Microsoft Intune Reviews

Intune is being used by our organization for managing end-point security for our employees and customers.

We are in the financial domain where financial transactions are done. It is quite challenging to secure all the devices and systems. We have more than five banking and financial services-based applications running from the cloud. So it is a priority to protect those applications.

We have increased our overall productivity by 20 to 25 percent. Because devices are all handled remotely, and even though it is quite challenging to handle all the types of information and data from all the devices to make them secure, Intune has provided a good way to maintain everything seamlessly.

All the features are good. It has the ability to handle mobile device management and all your security infrastructure. But one of the best features is Windows Autopilot because if you change any of your devices, whatever security policies and compliance policies that applied can be easily migrated to the new devices. Windows Autopilot gives you that flexibility. You just turn on the new machine and synchronize it and Windows Autopilot does the rest.

It provides centralized administration of all our mobile devices for updates, security, patch management, and upgrades.

Also, because our team is spread out and there are users who work remotely, if their devices are stolen, damaged, or lost, we can wipe their data at our end so that there won't be any data loss. There might be useful information about our organization on the device. Because we can easily wipe their data, no third party can access that data.

In addition, it is easy to roll out policies and configurations to N number of devices.

It should enable remote connection without involving any third-party application tools. Currently, if we connect another PC or any other machine, it requires a third-party integration to connect to it through Intune. That should not be the case.

The UI also needs improvements because it is complex for end-users. We have had feedback from a few users in our organization who found the UI is not feasible for tracking and analyzing all the processes and monitoring all the devices.

I have been using Microsoft Intune for two years.

The stability is good. We haven't faced any issues yet. It is a nine out of 10.

It is scalable. There is the ability to scale resources at your end, but you have to pay more for that.

We don't require too much technical support, because all the training materials and guidance documents are available online on Microsoft's site. We have had no issues with that.

Positive

We used ManageEngine Endpoint Central. Its features and functionality are quite similar to those of Microsoft Intune. But we had to migrate to Microsoft-based solutions and we found Intune to be better than the others.

Another main reason we are using it is that Intune provides end-to-end security for Windows OS, macOS, and our systems. Earlier, it was Microsoft Endpoint Manager. Intune is very good software, a good cloud-based solution.

The initial setup is quite easy because it is a cloud-based, managed service. There is nothing complex about it.

We worked with Microsoft. About 10 to 12 of our staff were involved, mostly from the network and infrastructure groups.

The return on investment, in terms of the features and the expectations of the solution after deployment, is good. It is positive.

The pricing is challenging. Microsoft needs to pay some attention to it. It is good for big enterprises, but I'm not sure that small and medium-sized organizations can adopt it.

The pricing includes maintenance, upgrades, and updates.

In addition to ManageEngine, we looked at BigFix by HCL.

There are a lot of differences. Integration and compatibility are major aspects. If you are familiar with other Microsoft solutions, using a new Microsoft solution is not complex. It's easy to understand. That is one advantage. 

And overall, the features and suitability of Intune are unmatched.

My advice is that if you are already using Azure as a cloud service provider, Intune is a good choice, without compromising with third-party vendors and tools. It gives you the flexibility and integration capabilities with other Microsoft products.

I am an Operations and Infrastructure manager. I do not use it directly. My team is the implementer, and I oversee it. I know the product, and I know what I can do and what it can do. I just do not push the buttons.

We are still launching it. We have about 85% of our PCs in Intune. We have only got two or three conditional access policies and compliance policies in place.

We are using it for endpoint management for basically getting control. Our next step will be to launch Autopilot. We will use Intune Autopilot and then also security policy management and group policy management. We will also use it for updates and patching compliance.

At this stage, we have not fully utilized its capability for securing hybrid work and protecting data on company and BYO devices. We are still growing. We have been managing our security manually through the security portal and through Azure Security. Intune can provide an additional level of management capability by bringing all of the external services into one management console. It is going to make managing our security posture a little bit easier.

Intune has not yet affected IT productivity in our organization, but it will. Once we start bringing on the remote support capabilities and we are fully compliant in terms of touch management and minimum touch levels, it is going to ease up a lot more. There will be more time and resources for us to look at the other features and capabilities.

Intune has helped to reduce the risk of security breaches in our organization, and that is purely due to its patch management at this stage.

Intune has saved us costs. As it is bundled with our enterprise agreement or enterprise subscription, we have not had to look at additional products. I am still hoping to convince our business that maybe Absolute is not needed if we can manage things with Intune. As we are still relatively young and immature in that area, we might need to look at alternate products to bolt onto it, so we have not yet had any direct savings. We have possibly had indirect savings.

