reader, etc. There is no way for me to apply and manage patches. I can create a patch configuration, but I cannot control when it has to be deployed and on which machines. If Intune adds patching, I don't need to invest in another patching tool.

How was the initial setup?

Setting up Intune is pretty straightforward. There may be a few bumps in the road, but you shouldn't have much trouble if you're a system administrator or a pure IT guy. I did it by myself, and it took about two hours. You have to do the basic configuration. 

For that, you need a bit of reading to understand how your configuration is working within your overall setup. Once you do the necessary tweaking, Intune is up and running. After that, you create policies and do a test run on one or two machines. Once you verify that everything is working fine, you deploy it all. 

If you're not a techie, I could guide you step by step. It's as simple as that. After deployment, Intune doesn't require maintenance because it's a cloud product. 

What was our ROI?

We've seen a significant return on the investment. Otherwise, I would have to invest in a regular Windows Active Directory. If I were running Office Standard, which lacks this feature, I would have to buy something like Intune and pay for it annually.

Plus, I have to manage another product on the desktop. For example, if you're using a VPN client, the VPN client has to be installed and requires maintenance if something goes wrong. I don't have that maintenance cost because it's part of the Windows operating system.

What's my experience with pricing, setup cost, and licensing?

We don't pay for Intune because it is bundled with the premium subscription to Office 365. It includes Intune and Defender. I don't have to buy two extra products to manage my enterprise.

What other advice do I have?

I rate Microsoft Intune eight out of 10. Some functionality needs to be improved, but I believe Microsoft is working on it. They're developing the tool, and those features will be added, but I will give it an eight today.

If you're thinking about implementing Intune, you should look at what you already have in place. For example, if I wanted to bring my laptops onto Azure AD, Azure AD will do the job for me, so I don't need to invest in a regular Active Directory server.

Either I buy the server and run it on the cloud or I upgrade Office and Business Premium gives me all of the features. Business Premium is the top license. You have Business Basic, Standard, and Premium. The Enterprise equivalent is E3 and E5. 

The Business Premium is equivalent to E3. There is a limit on the number of machines. Per Microsoft's licensing model, you can do up to 300 machines on Business Premium. At 301, you have to switch to an Enterprise agreement.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Intekhab Ahmad. - PeerSpot reviewer
Senior System and cyber security administration at Tankeenhr
Real User
Top 5Leaderboard
Significantly reduced the risk of security breaches
Pros and Cons
  • "The reporting and analytics features in Microsoft Intune have been a lifesaver."
  • "While Intune works perfectly well, the only potential downside is that the deployment could be a bit complex for some users."

What is our primary use case?

With Intune, managing devices is a breeze. I use it to enforce security policies and seamlessly deploy applications to handle Windows 11 upgrades. It is like my one-stop shop for device management – no more manual headaches, just simple templates making my life easier. Plus, with Windows 10 support ending soon, Intune ensures a smooth transition to the latest and greatest without much hassle.

How has it helped my organization?

Overall, Intune has been a game-changer for our organization. It offers enhanced visibility, helping me identify and fix issues swiftly. Since implementing it, our security score has seen a noticeable improvement.

Intune gives me full visibility and control across all devices. For instance, if a device is slowing down, Intune alerts me, and I can proactively upgrade the hardware, like moving from HDD to SSD or M.2, ensuring optimal performance. It is like having eyes and control over the entire device landscape.

Intune has significantly reduced the risk of security breaches. With its robust security features and compliance monitoring, I can track and manage everything from emails to miscellaneous activities, ensuring a proactive stance against potential security threats.

The user experience of Intune is a perfect ten for me. It provides an incredibly helpful and seamless interface.

Intune has saved costs by preventing potential security threats. Restrictions on accessing miscellaneous websites have been invaluable in avoiding virus downloads and data loss. 

What is most valuable?

The reporting and analytics features in Microsoft Intune have been a lifesaver. In the report section, I can quickly identify device issues, compliance problems, or deployment failures. It provides a clear overview, allowing me to take immediate action, whether it's redeployment or manual adjustments, keeping everything in check and running smoothly.

What needs improvement?

While Intune works perfectly well, the only potential downside is that the deployment could be a bit complex for some users.

