I use Microsoft Intune to manage mobile devices and enforce security policies.
The most valuable features in Microsoft Intune for me are application deployment, Defender deployment, and asset management.
There is room for improvement in integrating additional features such as Purview and SharePoint activities into Intune, which would enhance its functionality.
I have been working with Microsoft Intune for four years.
The stability of Microsoft Intune is quite good.
The solution is very scalable.
I would rate the technical support for Intune as a nine out of ten.
We previously used SCCM. We switched to Intune due to its better usability, cost-effectiveness, and alignment with our Microsoft-centric environment, as we predominantly use Windows across the domain.
The initial deployment of Microsoft Intune was complex as fine-tuning policies took time. We ran a POC for three to six months before deploying to production. Our implementation strategy involved evaluating vendors, cost comparison and prioritizing security features. We opted for Microsoft Intune for its ability to consolidate security telemetry into the Defender portal. Deployment followed a phased approach: POC, small pilot group, then rollout to production.
The solution requires maintenance from our side. This includes change management and configuration management to prevent unauthorized changes to policies, as well as constant review of threats from mobile devices. A team of four people is involved in maintaining the solution.
We used an integrator for deployment, which was a positive experience.
Having all endpoint and security management tools in one place streamlines IT and security operations. It simplifies processes for help desk support, image deployment, and asset management. Transitioning from SCCM to Intune has made tasks like application deployment easier and more efficient.
Intune provides full endpoint visibility and IT control across devices.
Intune has significantly improved our IT operations by consolidating management tasks into one portal. This streamlined approach has led to greater efficiency and effectiveness in our operations, as we no longer need to navigate multiple portals for various tasks.
Overall, I find the user experience of Intune quite positive. It streamlines tasks such as deploying applications and managing mobile devices, which previously required multiple applications. Transitioning endpoints to Intune, including laptops and servers, has been straightforward. Creating security policies and compliance policies is also easier within Intune.
We use the tunnel feature in Intune for MAM to provide remote access to corporate resources on mobile devices. We integrate Intune with Microsoft E5 Compliance Module for DLP, which helps maintain user privacy while protecting sensitive data.
Intune is highly effective for security in hybrid work environments, especially for protecting data on both company and BYO devices. All policies, including those for MDM and BYOD, are managed through Intune, ensuring consistent enforcement. Additionally, Intune offers features like allowing BYOD devices to access corporate data while restricting downloads or uploads, enhancing security without compromising productivity.
Intune's utilization of Microsoft security signals enhances our organization's security by providing visibility into Defender, MDM, Nathan, DLP, and other aspects. While there is a separate Defender portal, Intune allows access to certain features, offering comprehensive security management within a unified platform.
We use the Endpoint Privilege Management feature in Intune to control user access, especially for system admin accounts. This helps improve security by limiting the visibility of passwords and enforcing password rotations. Additionally, role-based access is managed through Intune, enhancing security without hindering productivity.
Endpoint Privilege Management helps reduce our organization's attack surface by providing greater visibility into account usage and usability. Previously, we lacked this visibility, but now we can grant engineers precise roles and responsibilities through privileged access management. Additionally, just-in-time access limits privileges to a small window of time, minimizing the risk of prolonged access.
Intune has positively affected IT productivity in our organization. It offers easy deployment, a user-friendly portal accessible both on and off the network with the right MFA, and consolidates all features, policies, and tools under one portal. This integration has increased efficiency as we no longer need to navigate multiple portals for different tasks, such as SCCM or image deployment.
Overall, Intune has helped reduce the risk of security breaches in our organization. Reducing privileges on accounts limits the impact of potential breaches. Additionally, with real-time data provided through Intune and Defender, we have better endpoint protection, further enhancing our security posture.
Intune has helped our organization save costs by being cheaper than purchasing SCCM licenses and other licenses. We estimated it to be at least 50% cheaper than our previous budget for similar solutions.
By using Intune, we have consolidated vendors by removing SCCM and Endpoint Protection from our portfolio. Defender now serves as our primary endpoint protection solution, streamlining our vendor management. The consolidation of vendors by using Microsoft Intune has not affected our security posture negatively. It has improved effectiveness, although we removed two security vendors from our portfolio, our footprint with Microsoft increased, balancing the impact. It didn't affect our licensing costs. In fact, we saved money as the cost of Intune was lower than what we were paying for the mobile line and SCCM.
The integration of Intune suite capabilities with Microsoft 365 and Microsoft Security is crucial in our journey to the cloud. Both aspects, cloud management, and security, are equally important in our strategy.
Overall, I would rate Microsoft Intune as a nine out of ten.
Intune is really the best option for SMEs for MDM (Mobile Device Management), particularly for BYOD devices, but also corporate devices - and development in the technology means that it's pretty much now a strong option for enterprise deployment to corporate devices.
Deployment has its challenges - but now with Cloud provisioning - Intune management and deployment are becoming more straightforward.
Intune is essential for enforcing policies such as screen lock and MFA.
If you use Microsoft Authenticator - it's worth doing user awareness training around the design flaw below:
https://www.linkedin.com/posts...;