Based on the bit of work or research that I have done, it seems to fit our needs. When you are looking at some of its tracking and management capabilities versus Absolute, it just does not go that one step further where Absolute would go with the recovery service for Precision laptops. My users or asset management are asking for the recovery capability on laptops. If they were not asking for that, I would just settle for Intune and provide the lost location and submit those details to enforcement, but they want the recovery service.

Intune has not helped us consolidate vendors because we are pretty much a single vendor. We have only got the Microsoft ecosystem. We are busy decommissioning our on-prem System Center setup, and we are moving to Intune on the cloud. It is integrated fully with AAD. We do not want to run infrastructure in South Africa. Because of the load shedding and electricity problems that we have here, we would rather use the cloud.

In the context of our journey to the cloud, it is important for us that the capabilities of the Intune Suite are integrated with Microsoft 365 and Microsoft Security for both cloud and co-managed devices. It would not have been attractive if it was not.

It is quite easy to manage. From what I have seen, it is very easy to check through. It is very basic. I do not need to be a rocket scientist to manage it. It takes a little bit of experience to set it up if you have never done it before. From a manageability point of view and ease of use, I would give it an eight out of ten rating.

It is quite policy-enabled, so you can build pretty much any policy to manage remote endpoints.

There could be more wizard-driven policy development or creation. Some of the policies can get quite complex. If they have a wizard that assists the administrators in creating the policy, that will be a great job.

Microsoft South Africa should improve their support for Intune in terms of turnaround time.

We started using it in about October 2022. It has been about a year and four months.

Microsoft South Africa could certainly improve on their support of it in terms of the implementation experience and completion of the project. This project has been going on for a year and four months already, but it should have been completed in six months. There are just too many clients looking at it, and there are not enough Microsoft support engineers for Intune.

We have one assigned Microsoft resource. We have got a unified support contract. They have only one support person to deal with multiple clients within our area, and if he is not available, we just wait.

If we had confident and good support from Microsoft, we probably could have cut the project time by 50%. We probably would already be finished and have 100% PCs fully compliant with Intune. 

I would rate their support a four out of ten.

Neutral

We are busy migrating from Microsoft System Center Configuration Manager and Endpoint Manager because of the infrastructure requirements. We want to be on the cloud.

We are a key government department that looks after and advises 13 other departments. They are rolling up Intune to those 13 departments.

It comes as a bundle, so you do not really know what the prices are. Microsoft does not break it down to the user cost for us. It is just bundled with our E5 license.

We did not evaluate other solutions because Intune was a part of our subscription.

My advice would be to make certain that you have the relevant in-house capability so that if you are working with Microsoft, you are able to cross-skill with Microsoft. If you do not have that and you are going to fully rely on Microsoft to assist you with deploying it, then make certain that you go into your project with your eyes wide open in terms of timing. The product is good. The scoping of the project is good, but the turnaround time is an issue. There is a lot of improvement required at Microsoft's end. The easier they make the policy creation within Intune with the wizard-driven process, the easier it will be for the internal administrators to implement it. If you remove your reliance on Microsoft, you can run a good product.

We do not use the feature called Tunnel for MAM to provide remote access to corporate resources on mobile devices. We do use Teams as a support or email support tool. We have a very small department, so that is sufficient. We would not migrate it to Intune.

We are not using Intune's Endpoint Privilege Management feature. At this stage, we are using Azure privileged management as the primary means of control. If it makes sense, we will get to it. It is not the first one on the list of things that we have got to do at the moment. We are on a zero-trust journey. If it is going to be one of the tick boxes, we will get to that.

Based on what I have seen of the product and its capabilities, I would rate Intune a seven out of ten. There are some issues that need to be dealt with, especially with the integration with Microsoft Defender Endpoint. Most definitely, the level of support and Microsoft resource capability is where I would mark it down.

It serves as our EDM, enabling remote computer management. We install various applications directly for users, granting us administrator-level control over the computers.

We utilize it exclusively within the IT department to manage all hardware from a single location.

It consolidates all endpoint and security management tools into a single platform. This allows us to efficiently determine the required applications for each employee. Having Azure Active Directory integrated into the complete environment further simplifies the process. Additionally, its compatibility with Android-based devices is a significant advantage, enabling the management of both Windows PCs and Android devices from a unified platform.

It offers complete visibility and IT control across various device platforms, saving us a significant amount of time. The alternative, handling devices individually each time there's a change in employee or any other scenario, is much more time-consuming.

When it comes to the user experience of Intune, the initial setup is quite straightforward, but delving deeper into its functionalities demands additional training and familiarity. This complexity can be considered a drawback. The policies that can be configured sometimes lack clarity, and understanding the limitations for users who aren't global admins can be unclear.