For how long have I used the solution?

I have been using Microsoft Intune for three years.

What do I think about the stability of the solution?

The stability of Intune is impecable.

What do I think about the scalability of the solution?

I would rate the scalability of Intune as a ten out of ten. I have not had any issues with it.

How are customer service and support?

Technical support from Microsoft for Intune is top-notch, a solid ten. Whenever I have had issues and opened a ticket, they have been quick to respond within half an hour to two hours. The solutions provided are effective with detailed instructions and additional information.

How would you rate customer service and support?

Positive

How was the initial setup?

My deployment model for Intune is gradual and cautious. It is like navigating through a vast ocean, where I test on a few devices first, slowly deploying one thing at a time. I learned the hard way that rushing impacts users, so it is a step-by-step process, taking a month or two, testing, deploying, and making adjustments as needed. Patience is the key to Intune deployment.
Deploying Intune wasn't a walk in the park, but it wasn't overly complex either. I would say it is moderate—needing time, experience, and knowledge. Testing is crucial.

Microsoft takes care of updates and maintenance. I just need to stay on top of deploying new patches that come from vendors, ensuring our machines are up-to-date and secure.

What was our ROI?

The return on investment with Intune has been excellent. The increased productivity and control over machines justify the cost, giving a full value-for-money experience.

What other advice do I have?

We use Microsoft Intune to ensure security compliance mainly through our DLP project. It is our go-to for deploying new features and staying on top of security patches. Intune keeps us informed about vulnerabilities, making it easier for me to download and deploy updates across our infrastructure, ensuring a robust and secure system.

The standout features of Microsoft Intune for managing and securing our workforce are endpoint protection, streamlined deployment of applications, and easy handling of feature updates. Creating Intune policies is a breeze; for instance, deploying applications is just a matter of selecting them and letting Intune take care of the rest. It is a time-saving and efficient way to keep our systems secure and up-to-date.

The real game-changer in Microsoft Intune for our data security is the ability to create and enforce specific policies. I have set up two types: one within Intune and the other through GPO. The combination of both has been pivotal in ensuring robust security measures for our organization.

Having all endpoint and security tools in one place with Intune is quite valuable. It allows me to track device usage, block systems, and, if necessary, wipe company data for security purposes. The integration with OneDrive ensures seamless syncing and backup of user data, providing an added layer of protection. It is like having a control center that empowers me to respond swiftly to any security concerns.

For securing hybrid work and data protection, I set up Intune to handle encryption using tools like BitLocker. It provides an added layer of security, allowing me to manage BitLocker keys and make necessary changes for better control. This way, even in a hybrid work environment, I have visibility and control over data protection measures.

Intune's integration with Microsoft security has significantly bolstered our organization's security. From prompt security patches to timely machine restarts and access control, it covers a multitude of aspects, ensuring a robust and proactive security stance.

Using the Endpoint Privilege Management feature in Intune has been a productivity boost.

After deploying Intune, there was a shift in user freedom, but it was a positive change. I could restrict access, control network usage, and block certain applications, enhancing overall security. While some users may find it limiting, it aligns well with the organization's focus on security.

Intune must integrate with Microsoft 365 and Security. The synergy is powerful. For instance, in security, I identify vulnerabilities and know precisely what patches to deploy using Intune. It is like a seamless collaboration that streamlines the process.

Microsoft Intune's integration with other Microsoft tools has revolutionized my device management strategy. It is like a helping hand that makes everything easy and seamless. Over the past five to six years, it has become an essential and efficient part of my device management toolkit.

Microsoft Intune's integration with other Microsoft tools has revolutionized my device management strategy. It's like a helping hand that makes everything easy and seamless.

For new users, my advice is to take advantage of Microsoft's virtual training sessions and certifications. Sometimes, they offer free certifications, which can be beneficial for users, considering the investment companies make. The biggest lesson I have learned is the incredible control and flexibility Intune provides. From deploying and removing applications to blocking and deploying the OS, it gives complete control over the infrastructure, making it invaluable for users in the field.

