IT Central Station is now PeerSpot: Here's why
2021-01-18T02:13:00Z

What are the benefits of Microsoft Intune for IT Admin?

President Of Cartilage.Medical Device & Platform Hospital SBU at Rokit Healtchcare Inc.
727

Hi guys,

Our company is considering implementing Microsoft Intune. We have been using MS Business Standard and trying to upgrade our licenses to MS Business Premium which has MS Intune, Azure Premium p1.

What are your experiences with MS Intune?

Please share your any opinions freely.
 
Thank you in advance

PeerSpot user
Guest
417 Answers

ManojNair1 - PeerSpot reviewer
User

Hi 


I'm exactly in the same spot and finished my share of the initial setup so here are the immediate takeaways 


1. Many important tools in one location - You get the Azure AD - almost identical to the in-house AD if you don't have in-house - no worries - you will miss only policy enforcement and GPO. You can do policy via Intune


2. Encryption - you can create BitLocker encryption and also set a password for the encrypted system f needed. If you have manually encrypted your endpoint then the encryption can be imported into Intune and AAD to become centrally managed. YOU CAN WIPE THE DRIVE IF NEEDED !!!!!!!


3. Office 365 ATP -for email protection you get a malware module. That's it nothing more.


3. Policy enforcement - define and enforce policy - I created a password policy and enforced


4. Add systems to the AAD just like you would do with in-house AD. All controls on user possible


5. Integrate and deploy systems and apps from the central console.

This much I have found out and am IMPRESSED!!!!!


Note: Works best with WIn 10 primarily. Older versions of Windows don't work


Please talk to Microsoft and first initiate the Business premium trial then go to the AAD portal and raise a support request for AAD and Intune configuration. 


Regular MS Office support will not help you with this - it is out of their scope.


You get a 30-day trial which can be extended for another 30 days !!!


There is an MS Defender component but no too sure how it works.

2021-08-02T05:32:30Z
Pradeep Saxena - PeerSpot reviewer
Top 5Real User

Hi Seungbin Cho,


Microsoft Intune is a perfect solution for managing all Windows 10 / Android devices it is just same as Microsoft System Center, minimum feature for iOS, I have deployed recently 12000 devices Windows 10 and iOS. overall complete mobile device management.


Regards


Pradeep 

2021-01-20T13:28:38Z
Ahmad Zuhdi - PeerSpot reviewer
Top 5Real User

With EMS feature, especially microsoft Intune, we can enhanced security, device and user can be elimited only the specific criteria can access the data or the apps. 

2021-01-20T02:09:51Z
Bjarne Mattila - PeerSpot reviewerBjarne Mattila
Consultant

@Ahmad Zuhdi Can you also handle security on mobile devices ? 

Ahmad Zuhdi - PeerSpot reviewerAhmad Zuhdi
Top 5Real User

@Bjarne Mattila yes, off course, we can use MDM or MAM Solution for Android or iOS Device.

Bjarne Mattila - PeerSpot reviewerBjarne Mattila
Consultant

@Ahmad Zuhdi My question is related to the SECURITY on the mobile phones and the question is, what kind of IT-SECURITY is there on the mobile phone. I have a Intune setup - but I cannot find any info about the SECURITY on the mobile phone (AV, ransomware, secure payment (IPX)  and Hipaa (sensitive personal data - like data for hospitals etc.) Sophos is a logical MDM system, which anyone can figure out in days - not weeks or months. I have seen Intune project MUCH MORE EXPENSIVE (including Azure licenses, training and often a need for external support etc.) and taking 4-6 month implementation/Integration, which can be done in Sophos in a few days/weeks. The security is developed in corporation with DARPA and has the highest level of security on the market - even on mobile devices. We have made Sophos remote installations/setup's in days all over the world .. try to ask an Intune manager, how long it takes for setting up a basic installation including Azure etc. if you are new in MDM ? 

Ahmad Zuhdi - PeerSpot reviewerAhmad Zuhdi
Top 5Real User

@Bjarne Mattila EMS feature (which includes Intune) focuses on securing corporate data, the scenario is how only devices that meet the criteria can access corporate data or applications. not securing devices from attack, but corporate data that is secured. If what you are looking for is to secure the device, the Intune can be integrated with the Mobile Threat Defense partners software, please see this link  https://docs.microsoft.com/en-... 

Bjarne Mattila - PeerSpot reviewerBjarne Mattila
Consultant

@Ahmad Zuhdi OK - so if a user is hacked (impersonation), the hacker can use the user info for access to the corporate data, place a malware and wait for it to "climb the latter / 5 steps" for spreading even more damage .. and wait for the right time for launching a ransomware attack ? You have to compare a mobile smart phone with a PC and some of the challenges are, that if you have no protection on the Smart Phone, you cannot certify your GDPR and the users are not protected if the "front-end" data is not protected against hackers. Those who hacked "Solar Wind" used the weakness in Microsoft back-ends (Azure, SharePoint / Exchange / O365) for spreading malware etc. https://blog.malwarebytes.com/... In Sophos MDM / Sophos Central you will have the highest level of security and real time protection on both the smart-phones and on the back-end - and all devices are by security heart beat synchronized with each other. You can even monitor (real time) and roll-back threats like zero day threats / ransomware etc. 