We don't utilize the MAM tunnel feature for remote access to corporate resources. Instead, we rely on TeamViewer for remote support when dealing with any issues.

It significantly enhanced our organization's efficiency, particularly in terms of time savings. While I don't have the specific numbers at the moment, the impact was substantial. Especially when we operated with a small IT team, the investment in the license cost was undoubtedly worthwhile.

In terms of securing hybrid work environments and safeguarding data on company and personal devices, there's flexibility to fine-tune policies for preventing certain actions. Currently, our approach restricts employees from installing unauthorized software, acting as a deterrent to Shadow IT. However, we haven't explored the full spectrum of possibilities with policies to uncover additional security measures.

The impact of Intune on the organization's security is essentially a peace of mind for me. If there's ever a report of a stolen computer, I can swiftly lock it without much concern. The speed at which this can be done is particularly reassuring, especially in the current landscape of hybrid work where such incidents tend to occur more frequently than before.

It has significantly impacted IT productivity in our organization. Onboarding and offboarding processes have become much faster. Simply Intuning the device and managing it through the internal portal or even within the VPN network streamlines the workflow. This is especially beneficial since our company supports hybrid work, extending flexibility to the IT staff as well. Inventory management has also seen a notable improvement, with less time spent. Now, we not only have a count of devices but also know which accounts they are associated with. Compared to our previous reliance on paper and Excel, this is a whole new level of efficiency. Overall, it has been an extremely positive experience for us.

While it's challenging to directly quantify cost savings, Microsoft Intune has certainly resulted in significant time savings for our organization. As we didn't have a comparable system before, it wasn't a matter of moving from something else to Intune. However, the investment has proven valuable, especially evident in the offboarding process. Previously taking fifteen to twenty minutes per device, it has now been streamlined to just a few clicks, around five minutes. This efficiency has been particularly impressive and has undoubtedly saved us considerable time.

Its most valuable aspect is the seamless onboarding and offboarding of new users, whether it's for a computer or a mobile device. This process is remarkably straightforward. Additionally, while not explicitly security features, there are safeguards in place that enhance safety. For instance, if a user reports their computer as stolen, you can promptly lock it and erase all data remotely. This means you can secure the hardware even without physical possession of the device. It goes beyond safeguarding just the Microsoft 365 user account; it extends protection to the hardware itself. It also served as a means to efficiently manage our inventory. Through Intune, I could easily access a comprehensive list of all the computers, tablets, and company-owned devices. This streamlined the process of accounting for new devices in our stock, eliminating the need for separate tracking outside of the Intune platform.

The capabilities of the Intune suite are seamlessly integrated with Microsoft 365 and Microsoft Security. This integration, especially with Microsoft 365, is crucial for us as it enables clear visibility into the association of devices with specific employees. Additionally, it facilitates tracking the usage of applications by different groups. The integration with Azure Active Directory further enhances the importance of the overall integration for our operations.

It would be beneficial to have a more straightforward understanding of Intune's capabilities, presented in a simplified manner. This way, one wouldn't need to be an Intune specialist or spend hours trying to grasp the intricacies of policies and functionalities. While I've used Intune extensively and have practical experience, I've found that to explore its full potential, significant time is needed for both understanding capabilities and seeking out relevant training. The current understanding of what actions or functionalities are available for configuration is not as clear as it could be. Enhancing the clarity of these policies, whether in terms of functionality or features, would be beneficial for users managing Intune.

I have been working with it for three years.

It provides excellent stability. We didn't face any downtime. I would rate it ten out of ten.

Scalability has been excellent. We began with a pilot involving just a few devices and swiftly expanded to over two hundred without experiencing any degradation in performance or functionality. I would rate it ten out of ten.

In terms of tech support or customer support, our experience has been somewhat mixed. Since we work with partners rather than directly with Microsoft Intune, and these partners are internal and cross-charged within the same company, there have been instances where support was not entirely satisfactory. This could be attributed to a lack of in-depth understanding on their part. However, it's important to note that they are not directly affiliated with Microsoft, and the level of support might vary accordingly.

The initial setup was complex.

Our setup is hybrid, specifically with Active Directory. The initial configuration necessitated an on-premises presence. However, once the setup is complete, the entire system operates in the cloud, making it predominantly cloud-based after the initial on-premises setup. I was involved in certain aspects of the deployment process. The complexity arose not necessarily from the intricacies of the tasks themselves but from the coordination required. As we lacked global admin privileges, there was a need for extensive collaboration between our team, global admins, and the Intune team at Microsoft.

In terms of maintenance, once it's up and running, there's not much ongoing effort required. It's essentially a set-and-forget situation. Occasionally, we might need to handle reports and views, especially when there's a new release. In such cases, there might be minor adjustments, like making something visible or invisible, but overall, the maintenance workload is minimal.