Overall, I would rate Intune as a ten out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Karthik Ekambaram - PeerSpot reviewer
Cybersecurity Manager at Scybers
Real User
Conditional Access policies provide secure access and it works very well with Microsoft products
Pros and Cons
  • "I am easily able to manage devices and assets, especially laptops and desktops."
  • "Its integration with Mac and Linux devices can be better. They should provide more features similar to Windows. We should be able to manage policies within Linux and Mac machines. If we can have more granular controls for these two operating systems, it will be really helpful."

What is our primary use case?

We are using Microsoft Intune for mobile device management (MDM) to provide context-aware access to the users. Mobile device management is what we predominantly use Microsoft Intune for.

How has it helped my organization?

Initially, the scope of Microsoft Intune was not too good because it could only manage certain endpoints such as laptops, desktops, and mobile devices. We initially had a problem with the servers, but they started supporting servers in the last three or four years, so now, it is good. It manages virtual machines and servers, both on-premises and in the cloud. It has improved and is still improving in a lot of areas. 

It provides group policies that we had in the early days of Active Directory. That is good when it comes to applying the policies to endpoints and servers from Microsoft Intune. Initially, we did not have all group policy settings inside Microsoft Intune, whereas now, we have patching and the ability to push the policies for antiviruses, etc. We can also handle mobile device management policies. Everything can be done via a single console. It is easily manageable, and we can have a single administrator to manage all the policies. We can have one or two administrators for backup. Traditionally, we had multiple administrators for each and every console. When you are a big Microsoft shop, it is easy to manage everything.

Microsoft Intune is good for a hybrid workplace. The conditional access policy is one thing that we can use for devices. For example, we can allow access to critical data only from corporate devices and not from personal devices even if someone is using the company account. We can go even more granular where someone can access the data but cannot download it to his or her personal device. Microsoft Intune is good for handling BYO devices.

It has had a good effect on our organization's attack surface. I would rate it an eight out of ten for that. We can implement rules for attack surface reduction. That is possible when devices are managed by Microsoft Intune. 

The IT productivity in our organization is far better. I would rate it nine out of ten for that.

What is most valuable?

Mobile device management is good. I am easily able to manage devices and assets, especially laptops and desktops. 

An important feature in Microsoft Intune is the Conditional Access policy, where I can provide specific access to a specific user based on geolocations, and there are multiple options inside it. Conditional Access is its best feature.

Its user experience is very good. I would rate it a nine out of ten for that.

What needs improvement?

For Windows machines, all the features are available within Microsoft Intune, but when it comes to Mac machines, it is still improving. It is not as good as Jamf. When it comes to customizable policies and other things in Mac machines, it is a little bit difficult. It is not as good as Jamf, but for Windows, Microsoft Intune is good if you have a good budget.

Its integration with Mac and Linux devices can be better. They should provide more features similar to Windows. We should be able to manage policies within Linux and Mac machines. If we can have more granular controls for these two operating systems, it will be really helpful. That is one area where they can improve.

When it comes to automatic updates, none of the vendors are doing it so well. The expectation right now is to have everything automated and automatically upgraded to the latest version of the software. The discovery capability of Intune is good because it is Microsoft. They can do discoveries based on their internal commands and other things and pull all the information into Intune. That is easy, but doing the upgrade of third-party software is a little difficult. It is evolving, but we cannot do the upgrades of all third-party applications. A financial or banking organization allows a limited set of applications to be used. For them, Microsoft Intune is better because when you have only 15 to 20 applications, you can easily upgrade them through an automated platform like this.

It is not similar to any of the PAM solutions. It is still in the starting phase. Other PAM solutions, such as CyberArk, can do remote session management. They can handle vaulting and other things. When it comes to EPM within Microsoft Intune, I do not know whether they are planning to go with the PAM or Privileged Access Management platform, but with the current solution, we can do user account management. We can do password rotations. We can add a new user, remove a user, and provide access to a particular resource for a user. All these steps are manageable and possible, but for Privileged Session Management and Access Management, it still needs improvement.

It is very important that the capabilities of the Intune Suite are integrated with Microsoft 365 and Microsoft Security for both cloud and co-managed devices. The integration with the M365 platform, especially with Microsoft Defender for Cloud, Cloud Apps, and Endpoints, plays a big role. Intune can discover and find out the devices. The integration is still happening. It is not yet over. There is room for improvement.

