What is our primary use case?
We are VMware and Microsoft partners, so we offer services around their products.
We are using Intune internally but we are leveraging it for our customers as well. That is a different story. One part of Intune is within our company, but we are also providing services around Intune and Workspace One for our customers.
For us, Intune is on the public cloud. For our clients, it depends on the requirements and it varies from customer to customer. Some clients' requirements are deployed in private cloud mode or the hybrid setup. It depends. Requirements differ from industry to industry. If a company is BFSI (Banking, Financial Services, and Insurance), then they will be looking for a private cloud solution. If it is something which is not BFSI or maybe some industrial interest, they might go with the public cloud.
In the end, most of our instances are in the public cloud unless there is some compliance requirement. Otherwise, the accounts are mostly in the public cloud to conform to regulations.
Intune is used essentially to facilitate the ability of enterprise organizations to manage their endpoints. It is for end-user computing or UEM (Unified Endpoint Management) solutions.
How has it helped my organization?
One of the major advantages of using Intune is for our ISO (International Organization for Standardization) certification. We have to meet requirements for ISO 27001 and 27002 and part of that is that we need to have a proper control mechanism for endpoints and the users who are using those endpoints. The other requirement is that we need to manage the workforce. We have to manage their time to understand how long they have been working, how long their device was on, when they were working, et cetera. So we use some other products that compliment Intune to gather the data on that.
For example, we have something called Time Doctor. We use it to monitor how long people have been working. We get reports that detail how long their devices have been on. Then there are different ways we can leverage these results and statistics. For example, we can compare the uptime of the device and uptime of Time Doctor. With that, we can understand how long an employee was working on something, but how much more time the machine was up in addition to the work period. That shows the period of time that he or she was not using Time Doctor.
The other thing is we can remotely access a device. For example, say we have to do some troubleshooting because a user is having an issue. We can remotely log in via Intune to troubleshoot the issue, as long as the device is accessible. Obviously, that can only happen if there is no issue with the internet and connectivity and services. But we can remotely access the device and troubleshoot the issue securely.
Those are some of the different use cases.
What is most valuable?
I guess in our company we are using most of the features in Intune. What we use it for is to control the endpoints. We publish some selected applications and the end-users are only able to download and install those applications. They are not allowed to install or use any other applications other than what we provide. We do compliance checking. We run assessments periodically on the endpoints using Intune, and Intune generates reports. Sometimes we need those reports to qualify for our ISO certifications.
It is a similar thing for customers as well. There is a different requirement but it is a similar idea. For example, if we are engaged with an oil and gas company, they have back-office stations and point-of-sale solutions. In this case, those are Windows systems. What they used to do is they had to manage those solutions manually. They had a contract with some third party. The third-party would go on the sites if there was an issue or something, and maintenance and delivery were all manual. They did not have any EMS (Endpoint Management Solution) at all. The only thing they had was something called a radiant configuration management server. That was only used for configuration purposes, not for maintenance or other troubleshooting.
The concern and the requirement over delivery was raised because of COVID. No one was able to go to the sites to do the troubleshooting, maintenance, and delivery. The only solution that they had was to engage with us to deploy these solutions on their endpoints. They did not all go with Intune, some went with Workspace One, which is also a UEM solution. So they wanted us to deploy UEM on AWS public cloud, then connect it, wire their MPLS (Multi-Protocol Label Switching) network to the end-point spots and box devices in order to manage them.
What needs improvement?
The generic answer to what can be improved is that I hope that the reporting needs to be a bit more interactive.
For how long have I used the solution?
In our company, we have been using Intune for the past three years.
What do I think about the stability of the solution?
I think Intune has been in the market for a long time now. That maturity makes it pretty much stable because it has been through so many iterations.
What do I think about the scalability of the solution?
Until now, we did not have any concern with respect to scalability within whatever we have done either for our organization or for our clients. We have done installations for bigger companies, for smaller workforces within bigger companies, but not for the larger endpoints. We do not know how well it scales in every direction and if scaling will cause any problems. We have not come across those things.
In our organization, we probably have 250 to 300 people who are using the product. We will probably increase that usage in the future, but it depends. We were planning to introduce Microsoft ATP with Intune for advanced threat protection, which compliments the security part. Because Intune does not have advanced threat protection capabilities on its own this resolves that issue. There may be other considerations in the future that influence the importance of Intune to what we need it for and how we proceed.
How are customer service and technical support?
We are Microsoft partners and we have a different support model with Microsoft than a typical client will. We have not had any issues with our support team and they have worked well with us up to this point. We have a different channel than the partners who need to communicate with Microsoft another way.
Which solution did I use previously and why did I switch?
