Information Technology System Administrator II at a government with 51-200 employees
Real User
Top 5
2024-04-02T21:09:00Z
Apr 2, 2024
I would like them to stop making changes and not tell people they have already made the changes. I know that their AI pieces are at the infancy stage, but allowing users to do more tagging for information would be an interesting thing because Intune also directly integrates with Azure. Because a lot of the devices are hosted with that, you also get a lot of tagging of user data and other things like that. Tagging is still at more of an infancy set. You get a lot of false flags. There can also be a more simplified use case for app deployment. They leverage MSIs and WIN32. I am having a more washed-out EXE process. Rather than having to build the script sets yourself, having them autogenerated script based on you uploading in a default location would be nice.
Senior Associate, IT Operation at a venture capital & private equity firm with 51-200 employees
Real User
2024-04-01T07:44:00Z
Apr 1, 2024
I would like to see easier pushdowns. Currently, we have to package our own software and then push it. Intune can make that way easier and integrate applications, such as Zoom and Adobe Acrobat, that are used by a lot of enterprise or corporate organizations. If they can integrate all the applications in their Intune system and allow all the IT admin to see any vulnerability upgrades or any feature upgrades required, that would be great. Currently, we do not have this kind of information proactively showing up in the admin dashboard. The UI is very difficult to navigate around. You have to click multiple times. For example, you have to click four or five times to get to the BitLocker key. If something is missing or something is not installed properly, you get the same error every time. Behind the error message, there is a lot of meaning to it. The user interface and the way Intune shows the errors for troubleshooting do not make it very useful for me. We can only get a glimpse of the error, but you have to figure out the rest of the things on your own. You have to go to Google, or you have to go to GitHub or another forum to find any related information.
We package Win32 applications and import existing packages using solutions like SCCM or third-party tools. While Intune doesn't currently offer third-party application patching, we rely on third-party solutions for that functionality. A new Intune feature - Enterprise App management allows to deploy Microsoft and Third party apps and keep them up to date but it incurs additional licensing costs. Ideally, this feature should be included in the base license. Similarly, the privilege endpoint management feature also requires additional licensing. Intune would benefit from offering some core features at no extra cost. The most valuable improvement, in my experience, would be the ability to identify inactive devices through reports. Customizable reporting capabilities within Intune would simplify overall management and allow us to track device activity and inactivity more effectively.
There is room for improvement in integrating additional features such as Purview and SharePoint activities into Intune, which would enhance its functionality.
There are lots of areas. The backend of Microsoft Intune needs to be improved. We have seen a little bit of delay as compared to other MDM solutions. That needs to be improved. A little bit more granularity should also be added.
Areas for improvement in Intune include expanding support beyond Samsung devices to accommodate other Android manufacturers like Redmi and Motorola. Additionally, there is a need for better support for Linux operating systems, as patch management for Linux is currently not managed by Intune, unlike for Windows devices.
The current Intune reporting functionality could benefit from some improvements. Specifically, a report that tracks patch deployment status would be valuable. Ideally, I'd like a report that provides device-level details on applications and controls deployed. However, it seems like other organizations might be more interested in control-centric reports, showing details like what control was deployed, the number of devices affected, and other relevant device data. Overall, reporting is the area where we're encountering the most challenges with Intune.
Chief Information Security Officer at a comms service provider with 11-50 employees
Real User
Top 20
2024-01-10T10:36:00Z
Jan 10, 2024
Some of the security posture limitations are not brilliant; they're not ideal, but they're not causing us a problem at the moment. It's the granularity: "Is your firewall on? Is BitLocker on?" It's not amazing granularity. But I've looked into other products, like Duo, and they're all similar.
IT Systems Admin at a government with 10,001+ employees
Real User
Top 20
2023-11-27T15:55:00Z
Nov 27, 2023
I have a lot of Apple products in my environment. It would be nice to have an improved integration of Apple products with Microsoft Intune without Jam.
There is room for improvement in integration and security as well. Those are areas that clients are always concerned about. So, in future releases of the product, I would like to see better integration as well as enhanced security.