For how long have I used the solution?

I have been using Microsoft Intune for about seven years. I have been a customer for four years and then became a partner because I joined a new organization. This new organization is a partner of Microsoft. I have been with this organization for three years.

What do I think about the stability of the solution?

If there are any issues with Microsoft Azure Cloud, we may have issues or downtime, but they are rare. It is 99.99% available. Only if Microsoft Azure Cloud goes down, we have a problem. Otherwise, it is okay.

What do I think about the scalability of the solution?

There are no issues with scalability because it is a cloud solution. It is automatically scalable.

How are customer service and support?

If you are paying for support, you get good support. If you are not paying for support, you do not get support.

Technical support can be a bit of a problem when it comes to costs. They have a professional service and a normal service. With the normal service, it is difficult to find out answers from them because they are not experts. We only get experts with the professional service, so if we pay, we get support. This is something difficult for a small organization because they cannot always pay for support for every issue.

When you give a product, you should always provide good support. If you do not have technical people, what is the purpose of having a support team? It is useless. They should have at least one or two people who can technically help an organization.

Which solution did I use previously and why did I switch?

We use different tools. We use Jamf for Mac and Ansible for Linux machines. We have not yet fully switched to Microsoft Intune for Mac and Linux. Very few Mac machines are with Microsoft Intune. Most of our Mac machines are still with Jamf.

Companies that are using Microsoft products go for Microsoft Intune. However, when people have more Linux or Mac machines, they do not choose Microsoft Intune for their organization. We recommend a solution only after knowing the expectations and use cases of a client. Small companies do not prefer Intune because they can have JumpCloud. Small companies with less than 500 users can also go for Google Workspace. For companies that already have a Microsoft license such as E5 or O365, going for Microsoft Intune makes sense.

Microsoft Intune improves the security posture, but because of the budget and other constraints, organizations can start looking at other vendors.

How was the initial setup?

It is not complex when it comes to Windows machines. It is straightforward, but when it comes to the other operating systems, it is complex. It is not easy.

The number of people involved depends on the users. If you have 1,000 devices, for Windows machines, you do not need more than three or four people. However, for 1,000 Linux or Mac machines, you would need a ten-member team.

The maintenance is easy. You do not need extra people to manage Microsoft Intune because it is a cloud service.

What's my experience with pricing, setup cost, and licensing?

I am using E5 security and compliance. It has all the Intune options and security and compliance subscriptions, so I use the full suite of Intune except the EPM module. We have not yet started using the Endpoint Privilege Management module. It is a small add-on that we have to use. Other than that, we are using everything.

There are other tools that give a similar approach but are not as good as Microsoft Intune. In terms of cost, it is more expensive than other tools like JumpCloud, Google Workspace, etc. There are multiple tools like this. Only if you are a Microsoft shop, I would recommend going for Intune. Otherwise, use some other tool and manage the organization.

Its licensing model is not complex, but it is very expensive compared to other solutions. They can bring more models and reduce the pricing. They should allow customers to select the features they want and price it accordingly. That would be a better option because not every organization needs conditional access or an antivirus solution. Some organizations that use Intune might use CrowdStrike, so they do not need Intune policies for antivirus. It would be better if they could bring more plans.

What other advice do I have?

I would advise to not look at the cost first. Instead of the cost, look at the features and then list down the use cases for your organization, and then go for the consolidation of the tools. Microsoft Intune can give you a lot of features, but whether it is suitable for your organization or not is the main question. List down the use cases and then assess Microsoft Intune because it can give a lot of features that you do not want, but you cannot omit them while buying it.

We are not using Advanced Endpoint Analytics because we have Sentinel and Chronicle SIEMs in our organization. We also use SDR platforms, so we are not using Microsoft Intune for any of the analytics. We are also not using Microsoft Intune Suite's Cloud PKI.

We started using Microsoft Copilot for a small organization. It has only been two months. We are building the use cases for that organization. They have purchased the licenses, but we are building the solution design and use cases for that particular organization. They want to automate most of the things, identify the non-compliant devices, and automate whatever they find non-compliant. Our aim is to identify non-compliant devices, do some automation, and block them from accessing any of the critical data inside the organization, but we do not know if Microsoft Copilot can do that.