Regarding the pricing, my experience was with a nonprofit, where we enjoyed a substantial discount. While I can't provide insights from a business perspective, it's worth noting that the pricing may differ significantly, and the discount we received might not be reflective of standard business rates.

It's advisable to start with a straightforward approach, avoiding unnecessary complexity initially. However, it's equally important to have a well-thought-out plan for maximizing the platform's capabilities. Assign someone the responsibility of owning and creating a roadmap for ongoing improvements and enhancements. The idea is not just to go live and consider the implementation complete; rather, to plan for continuous refinement and utilization of additional features over time. Overall, I would rate it eight out of ten.

I use Microsoft Intune to manage and secure all our devices from one central platform. It helps me enroll and configure devices, deploy applications, and enforce security policies.

We chose Microsoft Intune to enhance endpoint management, leveraging Azure Active Directory for robust authentication. Intune's cloud-based solutions streamline device and application management, providing a user-friendly interface while ensuring strong security measures and policy compliance.

Intune has significantly bolstered our organization's security by consistently applying the latest security policies and conducting regular assessments. Its proactive approach ensures that our security measures remain robust and up-to-date.

It has significantly increased overall IT productivity in the company by enhancing efficiency and operational effectiveness. For example, its continuous monitoring and detection capabilities prevent unauthorized access attempts and streamline resource creation processes.

Microsoft Intune has notably reduced the risk of security breaches in our organization. It has significantly elevated our security posture, which is evident in the increased security score it has provided.

Microsoft Intune has helped our company save costs, especially with the implementation of policies like BYOD. This has been a significant cost-saving measure for us.

The standout features of Intune are its excellent mobile device management and highly effective application management capabilities. They streamline our operations and significantly enhance security measures.

In terms of improvement, Microsoft Intune could enhance its patch management for various devices, ensuring regular updates and tracking of device privileges. Performance reports would also be valuable for better monitoring and management.

I have been working with Microsoft Intune for five years.

Intune is a quite stable product.

We have 2,000 users currently utilizing Intune. It is highly scalable.

I would rate Microsoft's technical support as a nine out of ten.

Positive

Before Microsoft Intune, we were using SCCM, which is a more traditional approach. We switched to Intune for its modern and comprehensive capabilities, as SCCM lacked certain functionalities and agility.

The initial setup of Intune was straightforward, taking just one day to deploy. Our implementation strategy focused on identifying and securing all available assets, including desktops and mobiles. The setup was managed by one person.

Endpoint privilege management, through enforcing the least privileged access, enhances user productivity by safeguarding sensitive resources and data. This proactive approach aligns with auditor-defined policies, ensuring secure privileged account life cycles and minimizing operational costs. It simplifies management while providing robust protection.

Endpoint privilege management strengthens our security against attacks by limiting privileged access. For real-time protection, it defends against malware threats on all devices, including new or remote ones.

Intune helped us consolidate vendors, enhancing security without significantly affecting license costs, as it operates on an enterprise model. This streamlining has improved our overall vendor engagement.

Intune's integration with Microsoft 365 and Microsoft Security is crucial for our cloud journey. It provides the flexibility for users to bring their own devices and work from anywhere, aligning with our automation scaling needs.

My advice for people who are considering using Microsoft Intune is to go for it. It offers excellent scalability, accommodating any number of devices, and it is straightforward to set up, providing effective plug-and-play functionality. Overall, I would rate it as a nine out of ten.

Essentially, we use it to manage devices. We are looking at potentially moving away from VMware and bringing mobile devices and tablets into Intune along with desktops and laptops, which we currently manage, so that it serves as an all-in-one active asset list where we can look at the health of the entire technical estate. We can manage against threats. We can roll out apps, policies, et cetera. We can also manage logins, reset logins, et cetera, and it's an all-in-one, 24/7 solution.

Microsoft Intune has absolutely improved the way our organization functions. We're currently going through the AAD migration, so we are transitioning away from the old on-premise domain to Azure. The ability to take devices that were locally managed via AD but weren't managed via Intune is brilliant. We can see who last logged in, who it's managed by, which OS is there when it was last updated, etc. It gives us a micro overview of what's happening there.

Generally, we find it quite useful. We don't use it to the full extent. We've only got a P1 license, but generally, the application health and the ability to create and manage policies are valuable. We can split them very quickly into groups, multiple policies, etc. So, it's those core basics that we use, but they work very well.

It's very informative when there is an error. It allows us to backtrace where the error is and resolve that ourselves. It's a bit of a Swiss Army penknife. We find that it fixes most issues.