Technology\Cloud Architect | IT Infrastructure Security & Compliance at IDFC FIRST Bank
Real User
Top 5
2023-05-17T10:42:00Z
May 17, 2023
Unlike VMware Workspace ONE, which provides system configuration and endpoint management, Microsoft Intune is not a standalone application. This is a limitation of Microsoft Intune because it does not provide all the information we need or the application details of the devices connected. Microsoft Intune's support for Mac devices is lacking and could be improved.
SR IT administrator at Cardinal Integrated Technologies Inc
Real User
Top 10
2023-05-17T09:28:00Z
May 17, 2023
When somebody has a customized application or their own company's application, we cannot deploy that application. For that, Microsoft has to change some tools, such as the launch tools, so that we can deploy those applications as well.
Senior Manager Information Technology Infrastructure at a financial services firm with 11-50 employees
Real User
Top 10
2023-04-07T12:55:00Z
Apr 7, 2023
Integrating certain group policies can be challenging and may necessitate using on-premises systems to integrate them with Microsoft Intune. I am encountering challenges integrating with multiple domains outside of my own due to unsupported Active Directory extensions.
For mobile device management, especially for the Windows operating system, it's quite impressive. But it would really be helpful to have the option to manage server operating systems as well, like Windows Server, at least. That way, we could scrap the use of SCCM, which requires a lot of on-premises infrastructure. Another area for improvement is the reporting structure. For example, currently, when deploying Windows 10 or Windows 11 updates, I don't get any detail or structured reports showing which updates are installed on the devices. It only gives me information on whether the update policy has been successfully deployed on the device or not. That type of installed-updates detail would be helpful.
Sometimes, customers compare it with AirWatch, but the concept of Intune is different from other solutions. It's an application management app. It gets a bit difficult to explain it to customers, but it's not a product limitation. It takes a presale document or presentation to explain it to customers.
Microsoft needs to enhance device-level security, as sometimes when using Microsoft Intune, the device's operating system becomes stuck and requires a full uninstall to remove the Intune bug. The price of the solution has room for improvement.
Chief Technology Officer at a tech services company with 51-200 employees
Real User
Top 10
2023-02-24T19:16:00Z
Feb 24, 2023
Due to the abundance of features, there's a lot to organize, which makes managing and setting up the solution challenging. The setup is immense, and it would be good to see improvement in this area. The stability could be improved.
Lead - Warehouse & Logistics at a comms service provider with 10,001+ employees
Real User
Top 20
2023-02-13T13:19:00Z
Feb 13, 2023
Deploying an app can be a complex process due to dependencies. For example, I have a package with three files that need to run, but one of them has a dependency on another one. This can be challenging to manage with the Intune app deployment and has room for improvement.
Project Engineer at a computer software company with 51-200 employees
Real User
Top 5
2023-02-12T12:27:00Z
Feb 12, 2023
I'd suggest adding more features for macOS in Intune. There should be more functionality for managing macOS. There should be a better capability for pushing things down on macOS. Currently, Intune is not capable of managing macOS at the same level as Windows.
We need the capabilities of the Cloud Management Gateway (CMG) to be enhanced through Intune instead of Azure. I suggest that Microsoft consider this. If the user already has a subscription to Intune, they should not need to buy an additional subscription for Azure services. The support needs improvement. When we need support, we don't get a response within the SLA because the support has been outsourced.
A few of the options are a bit hard to understand. As compared to on-prem services such as AD, it's a bit different. For example, group policy objects have different names. It takes some time to find out where various options are available. I wanted to check if there is any provision at the Intune level to restrict certain things, such as a website, but unfortunately, that feature is available only in Microsoft Defender. Intune has web filtering capabilities, but they are only useful for protection from malicious websites, whereas we would like to be able to restrict a website. For example, YouTube is a clean website. No one would identify it as a malicious website, but if we want to stop the end-users from going to that website, we have to go for another product, such as Microsoft Defender or another third-party proxy solution. It would be great if this capability is included in Intune.
It should enable remote connection without involving any third-party application tools. Currently, if we connect another PC or any other machine, it requires a third-party integration to connect to it through Intune. That should not be the case. The UI also needs improvements because it is complex for end-users. We have had feedback from a few users in our organization who found the UI is not feasible for tracking and analyzing all the processes and monitoring all the devices.