Overall, I would rate Microsoft Intune a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Consultant at a manufacturing company with 1,001-5,000 employees
Consultant
The enterprise application management feature is excellent
Pros and Cons
  • "What I like most about Intune is its seamless enrollment process, particularly the Autopilot method."
  • "The worst aspect is the reporting."

What is our primary use case?

I have worked on multiple projects during these four years and encountered various scenarios with Intune. The major issue I found is Intune's vastness; it has numerous features within a single MDM portal. We can deploy unlimited features from the Intune portal to manage devices and protect the environment. Intune's capabilities are extensive, but there is room for improvement in certain areas, particularly reporting. Intune's reporting functionality is still under development, and we can anticipate further advancements in this area.

I previously worked as a solution engineer and am currently a call center agent in IT. I have worked on all sorts of Intune-related issues, including those related to mobile devices, Windows devices, enrollment processes, and policies. My expertise includes Autopilot, GP enrollment, the enrollment process for Windows, iOS, and mobile devices, as well as configuration profiles for multiple devices and platforms. I have also worked on scripts. As an escalation engineer, I have dealt with a wide variety of user issues.

The primary benefit of implementing Intune is the ability to manage devices, including controlling access, deploying applications, and enforcing restriction policies. As administrators, we gain control over which applications and websites users can access on their devices. Additionally, we can seamlessly deploy applications and configure network settings according to our organization's or client's specific requirements. Intune enables us to manage devices, deploy applications, and enforce policies, ensuring that devices within our environment adhere to our company's standards.

My deployment is primarily cloud-based, but I also have knowledge of hybrid environments. I have limited on-premises experience, having only observed local Active Directory servers. I can configure them theoretically, but I wouldn't consider myself a trained engineer in that area. With hybrid environments, I understand how to implement and integrate the hybrid components with Intune for a seamless and error-free deployment.

How has it helped my organization?

We can integrate endpoints directly into Intune, enabling us to access the options on the Intune portal. Intune is a seamless feature that collaborates with various services within the Azure ecosystem, essentially relying on Azure for its functionality. An essential collaboration exists between Azure AD and Intune. Similarly, Defender, another Microsoft service, must be integrated with Intune to remediate threats. In essence, Intune is a unique entity that requires communication with other Azure services. Configuration and connectivity are necessary to achieve this integration. Once integrated, we can access other endpoints directly from the Intune portal.

The user interface is straightforward, and the configuration profiles are easily accessible to the administrator. There are multiple ways to implement a single setting or policy on a device, including the deployment of several policies. A new feature allows for the creation of policy sets that can be deployed to different locations within an organization, streamlining management for administrators across multiple regions. This is a valuable feature that saves time and increases efficiency. Policy sets can be created, and locations can be assigned to them, ensuring that any enrolled device or user within that location receives the predefined policies. Group tags further enhance this process by automatically applying policy sets to devices or users added to specific group tags. Overall, Intune offers numerous features that enhance administrator productivity, including the ability to efficiently manage and track policy deployments.

The enterprise application management feature is excellent. If we've deployed applications using the application management services, we can provide updates directly, eliminating the need to repackage them. With application management, if an application is deployed in a region with multiple devices, those applications automatically update once an update is available. It's one of Intune's best features and was recently integrated. While I need to explore it further, I've previously used it to deploy applications in a region, and any auto-updates from the store were applied seamlessly. This is a significant benefit of Intune.

The PKI process in Intune is excellent, though it can be complex for administrators. Intune's reporting has improved since last year's changes, and removing one PKI component has simplified the troubleshooting log collection. Once correctly configured, this reliable feature allows direct certificate deployment to users and devices, eliminating the need for constant password and user ID entry. Users can seamlessly log in with their certificate across various applications, such as email or VPN profiles, enhancing convenience and security. Overall, Intune's PKI capabilities significantly benefit streamlined authentication and access management.