I'd like some more reporting so that I don't have to delve into PowerShell and I can pull more of the local device information such as memory, apps installed, etc. It would be nice to be able to see the apps that are present there but might not be managed. For example, if they installed 7Zip, it could report that back via an installed program or feature to see what was currently installed. Generally, it works, and nobody complains about it.

I've been using this solution for a couple of years.

Sometimes, they can take a little while to come back in showing that they are compliant. Typically, they may show us as not compliant even when we are. Typically, we find that it takes a couple of hours or a couple of days at worst for the machines to show as being compliant for them to settle down, but generally, it does what it says on the tin. We can set the policy, and we can put a machine or put a device into a group. That policy gets defined or pushed out, and it works. We can then move on to the next job. From my perspective, it works well, and that's why I'm just looking forward to using more Azure technologies moving forward.

It's deployed across multiple locations, departments, teams, and endpoints.

I haven't had any experience with them.

At the moment, we're using VMware AirWatch, which isn't my first choice purely because it's a super segmented platform. We are predominantly, about 95%, Microsoft. It feels a bit of an oversight not having a solution on a Microsoft platform where we've got full transparency and can make live changes. Currently, we have to go through our outsourced IT to make the changes and then we have to wait to see those changes rather than me or a colleague being able to make those changes in a live environment, so it would be my personal preference to get that moved over, which we're looking at. 

I wasn't a party to why they used AirWatch. I presume it was bundled in with the Microsoft service partner's offering originally. The IT team here is quite new. I've only been in the post for about a month, and my IT manager has only been in the post for about two months. We're just making sure that everything is easy to use and easy to manage, and it's cost-efficient for the charity moving forward.

Essentially, the way it was set up, it wasn't set up as a hybrid model. At the moment, we have got on-premises, and we have a cloud, but they're not joined. There is no passthrough, which is interesting. A lot of the on-premise has been copied over to the cloud. We are now taking the cloud to default, and the overall plan is to mothball the servers and reuse those as very high-powered desktops wherever possible. I just predominantly use the cloud.

I was not involved in its deployment, but in terms of maintenance, typically, our MSP makes the changes, but I've got GA rights to make anything that is critical. Generally, there are about 20 people at the Microsoft solution partner, and there are four of us on the IT team. There are less than 30 people in total.

I'm not sure. Certainly, it has been at least three years since the software has been rolled out, but it's not particularly well maintained by the solution partner. So, it's hard to measure the ROI. It does have merit, but in our particular sector, it's just overkill. We just need to make small and light changes whilst having effective security. We don't need corporate class, biometric/conditional access level security. Whilst we have multiple offices, they're very small. They're all under 20 users, and there's a lot of work from home. So, as long as we've got encryption, a form of AV, an anti-spam, and good account security, it certainly staves off a lot of the threats.

Personally, I feel that we haven't had the ROI purely because we're paying about £13,000 for under 300 users a year, which is a little bit top-sized. My personal feeling is to make a business case to switch to Microsoft Defender. Obviously, we've got P1 in our business premium licensing, so we've got a very basic protection at the moment that we don't use. We've got a large number of credits, and we could use those credits to switch over for a year to a higher project and see where we go from there.

Generally, it's not too bad. Obviously, a cheaper price would be great. Typically, we are in touch with the partner to provide non-profit discounts wherever possible. Generally, we get favorable discounts, so it's not too bad. Obviously, we're looking at decreasing those wherever we can to bring value back to the public purse because it's all charity based. It's all publicly funded.

Create a test group and create test policies, and then just test, test, and test before anything is rolled. It's the usual IT gambit. Test everything, and then just test it again before you roll it out.

I worked for a couple of MSPs before. I've seen it in very remote areas. I'm very impressed with it. Whilst it seems almost fashionable to criticize Microsoft, Intune is pretty much a well-laid-out product. It does what it says it's going to do. There is a lot of dependence on Microsoft products being pushed to it, and that's probably my only criticism. It would be good if Intune was a bit more open-source, but that would lead to more complications. It's a bit of a complicated beast, but generally, I like it.

I'd rate Microsoft Intune a nine out of ten. I'm happy with it.

We use Intune to manage endpoints as a centralized enterprise solution. Instead of relying on Active Directory or an on-premise system, we directly manage employee devices using Microsoft Intune. Intune, a cloud-based SaaS product, simplifies endpoint management. From a user perspective, it's an improvement. Users no longer need to be on the office network. They can set up their devices anywhere with an internet connection, whether at home or another location.

Security is also enhanced. By using Intune as a mobile device management solution, we can implement security controls and restrictions on endpoints. Intune helps us achieve a balance between user experience and security.

Managing remote employee devices with Microsoft Intune is easy. Intune acts as a central platform for deploying controls, policies, and applications to our endpoints. It simplifies the delivery of these configurations to our remote workforce.