Reporting in Microsoft solutions is pathetic. With Intune, I'm getting a free inventory tool, but I don't get a reporting tool. When I go to Intune, I can see one machine's entire data in terms of the hardware and the software running on it, but I cannot generate a report for all the machines in the organization. The reporting is the only feature holding back the functionality that is already there. All the other third-party tools are doing the same thing, whether Atlassian, ManageEngine, or Ivanti. They all install an agent on your system. Intune also has an agent on your system collecting inventory details and sending them across the central console, but Microsoft doesn't have the reporting capability there. That is the only drawback I see.
Senior IT Security Specialist at a tech services company with 1,001-5,000 employees
Real User
Top 5
2022-11-11T19:34:13Z
Nov 11, 2022
It would be nice to have a location tracker for the mobile device management tool. I'm not sure if it exists but hasn't been configured or if it's missing, but we've been unable to utilize the location features.
President/CEO at a tech services company with 1-10 employees
Real User
Top 20
2022-05-18T15:42:49Z
May 18, 2022
It's really matured and improved over the years by assimilating competing products. There are a lot of things that used to be better than Endpoint Manager or not available in Endpoint Manager that were absorbed or purchased and placed into this product. From a deficiency perspective, I can't recall coming across anything substantial. I'm trying to think of a weakness. I compared it to Ivanti. From a new user's perspective, it may be a little overwhelming because there are quite a few things to look at in the console, however, once you are sort of acclimated and are familiar with your core functions, it's fairly simple and straightforward. You can modernize the UI a little bit, however, change for a sake of change isn't always a good thing.
It's only good for a Microsoft environment. While it works very well for Microsoft users but if you have other kinds of operating systems, it's very painful to use. They need to take into consideration the Linux operating system and not only the Microsoft operating system. The solution needs better patching across applications.
Global Endpoint Manager at a manufacturing company with 10,001+ employees
Real User
2022-01-04T21:37:01Z
Jan 4, 2022
The product needs better management support, for sure, especially between non-Microsoft applications. It would be good, for example, to have some Chrome OS support. The solution requires baselines within the web console. That's something that is missing. They need better delegation capabilities in the reporting. The solution requires Mac support.
Desktop Architecture and Design at a tech services company with 1-10 employees
Real User
2021-12-01T16:19:00Z
Dec 1, 2021
No tool is 100% perfect. An issue we have run into with Microsoft Endpoint Manager is that we cannot patch third-party products like Adobe and Chrome with it.
Microsoft Intune is a comprehensive cloud-based service that allows you to remotely manage mobile devices and mobile applications without worrying about the security of your organization’s data. Device and app management can be used on company-owned devices as well as personal devices.
In an increasingly mobile workforce, Microsoft Intune keeps your sensitive data safe while on the move. Microsoft Intune makes it possible for your team members to work anywhere using their mobile devices....
I would like them to stop making changes and not tell people they have already made the changes. I know that their AI pieces are at the infancy stage, but allowing users to do more tagging for information would be an interesting thing because Intune also directly integrates with Azure. Because a lot of the devices are hosted with that, you also get a lot of tagging of user data and other things like that. Tagging is still at more of an infancy set. You get a lot of false flags. There can also be a more simplified use case for app deployment. They leverage MSIs and WIN32. I am having a more washed-out EXE process. Rather than having to build the script sets yourself, having them autogenerated script based on you uploading in a default location would be nice.
I would like to see easier pushdowns. Currently, we have to package our own software and then push it. Intune can make that way easier and integrate applications, such as Zoom and Adobe Acrobat, that are used by a lot of enterprise or corporate organizations. If they can integrate all the applications in their Intune system and allow all the IT admin to see any vulnerability upgrades or any feature upgrades required, that would be great. Currently, we do not have this kind of information proactively showing up in the admin dashboard. The UI is very difficult to navigate around. You have to click multiple times. For example, you have to click four or five times to get to the BitLocker key. If something is missing or something is not installed properly, you get the same error every time. Behind the error message, there is a lot of meaning to it. The user interface and the way Intune shows the errors for troubleshooting do not make it very useful for me. We can only get a glimpse of the error, but you have to figure out the rest of the things on your own. You have to go to Google, or you have to go to GitHub or another forum to find any related information.