How we use Copilot depends on the specific needs of the enterprise. For clients with an existing on-premises environment, which typically includes multiple servers and domain controllers, there's often a gradual desire to migrate to the cloud. In these cases, we recommend Copilot, where we can implement an Intune environment and facilitate the gradual transition of devices from SCCM to Intune. These scenarios represent the primary use cases for deploying Copilot for device management, as it offers an optimal solution for managing devices during the on-premises to cloud transition. For remote users unable to access the physical office, device enrollment ensures cloud-based management. In contrast, restricted environments necessitate on-site presence. While VPN offers an interim solution, enabling remote device management through on-premises connectivity, it incurs additional costs. Ultimately, we advocate for cloud adoption as a cost-effective and simplified approach to device management, aligned with the ongoing evolution towards cloud-based solutions.

Intune has significantly improved our organization. Firstly, it allows users to work securely from anywhere, as the device is managed and policies, settings, and restrictions are deployed over the cloud, regardless of the location. Additionally, we can deploy various policies and regulations for security, simplifying device management. From an admin perspective, Intune streamlines device management by allowing us to simultaneously deploy policies to multiple devices. Enrollment is also effortless, as devices can be shipped directly from the vendor to the user and ready for use. This eliminates the previous admin tasks of deploying custom OS images and managing policies via SSCM, ultimately improving productivity.

Intune's ability to secure hybrid work and protect data on company and BYOD devices involves security restriction and conditional access policies. These settings provide significant device security. For instance, we have unconditional access policies and app protection policies. These policies allow us to secure data users might share with other devices or native applications. With conditional access, we can require devices to be managed by Intune before accessing corporate data, ensuring they receive necessary restriction and protection policies to prevent sharing corporate data with unauthorized applications. This significantly enhances corporate data security. While user agents offer data security benefits, Microsoft Defender and Office 365's data loss prevention policies strengthen our overall protection.

Intune has helped save 90 percent of our costs.

The security provided by Intune is excellent. The security policies deployed through Intune significantly enhance device security, encompassing data protection, device restrictions, Wi-Fi settings, and proxy configurations. Additionally, Intune can deploy antivirus software if we have the appropriate licenses, further bolstering security. Overall, I'd estimate that Intune provides roughly 80 percent reliability in terms of security.

Intune's ability to integrate with Microsoft 365 and Microsoft Security for both cloud and co-managed devices is crucial because, in isolation, Intune is limited. To make its features work reliably and meet specific requirements, integration with Office 365, Defender, and local AD is necessary. This integration enhances security on devices and enables advanced features like data loss prevention through Office 365. While Intune offers security policies, integration with Office 365 unlocks their full potential for comprehensive device protection.

What is most valuable?

What I like most about Intune is its seamless enrollment process, particularly the Autopilot method. Autopilot allows bulk enrollment of devices, making it easy for end users, even those without technical expertise, to use their devices immediately. While there might be occasional error messages during configuration, when done correctly by the administrator, Autopilot is the best feature currently available.

Intune is excellent. It is constantly evolving, from the legacy portal to the current endpoint management; we are seeing a gradual number of changes, and many features have been implemented and added to the Intune portal. The interface is great and user-friendly. Even someone without much MDM experience but needing access to the Intune portal would be able to understand that these are Windows devices and these are the policies they can deploy. The portal's overall UI is user-friendly. Furthermore, the categorization of devices and policies on the portal is excellent. We can categorize devices, look for conditional access, and check for configuration compliance in a specific location. The categorization is the best way currently available.

What needs improvement?

The worst aspect is the reporting. We are still in the development phase of reporting, and it is not always accurate. Sometimes, we don't receive the correct report, devices aren't listed as they should be in the Intune portal, or deployed applications and user policies aren't reported by Intune even though they are present on a device. There is room for improvement in Intune's reporting capabilities.

If my organization has sensitive data we don't want to leak, deploying the policies can present technical challenges and potential loopholes. While 90 percent of end-users are not technical enough to find these loopholes, a user trained on Intune who understands the background processes and policy weaknesses could pose a security risk to the organization.

