We use Intune to manage endpoints as a centralized enterprise solution. Instead of relying on Active Directory or an on-premise system, we directly manage employee devices using Microsoft Intune. Intune, a cloud-based SaaS product, simplifies endpoint management. From a user perspective, it's an improvement. Users no longer need to be on the office network. They can set up their devices anywhere with an internet connection, whether at home or another location.
Security is also enhanced. By using Intune as a mobile device management solution, we can implement security controls and restrictions on endpoints. Intune helps us achieve a balance between user experience and security.
Managing remote employee devices with Microsoft Intune is easy. Intune acts as a central platform for deploying controls, policies, and applications to our endpoints. It simplifies the delivery of these configurations to our remote workforce.
Intune simplifies our mobile application management. Once implemented across the organization, it will eliminate our reliance on on-premises solutions. Previously, managing endpoints required using our System Center Configuration Manager. Now, Microsoft offers a unified solution called Microsoft Endpoint Manager. Intune, a key component of this suite, allows for convenient device enrollment over the internet, streamlining endpoint organization.
Intune helps bring our endpoints and security management tools into one place.
Consolidating endpoints and security management tools simplifies IT and security operations. This unified approach offers a single solution or console for all tasks. Role-based access control ensures each administrator only sees and modifies what's relevant to their role. For example, the security team can access Intune solely for security-related functions, while the patch management team has its own set of permissions. This centralized management is significantly easier to handle than using multiple third-party tools. Intune provides a comprehensive solution where everyone can configure settings – security, endpoints, controls, etc. – within a single platform.
Intune offers endpoint visibility and IT control across various device platforms. It simplifies troubleshooting and device management compared to other solutions. Intune excels in providing a comprehensive solution. We can manage applications, security controls, and patching processes all within Intune. This eliminates the need to rely on three separate solutions. With Intune, everything is consolidated into a single platform, allowing for combined reporting and streamlined issue resolution.
Enrolling endpoints with Intune is a breeze! The overall user experience is excellent, easily a nine out of ten.
There are three critical features of Intune for maintaining our devices' security. Endpoint encryption ensures data on the device is scrambled even if it's lost or stolen. Intune supports BitLocker encryption for Windows devices and file-level encryption for Mac devices. Defender is a comprehensive security solution that helps protect devices from malware, viruses, and other threats. Compliance policies in Intune allow us to define security requirements for devices. These policies can enforce encryption, complex passwords, and other security settings. If a device doesn't meet the compliance policy, it can be restricted from accessing organizational resources. Intune can also send notifications to users or administrators when a device becomes non-compliant.
In the initial stages of migrating from our on-premises solution to Intune, we relied on device compliance policies. We configured these policies to require the latest antivirus signatures, specifically targeting developer devices. This ensured compliance and minimized the risk of non-compliance impacting their work. While compliance policies were initially used, we've since transitioned to Microsoft Defender, which now plays a major role in our device security strategy.
Intune's application deployment feature has significantly improved efficiency in our IT department. As one of its key functionalities, Intune allows deployment of a variety of applications with different extensions, such as .DXE or .MSI files. However, for applications requiring custom license scripts, batch files, or executables, Intune provides its own Windows app deployment toolkit. This toolkit facilitates the conversion of these files into a format compatible with the Intune app store and its update system.
The user interface is easy to navigate. Microsoft provides monthly updates that introduce new features. Previously, they provided pie chart visualizations for complaint and policy control status reports. These have been transitioned to standard chart formats. Overall, the UI continues to improve with each Microsoft update.
Company-owned devices are subject to a different set of policies. These policies may be very strict, restricting certain functionalities, or they may prioritize security above all else. On the other hand, for BYOD programs, we provide users with certain privileges for their mobile devices and laptops. We create a secure, isolated environment in a sandbox to manage the devices within that environment. Security is a major consideration for both BYOD and company-owned devices.
Intune has increased our IT productivity for patching and security by around 15 percent.
Microsoft Intune helps our organization reduce the risk of security breaches by eight percent by deploying zero-day patches in conjunction with Defender and Sentinel.
Intune has helped us consolidate vendors with the driver deployment and onboarding.