We package Win32 applications and import existing packages using solutions like SCCM or third-party tools. While Intune doesn't currently offer third-party application patching, we rely on third-party solutions for that functionality. A new Intune feature - Enterprise App management allows to deploy Microsoft and Third party apps and keep them up to date but it incurs additional licensing costs. Ideally, this feature should be included in the base license. Similarly, the privilege endpoint management feature also requires additional licensing. Intune would benefit from offering some core features at no extra cost. The most valuable improvement, in my experience, would be the ability to identify inactive devices through reports. Customizable reporting capabilities within Intune would simplify overall management and allow us to track device activity and inactivity more effectively.
There is room for improvement in integrating additional features such as Purview and SharePoint activities into Intune, which would enhance its functionality.
There are lots of areas. The backend of Microsoft Intune needs to be improved. We have seen a little bit of delay as compared to other MDM solutions. That needs to be improved. A little bit more granularity should also be added.
Areas for improvement in Intune include expanding support beyond Samsung devices to accommodate other Android manufacturers like Redmi and Motorola. Additionally, there is a need for better support for Linux operating systems, as patch management for Linux is currently not managed by Intune, unlike for Windows devices.
The current Intune reporting functionality could benefit from some improvements. Specifically, a report that tracks patch deployment status would be valuable. Ideally, I'd like a report that provides device-level details on applications and controls deployed. However, it seems like other organizations might be more interested in control-centric reports, showing details like what control was deployed, the number of devices affected, and other relevant device data. Overall, reporting is the area where we're encountering the most challenges with Intune.
There can be more logs. I do not have any other requirements. I am very satisfied with it.
I would like some integration with the Microsoft reporting platform Power BI.
I would like the ability to install the agent on devices from suppliers, which would enable us to implement a zero-trust strategy for guest devices.
Some of the security posture limitations are not brilliant; they're not ideal, but they're not causing us a problem at the moment. It's the granularity: "Is your firewall on? Is BitLocker on?" It's not amazing granularity. But I've looked into other products, like Duo, and they're all similar.
The policies we had in SCCM and AD offered features that are missing from Microsoft Intune.
We faced issues with macOS support. The product should have better inventory and asset management.
I have a lot of Apple products in my environment. It would be nice to have an improved integration of Apple products with Microsoft Intune without Jam.
There is room for improvement in integration and security as well. Those are areas that clients are always concerned about. So, in future releases of the product, I would like to see better integration as well as enhanced security.
Integration with Mac devices requires some improvement.
Unlike VMware Workspace ONE, which provides system configuration and endpoint management, Microsoft Intune is not a standalone application. This is a limitation of Microsoft Intune because it does not provide all the information we need or the application details of the devices connected. Microsoft Intune's support for Mac devices is lacking and could be improved.
When somebody has a customized application or their own company's application, we cannot deploy that application. For that, Microsoft has to change some tools, such as the launch tools, so that we can deploy those applications as well.
Integrating certain group policies can be challenging and may necessitate using on-premises systems to integrate them with Microsoft Intune. I am encountering challenges integrating with multiple domains outside of my own due to unsupported Active Directory extensions.
For mobile device management, especially for the Windows operating system, it's quite impressive. But it would really be helpful to have the option to manage server operating systems as well, like Windows Server, at least. That way, we could scrap the use of SCCM, which requires a lot of on-premises infrastructure. Another area for improvement is the reporting structure. For example, currently, when deploying Windows 10 or Windows 11 updates, I don't get any detail or structured reports showing which updates are installed on the devices. It only gives me information on whether the update policy has been successfully deployed on the device or not. That type of installed-updates detail would be helpful.
Sometimes, customers compare it with AirWatch, but the concept of Intune is different from other solutions. It's an application management app. It gets a bit difficult to explain it to customers, but it's not a product limitation. It takes a presale document or presentation to explain it to customers.