It is a tricky thing to answer exactly what I have used that either was prior to or a substitution for Intune. That depends on different things and factors. First of all, Workspace One is definitely highly scalable, that I know. Workspace One also has a lot of integration options wherein we can have a lot of peripheral tools. Workspace One actually started with only UEM, but it is now not limited to UEM only.
Intune, is only a UEM. So Workspace One has one integration as UEM, but it has many other things. Apart from that, it has Workspace One Intelligence, it has Workspace One Assist, et cetera. There are four different parts that can be integrated with Workspace One and they can work together for a highly scalable, highly secure, and highly analytical solution.
Microsoft also has solutions. It is just that they are different solutions implemented in a different way. For example, ATP (Advanced Threat Protection) Microsoft is for advanced threat protection. WAD is for virtual desktops. They do not have the same type of tight integrations as Workspace One. All of these Microsoft products work separately. In Workspace One, all the products compliment each other and all the products can be combined more like modules under Workspace One. They can push their findings to Workspace One Intelligence where all data intelligence can be done. Auto remediation can be done. We can get findings from VMware because now Workspace One security is there to make sure that this is secure under the umbrella. VMware Carbon Black is also the same in that it can send its findings to Workspace One Intelligence. So the integration is the part that is handled differently. Workspace One has many features. Microsoft also has those features. It is just that it is a different way to orchestrate. In Microsoft, it is not under one umbrella. In VMware, that is under one umbrella, which is Workspace One.
The pros and cons are different because both approaches have their own advantages and disadvantages. Both have solutions for each of the functions. For example, each has advanced threat protection and all those capabilities. If you stay working with that family of solutions, you do not have a problem.
Now say, for example, a company went with Workspace One because they wanted to leverage UEM. They adopted some other modules as well with it to create solutions for problems or needs that they want to solve. They have to have Workspace One for this solution and they can not work with it separately. That might be a cost factor because they can not work with one tool only, they have to make the license for two products because they do not work separately.
For Microsoft, since the products are completely separate, customers can choose which one to go with and only use that. They can go with only one product, or they can add any of the others. They do not need to have the central component to bring them together.
So that might be an advantage or disadvantage in using one product or the other depending on the use case.
How was the initial setup?
We did not experience any complexity in the initial deployment and there was no problem with the installation, I do not think. The complexity definitely depends on what you are trying to accomplish. I do not remember exactly because I do not directly deal with deployment anymore. I am actually leading it. We have a team that deploys the product. I do not look over their shoulder to know how much time it takes exactly and what factors it requires for successful deployment.
What about the implementation team?
We did the deployment by ourselves without the help of consultants or vendors, that I know. We are system integrators. We have the capabilities to do things for customers. We did it ourselves. The only thing is, we have a separate team for the Microsoft product installations. Especially for something like Microsoft Intune, we need to have a special expertise. Something called Microsoft Windows, virtual desktops, all of that needs someone to install it who is intimate with the application. Microsoft Azure is something that can be used for different Microsoft technologies and solutions. We have a different team that we will put on the implementation of these products depending on the requirements.
What's my experience with pricing, setup cost, and licensing?
The pricing for Microsoft Intune is reasonable. Our clients are satisfied.
What other advice do I have?
If someone is looking to have a more integrated result, they are looking for many other things like EDR (Enhanced Data Detection and Response). It is probably better to go with Workspace One because they have that under one banner. Obviously, if there is something under one banner, the integrations are simple, they are seamless, and they complement each other.
I do not think I will have a good answer for what advice to give because technically I have not used Intune myself for some time now. I have a team that works under me for this. I am at an architect-level position now. My perspective reflects that.
On a scale from one to ten (where one is the worst and ten is the best), I would rate Intune as an eight at least if you are only talking about a UEM solution. Personally, I am not very concerned about the reporting part, so I will consider it at eight. But if someone is looking for extensive reporting detail that is easy to understand. Interactive reporting that will give them better-tuned results, then obviously the rating might go down.
The only thing which I see that can be done to raise this product from an eight is to package Intune as a product under one umbrella. If that were to happen, it covers the whole of end-user computing and security solutions.
At the moment, these are two separate things when using Intune. There may be another way to accomplish this under the one umbrella if you go with Intune. For example, if there is an add-on within Intune to leverage containerized security, auto containment, and all those things. This would be a more flexible solution if that were the case. At the moment, Intune is not required to be installed as a client. As a client in the system, it can communicate with servers and do some auto containments, endpoint detection, and response. If there was a separate solution that could be added as a paid solution to create the umbrella, you have created both solutions simultaneously.
The main reason this problem came into the picture was because of this COVID pandemic. IT teams and security teams do not go well together normally. There has to be one solution which can offer both. It can be for both IT architects, IT technical support, and security support. That is the solution that can be leveraged for both security and end-user computing. It is simple.
Which deployment model are you using for this solution?