We manage configurations for Microsoft 365, co-managed devices, Azure, Defender security controls, and DLP controls within Intune. This centralized platform allows us to configure roughly 80 percent of these services and controls in a single location.
A valuable feature is user enrollment, where users can enroll their devices in their organizations themselves. This streamlines the process and saves IT time.
Another key benefit is zero-day productivity. During enrollment, the user has access to the applications and settings the organization needs them to have, making them ready to work immediately. Intune essentially pre-configures the device based on the user and organization during enrollment.
Finally, Intune offers easy patch management for various endpoints, including Windows 10, 11, and Macs. Deploying upgrades and monthly patches is significantly simpler compared to other solutions, both from Microsoft and third-party vendors.
The current Intune reporting functionality could benefit from some improvements. Specifically, a report that tracks patch deployment status would be valuable. Ideally, I'd like a report that provides device-level details on applications and controls deployed. However, it seems like other organizations might be more interested in control-centric reports, showing details like what control was deployed, the number of devices affected, and other relevant device data. Overall, reporting is the area where we're encountering the most challenges with Intune.
I've been using Microsoft Intune as a comprehensive solution for the past six years. While I had some experience with it before 2019, it was limited to mobile device management. Since 2019, I've been managing the full Intune suite as an administrator, overseeing Windows endpoints, Mac endpoints, Android and iOS.
I would rate the stability of Microsoft Intune eight out of ten.
Microsoft Intune excels in scalability, earning it a nine out of ten rating. It empowers organizations to migrate to the cloud and manage all their endpoints seamlessly. This includes a wide range of platforms like Windows, macOS, mobile devices, and even Linux. Intune simplifies endpoint management by offering a centralized solution for all these platforms.
The response time and technical knowledge of the support team is not what it used to be.
We previously used an on-premises solution, Microsoft Endpoint Manager, to manage our devices. The pandemic necessitated a shift to the cloud.
The initial deployment of Intune can be complex because it is linked to Microsoft Entra, which itself is a complex product. This complexity depends on the desired outcome. Intune's deployment complexity hinges on whether users will enroll their devices themselves or if the IT team will enroll them and grant access. A proper pre-assessment is crucial to determine if Intune's complexity aligns with our desired outcome.
Our deployment took two months to complete because of the internal security approvals we required.
Three administrators were required for the deployment.
The price for Intune is fair.
I would rate Microsoft Intune eight out of ten. There are some improvements concerning the reports and there are other design-related concerns that we are looking at in Intune.
We don't have the tunnel option because we primarily work in a restricted computer environment. Our organization uses Microsoft Intune to manage applications within a dedicated sandbox environment. We perform frequent updates to ensure everything is current.
During the initial onboarding process, we encountered some challenges, and multiple teams were involved in resolving them. For example, users from India might experience issues like broken URLs or restricted access due to their ISPs. Similarly, in China, certain URLs might be blocked by some internet service providers. To address these issues, we initially involved additional administrators from each region on the administrative side. However, we've since transitioned to a centralized management structure with a core team of five to six members overseeing the entire organization.
We maintain a separate development Intune environment for User Acceptance Testing specific to the Asia Pacific region. Since our production environment is also located in Asia Pacific, we essentially have two Intune instances: one for development and one for production. We also have around 290,000 devices.
We have a team of five Intune administrators. The only maintenance required for Intune is the updates.
I recommend Microsoft Intune.
Based on the number of users and devices you're enrolling, I recommend having separate UAT and production Intune environments for larger deployments. For simpler environments, a single Intune license is sufficient to manage your devices and integrate with your Enterprise and Microsoft 365 solutions.
Intune is really the best option for SMEs for MDM (Mobile Device Management), particularly for BYOD devices, but also corporate devices - and development in the technology means that it's pretty much now a strong option for enterprise deployment to corporate devices.
Deployment has its challenges - but now with Cloud provisioning - Intune management and deployment are becoming more straightforward.
Intune is essential for enforcing policies such as screen lock and MFA.
If you use Microsoft Authenticator - it's worth doing user awareness training around the design flaw below:
https://www.linkedin.com/posts...;