Microsoft needs to enhance device-level security, as sometimes when using Microsoft Intune, the device's operating system becomes stuck and requires a full uninstall to remove the Intune bug. The price of the solution has room for improvement.
Due to the abundance of features, there's a lot to organize, which makes managing and setting up the solution challenging. The setup is immense, and it would be good to see improvement in this area. The stability could be improved.
Deploying an app can be a complex process due to dependencies. For example, I have a package with three files that need to run, but one of them has a dependency on another one. This can be challenging to manage with the Intune app deployment and has room for improvement.
I'd suggest adding more features for macOS in Intune. There should be more functionality for managing macOS. There should be a better capability for pushing things down on macOS. Currently, Intune is not capable of managing macOS at the same level as Windows.
The solution could be improved by the opportunity to connect third-party application databases, such as Chocolatey or another setup store, to Intune.
We need the capabilities of the Cloud Management Gateway (CMG) to be enhanced through Intune instead of Azure. I suggest that Microsoft consider this. If the user already has a subscription to Intune, they should not need to buy an additional subscription for Azure services. The support needs improvement. When we need support, we don't get a response within the SLA because the support has been outsourced.
A few of the options are a bit hard to understand. As compared to on-prem services such as AD, it's a bit different. For example, group policy objects have different names. It takes some time to find out where various options are available. I wanted to check if there is any provision at the Intune level to restrict certain things, such as a website, but unfortunately, that feature is available only in Microsoft Defender. Intune has web filtering capabilities, but they are only useful for protection from malicious websites, whereas we would like to be able to restrict a website. For example, YouTube is a clean website. No one would identify it as a malicious website, but if we want to stop the end-users from going to that website, we have to go for another product, such as Microsoft Defender or another third-party proxy solution. It would be great if this capability is included in Intune.
It should enable remote connection without involving any third-party application tools. Currently, if we connect another PC or any other machine, it requires a third-party integration to connect to it through Intune. That should not be the case. The UI also needs improvements because it is complex for end-users. We have had feedback from a few users in our organization who found the UI is not feasible for tracking and analyzing all the processes and monitoring all the devices.
Reporting in Microsoft solutions is pathetic. With Intune, I'm getting a free inventory tool, but I don't get a reporting tool. When I go to Intune, I can see one machine's entire data in terms of the hardware and the software running on it, but I cannot generate a report for all the machines in the organization. The reporting is the only feature holding back the functionality that is already there. All the other third-party tools are doing the same thing, whether Atlassian, ManageEngine, or Ivanti. They all install an agent on your system. Intune also has an agent on your system collecting inventory details and sending them across the central console, but Microsoft doesn't have the reporting capability there. That is the only drawback I see.
It would be nice to have a location tracker for the mobile device management tool. I'm not sure if it exists but hasn't been configured or if it's missing, but we've been unable to utilize the location features.
It's really matured and improved over the years by assimilating competing products. There are a lot of things that used to be better than Endpoint Manager or not available in Endpoint Manager that were absorbed or purchased and placed into this product. From a deficiency perspective, I can't recall coming across anything substantial. I'm trying to think of a weakness. I compared it to Ivanti. From a new user's perspective, it may be a little overwhelming because there are quite a few things to look at in the console, however, once you are sort of acclimated and are familiar with your core functions, it's fairly simple and straightforward. You can modernize the UI a little bit, however, change for a sake of change isn't always a good thing.
The installation could be improved to be simplified.
It's only good for a Microsoft environment. While it works very well for Microsoft users but if you have other kinds of operating systems, it's very painful to use. They need to take into consideration the Linux operating system and not only the Microsoft operating system. The solution needs better patching across applications.
It should be easier to define policies and comply with those policies. The initial setup is complex. We aren't lacking any features at this point.
The product needs better management support, for sure, especially between non-Microsoft applications. It would be good, for example, to have some Chrome OS support. The solution requires baselines within the web console. That's something that is missing. They need better delegation capabilities in the reporting. The solution requires Mac support.
No tool is 100% perfect. An issue we have run into with Microsoft Endpoint Manager is that we cannot patch third-party products like Adobe and Chrome with it.