App protection policy and compliance state. Recently, I encountered a user scenario similar to one I've experienced as an administrator. If my device is enrolled in Intune but not through a corporate method, some loopholes allow administrative control of the device itself. We can un-enroll the device and remove the management profile, yet the Intune portal will still show the device as compliant because it captured the last compliance state. As long as the device reports to Intune, its compliance status in the portal remains unchanged, regardless of its actual state. Only when the device stops checking in with Intune will the last compliant state be displayed, with no indication of non-compliance. The device's Intune compliance state will show the last check-in time. We can leverage the newly integrated data loss prevention feature in Intune to improve the app protection policy, which is currently inconsistently effective. With the appropriate licensing, deploying data loss prevention policies can enhance our protection strategy.

I need to delve into reporting and analytics. The policies, restriction policies, enrollment limitations, and everything else are great. However, one current limitation is that we can't roll back security baseline policies deployed from the Intune portal to a device. Those changes are permanent if a security policy changes the device's registry. If an administrator mistakenly deploys settings from a baseline policy instead of a restriction policy, the only recourse is to reimage the device. In my opinion, baseline settings shouldn't be permanent. However, as developers of the Intune portal, there must be some significance to these clients.

For how long have I used the solution?

I have been using Microsoft Intune for four years.

What do I think about the stability of the solution?

I would rate the stability of Microsoft Intune seven out of ten.

What do I think about the scalability of the solution?

I would rate the scalability of Microsoft Intune eight out of ten.

How are customer service and support?

I was the Microsoft Intune Closure Engineer, working in a global support group. My role involved providing solutions for Microsoft, addressing tickets created by users or administrators worldwide. I would rate the overall Microsoft support an average of eight out of ten. The support process begins with a ticket being assigned to a junior engineer with basic understanding, which I'd rate a six. If the user's issue remains unresolved, it escalates to a level two engineer, improving the rating to an eight. In rare cases, unresolved issues are escalated to a senior engineer which would drive the rating up to nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Before Intune was introduced, we had to use Office 365 for MDM, which had limited options. Then came the legacy Intune portal, followed by the endpoint management folder, the most recent portal we've used. I've also used Jamf and AirWatch a bit, but I'm not as proficient with them as with Intune.

How was the initial setup?

The initial deployment of Intune was complex, with deployment time dependent on the specific environment. For organizations with multiple sites, Intune deployment is particularly challenging and can take four to five months. The migration itself is not a simple task and can be time-consuming. Based on past experience, assessing existing security policies and applications from the on-premises environment is crucial before identifying what can be achieved with Intune, given its limitations compared to SCCM. While Intune can replicate some functionalities achieved through group policies, the migration process can still take a considerable amount of time, ranging from seven to eight months to even one and a half years, depending on the environment's complexity.

What's my experience with pricing, setup cost, and licensing?

Microsoft licenses are costly. Organizations should determine the best license to get the maximum features based on their requirements. Intune comes with multiple licenses, including E3, E5, standalone Intune, and a few more. Microsoft 365 is also an option. There are almost seven license lists where Microsoft Intune is present, except for the standalone license. It's definitely costly. Microsoft could look further into providing some cost-cutting measures for the licenses.

What other advice do I have?

I would rate Microsoft Intune eight out of ten.

Intune includes various features and categories, allowing management of operating systems like Linux, Windows, iOS, macOS, and Android. Its user interface, departmental organization, and enrollment process are all straightforward. However, based on my six years of experience with Microsoft products, including four years specifically with Intune, its reliability is around 80 percent. Occasionally, it doesn't report correctly, or devices fail to receive deployed configurations. In comparison, AirWatch seems more reliable. Despite this, considering my overall experience with Microsoft, it still offers one of the best management solutions. Intune's predecessor, SCCM, which manages devices on-premises, is more reliable because Intune is still developing.

I'm working on two accounts. Under one account, I have a growing number of devices. So far, there are approximately 300,000 Windows devices, 100,000 Android devices, and 250,000 iOS devices in one environment. The number of users is similar. In another environment, which I've been using, there are a large number of devices. It's taking time to load, but I would say there are approximately 400,000 to 500,000 Windows devices in this environment.

Intune is continually evolving. If a feature is currently unavailable or needs improvement, we typically provide feedback to the Intune development team, and they implement or enhance that feature in a future release. In new releases, developers add features, and if there's a need to further develop or enhance those features, we see those improvements in subsequent releases. Maintenance on the Intune portal is necessary to facilitate these dynamic changes. Additionally, the Intune environment itself requires maintenance. This includes managing user accounts and enrolled devices, as well as adjusting restriction and security policies as needed.