Intune simplifies our mobile application management. Once implemented across the organization, it will eliminate our reliance on on-premises solutions. Previously, managing endpoints required using our System Center Configuration Manager. Now, Microsoft offers a unified solution called Microsoft Endpoint Manager. Intune, a key component of this suite, allows for convenient device enrollment over the internet, streamlining endpoint organization.

Intune helps bring our endpoints and security management tools into one place.

Consolidating endpoints and security management tools simplifies IT and security operations. This unified approach offers a single solution or console for all tasks. Role-based access control ensures each administrator only sees and modifies what's relevant to their role. For example, the security team can access Intune solely for security-related functions, while the patch management team has its own set of permissions. This centralized management is significantly easier to handle than using multiple third-party tools. Intune provides a comprehensive solution where everyone can configure settings – security, endpoints, controls, etc. – within a single platform.

Intune offers endpoint visibility and IT control across various device platforms. It simplifies troubleshooting and device management compared to other solutions. Intune excels in providing a comprehensive solution. We can manage applications, security controls, and patching processes all within Intune. This eliminates the need to rely on three separate solutions. With Intune, everything is consolidated into a single platform, allowing for combined reporting and streamlined issue resolution.

Enrolling endpoints with Intune is a breeze! The overall user experience is excellent, easily a nine out of ten.

There are three critical features of Intune for maintaining our devices' security. Endpoint encryption ensures data on the device is scrambled even if it's lost or stolen. Intune supports BitLocker encryption for Windows devices and file-level encryption for Mac devices. Defender is a comprehensive security solution that helps protect devices from malware, viruses, and other threats. Compliance policies in Intune allow us to define security requirements for devices. These policies can enforce encryption, complex passwords, and other security settings. If a device doesn't meet the compliance policy, it can be restricted from accessing organizational resources. Intune can also send notifications to users or administrators when a device becomes non-compliant.

In the initial stages of migrating from our on-premises solution to Intune, we relied on device compliance policies. We configured these policies to require the latest antivirus signatures, specifically targeting developer devices. This ensured compliance and minimized the risk of non-compliance impacting their work. While compliance policies were initially used, we've since transitioned to Microsoft Defender, which now plays a major role in our device security strategy.

Intune's application deployment feature has significantly improved efficiency in our IT department. As one of its key functionalities, Intune allows deployment of a variety of applications with different extensions, such as .DXE or .MSI files. However, for applications requiring custom license scripts, batch files, or executables, Intune provides its own Windows app deployment toolkit. This toolkit facilitates the conversion of these files into a format compatible with the Intune app store and its update system.

The user interface is easy to navigate. Microsoft provides monthly updates that introduce new features. Previously, they provided pie chart visualizations for complaint and policy control status reports. These have been transitioned to standard chart formats. Overall, the UI continues to improve with each Microsoft update.

Company-owned devices are subject to a different set of policies. These policies may be very strict, restricting certain functionalities, or they may prioritize security above all else. On the other hand, for BYOD programs, we provide users with certain privileges for their mobile devices and laptops. We create a secure, isolated environment in a sandbox to manage the devices within that environment. Security is a major consideration for both BYOD and company-owned devices.

Intune has increased our IT productivity for patching and security by around 15 percent.

Microsoft Intune helps our organization reduce the risk of security breaches by eight percent by deploying zero-day patches in conjunction with Defender and Sentinel.

Intune has helped us consolidate vendors with the driver deployment and onboarding.

We manage configurations for Microsoft 365, co-managed devices, Azure, Defender security controls, and DLP controls within Intune. This centralized platform allows us to configure roughly 80 percent of these services and controls in a single location.

A valuable feature is user enrollment, where users can enroll their devices in their organizations themselves. This streamlines the process and saves IT time.

Another key benefit is zero-day productivity. During enrollment, the user has access to the applications and settings the organization needs them to have, making them ready to work immediately. Intune essentially pre-configures the device based on the user and organization during enrollment.

Finally, Intune offers easy patch management for various endpoints, including Windows 10, 11, and Macs. Deploying upgrades and monthly patches is significantly simpler compared to other solutions, both from Microsoft and third-party vendors.

The current Intune reporting functionality could benefit from some improvements. Specifically, a report that tracks patch deployment status would be valuable. Ideally, I'd like a report that provides device-level details on applications and controls deployed. However, it seems like other organizations might be more interested in control-centric reports, showing details like what control was deployed, the number of devices affected, and other relevant device data. Overall, reporting is the area where we're encountering the most challenges with Intune.