Ahmad Zuhdi - PeerSpot reviewerAhmad Zuhdi
Top 5Real User

@Bjarne Mattila, if you need more secure you must add Microsoft Defender ATP to enhanced the security, detail capability Microsoft Defender ATP please see this link https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-microsoft-defender-atp-for-android/ba-p/1480787... 
and the detail license requirement of Microsoft Defender ATP you can see in here https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements-... I think that once you read the details of the two links, all your previous worries can be resolved 

Bjarne Mattila - PeerSpot reviewerBjarne Mattila
Consultant

@Ahmad Zuhdi With ATP you can get Microsoft Defender on Win-10 PC's .. and not on iOS / Android devices. Microsoft ATP (in Intune) is protecting Microsoft back-office + Win-10 endpoints ONLY - but the Smart-Phone clients are NOT protected (IT-SECURITY). Microsoft even recommend other partners in IT-security as a solution for covering IT-SECURITY on Smart-Phone, which is NOT covered by Microsoft. With Microsoft Intune you can MANAGE the Smart-Phones + Apps etc. but I cannot find ANY documentation on IT-SECURITY on Smart-Phones. NB! Your first link is not working. 

Ahmad Zuhdi - PeerSpot reviewerAhmad Zuhdi
Top 5Real User
BjarneMattila - PeerSpot reviewerBjarneMattila
Real User

@Ahmad Zuhdi Does Intune have a Security Container on the Smart Phones protecting / separating Business Applications from user applications ? In Sophos MDM/EMM/UEM you get a CONTAINER for your business solutions (O365 support, Secure Browser, E-mail, contacts, virtual drives / data and calender etc.) where all business data and APPS are separated from each other. When a user / employee end his career at the company, you can remove the container- and the Smart Phone is back into private state (if BYOD). Users cannot make a private backup of the business data+Apps, and therefore you fulfill the GDPR law and get the best IT-security on the SmartPhones etc. In the Sophos Environment (Sophos Central), you don't need additional modules / services like the Microsoft ATP. The Sophos concept (Synchronized Security) ALL devices are protected with Sophos Intercept-X (Anti-Ransomware +) which gives you the highest level of IT-Security on all devices. 

Ahmad Zuhdi - PeerSpot reviewerAhmad Zuhdi
Top 5Real User

@BjarneMattila I know you are very familiar with Sophos, and always try to compare Intune with Sophos, and want to show that Sophos is more than anything from Microsoft Solution, here https://www.microsoft.com/security/blog/2019/12/03/microsoft-security-leader-5-gartner-magic-quadrants/ is a claim from Microsoft that Microsoft is getting 5 leader positions in Gartner, where there is no Sophos name there(only one in EPP)? how do you answer that?

Kishan Kendre - PeerSpot reviewer
Top 5Real User

Hi,


Microsoft Intune at par with any industry MDM solution. You will be able to manage Windows 10, iOS and Android devices, application management.


Deployment is very simple and so far I have not seen any major issues.

2021-01-21T07:33:20Z
Bjarne Mattila - PeerSpot reviewerBjarne Mattila
Consultant

@Kishan Kendre So the conclusion is that Microsoft has NO threat defense for mobile devices. Why not install e.g. Sophos MDM/EMM where you will have it all ?.. also MS Win-10 management and client protection etc. ? 

Kishan Kendre - PeerSpot reviewerKishan Kendre
Top 5Real User

@Bjarne Mattila Microsoft has all required threat defense and even you can manage all endpoint security like disk encryption, Antivirus, EDR. If you need additional then ATP can be added.

Bjarne Mattila - PeerSpot reviewerBjarne Mattila
Consultant

@Kishan Kendre In Sophos you will have disk encryption, AV, Intercept-X (best anti ransomware on the market), EDR, Enhanced EDR, Synchronized Security via Security HeartBeat and ZTNA (Zero Trust Network Access) for both Endpoints and Smart Phones, supports O365 and have integration into Microsoft Intune, Apple DEB, Android/Samsung KME (Knox Mobile Enrollment) and Google Zero Touch for smart mobile enrollment - and additionally Sophos is both logical and easy to setup, maintain, support and costs much less than Intune (including Azure etc.). 

Buyer's Guide
Microsoft Intune
June 2022
Learn what your peers think about Microsoft Intune. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
610,045 professionals have used our research since 2012.