I recommend Intune because it offers multiple features within a single environment. Once deployed, you can manage iOS and other platforms from one location. However, there's a caveat: if you have a highly restricted or complex environment where security is paramount, such as in banking, federal agencies, or similar organizations, you might reconsider using Intune due to potential reliability concerns.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
CHRISTOS-PANAGIOTOU - PeerSpot reviewer
IT Manager at Profile Software
Real User
Top 20
Helps to improve our data governance, security, and central management
Pros and Cons
  • "The compliance and configuration policies in Microsoft Intune are the most valuable features, saving significant time compared to manual implementation."
  • "Although Intune is from the same provider, its integration with other Microsoft products, like Microsoft Defender or Microsoft Purview, could be improved."

What is our primary use case?

I used Microsoft Intune for compliance policies, configuration policies, and Intune enrollment.

We implemented Microsoft Intune to manage mobile devices in bulk and enforce management policies.

Intune was deployed in a hybrid environment. Devices were initially onboarded to Azure Active Directory and then enrolled in Intune. All devices originated from a local Active Directory.

How has it helped my organization?

Intune brought all of our endpoint and security management tools into one place. 

Having our endpoint and security management tools in one place saves time, and I have most of the information in one dashboard.

From an administrative and user standpoint, Intune offers a beneficial and secure user experience.

I have had a great experience with enterprise application management for app discovery, deployment, and automatic updating because it automates all the procedures.

Intune improved our data governance, security, central management, and policy application. I realized these benefits after two to three months of seeing how Intune works.

Intune effectively secures hybrid work environments and safeguards company data, especially on BYOD devices. Through Intune, we can monitor all devices accessing company data and manage them centrally, which is crucial.

Intune affected IT productivity in our organization by governing company data, securing global data, and saving time, all through central management.

It helped our organization save 50 percent of costs by integrating Office 365 and Intune into one license. We didn't have to use third-party software for mobile device management.

Intune helped consolidate vendors. This consolidation has dramatically improved our security posture.

The vendor consolidation helped reduce our licensing costs.

The integrated capabilities of Intune within the Microsoft 365 and Microsoft Security suites are essential for managing cloud and co-managed devices. They provide a comprehensive solution under a single license, eliminating the need to install agents from third-party vendors and saving significant time and effort.

What is most valuable?

The compliance and configuration policies in Microsoft Intune are the most valuable features, saving significant time compared to manual implementation. The security integration with Microsoft Defender is also valuable.

What needs improvement?

Although Intune is from the same provider, its integration with other Microsoft products, like Microsoft Defender or Microsoft Purview, could be improved. Regarding synchronization, there are occasional delays in updating a device's status. Integrating Microsoft products, such as Microsoft Purview, Microsoft Defender, and Entra, requires enhanced synchronization capabilities.

For how long have I used the solution?

I have been using Microsoft Intune for almost three years.

What do I think about the stability of the solution?

I would rate the stability of Microsoft Intune eight out of ten.

What do I think about the scalability of the solution?

I would rate the scalability of Microsoft Intune eight out of ten.

How was the initial setup?

Intune has too many capabilities. Deploying it is not straightforward, but it gets easier once you understand how it works.

For 200 devices, the deployment took us almost three months to complete.

What was our ROI?

In conjunction with Microsoft Defender, Intune has significantly reduced our spending on third-party endpoint security solutions. For instance, we previously used Check Point, but after implementing Intune and Defender, we discontinued using it, resulting in substantial cost savings.

What's my experience with pricing, setup cost, and licensing?

Our Office 365 Business Premium license, including Office 365 and Intune Management, offers excellent value.

What other advice do I have?

I would rate Microsoft Intune eight out of ten.

I would recommend Microsoft Intune to others.

Intune offers a wide array of capabilities, and even after extensive familiarity with the platform, it's difficult to fully grasp its potential. To effectively implement Intune, it's recommended to conduct thorough research, primarily through online resources, to understand specific requirements and capabilities in advance.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Microsoft Intune Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Buyer's Guide
Download our free Microsoft Intune Report and get advice and tips from experienced pros sharing their opinions.