I've been using Microsoft Intune as a comprehensive solution for the past six years. While I had some experience with it before 2019, it was limited to mobile device management. Since 2019, I've been managing the full Intune suite as an administrator, overseeing Windows endpoints, Mac endpoints, Android and iOS.

I would rate the stability of Microsoft Intune eight out of ten.

Microsoft Intune excels in scalability, earning it a nine out of ten rating. It empowers organizations to migrate to the cloud and manage all their endpoints seamlessly. This includes a wide range of platforms like Windows, macOS, mobile devices, and even Linux. Intune simplifies endpoint management by offering a centralized solution for all these platforms.

The response time and technical knowledge of the support team is not what it used to be.

Neutral

We previously used an on-premises solution, Microsoft Endpoint Manager, to manage our devices. The pandemic necessitated a shift to the cloud.

The initial deployment of Intune can be complex because it is linked to Microsoft Entra, which itself is a complex product. This complexity depends on the desired outcome. Intune's deployment complexity hinges on whether users will enroll their devices themselves or if the IT team will enroll them and grant access. A proper pre-assessment is crucial to determine if Intune's complexity aligns with our desired outcome.

Our deployment took two months to complete because of the internal security approvals we required.

Three administrators were required for the deployment.

The price for Intune is fair.

I would rate Microsoft Intune eight out of ten. There are some improvements concerning the reports and there are other design-related concerns that we are looking at in Intune.

We don't have the tunnel option because we primarily work in a restricted computer environment. Our organization uses Microsoft Intune to manage applications within a dedicated sandbox environment. We perform frequent updates to ensure everything is current.

During the initial onboarding process, we encountered some challenges, and multiple teams were involved in resolving them. For example, users from India might experience issues like broken URLs or restricted access due to their ISPs. Similarly, in China, certain URLs might be blocked by some internet service providers. To address these issues, we initially involved additional administrators from each region on the administrative side. However, we've since transitioned to a centralized management structure with a core team of five to six members overseeing the entire organization.

We maintain a separate development Intune environment for User Acceptance Testing specific to the Asia Pacific region. Since our production environment is also located in Asia Pacific, we essentially have two Intune instances: one for development and one for production. We also have around 290,000 devices.

We have a team of five Intune administrators. The only maintenance required for Intune is the updates.

I recommend Microsoft Intune.

Based on the number of users and devices you're enrolling, I recommend having separate UAT and production Intune environments for larger deployments. For simpler environments, a single Intune license is sufficient to manage your devices and integrate with your Enterprise and Microsoft 365 solutions.

We are currently using Intune, and we are also deploying it for customers. We use Intune to manage our mobile devices. We manage our Android and iOS devices with it, and at the same time, we also use Intune to manage our macOS and Windows devices.

During the pandemic, there were devices that we couldn't control. For example, we wanted to manage BYOD and make sure that they are secured so that when they access our corporate resources, our data, computers, users, and mobile devices are protected. We use Intune to publish some of our company applications and at the same time push down our restriction policy and configuration profiles, such as VPN.

We are a vendor, and we deploy the Intune solution. We see that our clients have benefited from this solution. They're able to manage devices that were previously not managed. They are able to secure those devices. It also improves the productivity of the users. They can work from wherever they are and leverage their own devices to access company resources. So, productivity-wise, users are more productive when it comes to Intune.

Based on my experience, I find Intune very flexible for managing Windows devices. We can use scripting, and we can make use of the self-service portal or the company portal to publish some of the applications for Windows.

I'd suggest adding more features for macOS in Intune. There should be more functionality for managing macOS. There should be a better capability for pushing things down on macOS. Currently, Intune is not capable of managing macOS at the same level as Windows.

It has been four years since I've been using Intune.

I'd rate it an eight out of ten in terms of stability because it sometimes breaks. That's mainly because Windows OS keeps on changing because of upgrades and things like that, and there are some instances where it's not supported, or it has not been tested fully on a specific version of OS.

We haven't yet gone down to the scalability part. It meets the needs of our customers. What they have right now in the cloud is sufficient and satisfies the requirements. So, scalability is not a problem.

Some of the deployments are done across sites, so there are multiple sites.

I have interacted with their support. I'd rate them a ten out of ten.

Positive

We have previously used MobileIron and Jamf Pro.

The deployment model for Intune is cloud basically, but for other MDM solutions, it's on-prem because the government and healthcare sectors prefer to use the on-prem solution.

The deployment duration depends on the project timeline and the complexity of the deployment. A fresh Intune deployment is straightforward. We just need to do the configuration and create configuration profiles. For example, for Windows OS, we can enroll 1,000 devices in a month or something like that depending on the availability of the machine. Everything is configured in the backend, so they just need to power on the device, and everything works as expected, and everything is pushed down.

The number of people required depends on how many machines need to be deployed and users' availability. The model that we're having right now is that for a new device, it's straightaway delivered to the user. So, there is no involvement of IT because it's an autopilot deployment. When a user powers on a device, the configuration kicks in. The users just log in using their user accounts, and that's all. So, one IT person is enough to configure the backend.

We implement it in-house. It does require some maintenance, but that's taken care of by another party.

It's affordable. It's cheaper if you have an Office 365, E5, or E3 subscription because everything is there.

I evaluated VMware Workspace ONE, which is similar to Intune. They both can manage multiple OSs. 

While evaluating, I'd advise evaluating each and every feature of Intune and using multiple operating systems, such as Android, iOS, Windows, and macOS. You should see the capabilities of Intune and also check how to integrate Intune with other solutions. For example, for security, there is endpoint protection, etc. You need to check that because one of the requirements is to make sure that the computers and the mobile devices are secure, but Intune cannot secure your device itself. It's just an MDM solution. It only restricts some of the functionality. It cannot do more in terms of security. You need another solution to secure your devices, and you must check that your security solution can be integrated with Intune.

I'd rate Intune an eight out of ten.

We use it to a small extent for approximately 1,100 devices. The biggest portion of it is used in the Aviation department, which is one of our departments. They have invested heavily in some customized software that they've developed in-house. It is put on the devices, and the devices are primarily used by field staff. It's basically a mixture of work order assignment and work order management, as well as record keeping. For example, I could have a technician who is assigned to go and do a preventive maintenance inspection on an HVAC component in one of the terminals. That request or work order is submitted to his device. When he gets there, he scans barcodes for the room he is in and for the piece of equipment that he is working on. So, they track their actual work order, work order status, workloads, and equipment life cycle, and that's all done through Intune.

It helps us in securing devices. It has eliminated a lot of paperwork. It has simplified record-keeping and maintenance of equipment, life cycle management, staff workload, work hours, et cetera. That's the biggest impact on us, and that's also where most of the devices are used.

Its security is most valuable. It gives us a way to secure devices, not only those that are steady. We do have a few tablets and other devices, and it is a way for us to secure these devices and manage them. We know they're out there and what's their status. We can manage their life cycle and verify that they're updated properly.

It doesn't economize when you scale up. We have over 14,000 employees, and we have between 7,500 and 8,000 city-owned or personal devices being used to conduct city business. Its price can be improved. It is not a cheap solution.

It has been years since it was implemented.

Its stability has been fine. We've had no issues at all.

I don't see any issues with it. We currently have only about 1,100 users and licenses for the Intune product. The largest portion or over 50% of usage is by our Aviation department for tracking and managing their work order, workload,  equipment life cycle, etc. Other users are scattered in small numbers throughout a number of departments. 

Our Parts department also uses it. One thing that's a little bit unique is that they also have these assigned to temporary workers. So, we provide the licenses for a number of temporary workers for the summer or for the winter, and then we take them back and reassign them to somebody else. 

The other departments mostly use it for educational or small use cases where they think this will be a good fit, and it is the product that is available to them. I've heard nothing bad about it, and I have no problem at all with Intune.

In terms of future growth, we're currently looking at another product, but that doesn't mean we're going to go with that other product. We're working with a vendor on another solution, and that vendor also has a mobile device management product, but we're not yet ready to go there.

I've no direct input on it. Right now, we're on unified support, but we've always had their premier support. If we ever have a problem with any of our Microsoft products, including Intune, we do have a way to reach out and get additional assistance.

I'm not aware of any other solution being used. I know there were one or possibly two failed mobile device management project implementations. I was not a member of the department then, so I don't know the details. I only know that both of the deployments failed. In other words, either the vendor promises were not met, or we found a function that was supposed to exist but did not exist. 

It was pretty straightforward. It was not a very long, complex, and involved process. It was fairly easy to set up.

It was done in-house. For its maintenance, we have no one dedicated to it. Our client computing side takes care of that.

I've never tried to quantify an ROI for the program. We have just a small number of devices. At some point, we will look at implementing large-scale mobile device management, and that'll be a different case where we may look at Intune, Workspace ONE, or another product.

It is not a cheap solution. The price for a device when you start using it at a large scale can be improved.

It is covered under our enterprise agreement. We pay once a year. I am not aware of any additional costs.

It meets the basic security needs and management needs for most organizations. It allows you to monitor the security of devices and manage those devices if they're organization-owned. It is fairly easy and straightforward to manage. It is not difficult. Some of the other solutions are a little bit more difficult.

I would rate it an eight out of 10. It meets all the basic needs that most organizations will have for device management and device security. I am not sure if it can provide the required level of security for different business scenarios that require additional security, which means you'd have to run two systems in tandem.