Home » Softwares » Communication » Microsoft Intune

Microsoft Intune

Communication - Shareware

Description

I became an Intune admin by accident. Our company was migrating off an on-prem Active Directory setup during the pandemic and someone decided that since I was already managing our M365 tenant, I could “just handle” endpoint management too. Four years and about two thousand enrolled devices later, I have opinions on Intune that range from genuine admiration to the type of quiet frustration that causes you to close your laptop and go for a walk.

Microsoft Intune is a cloud-based unified endpoint management platform — UEM if you like acronyms, MDM if you prefer the older term. It allows IT administrators to manage laptops, desktops, phones, and tablets from a single web console. You push security policies, deploy applications, enforce compliance rules, set up Wi-Fi and VPN settings, and wipe devices remotely when someone leaves the company or loses their phone on a train. It handles Windows, macOS, iOS and Android, though the depth of support for each of those is decidedly not equal, which I will get to.

Intune is included in a number of Microsoft 365 plans — E3, E5, Business Premium — or you can purchase it separately. The standalone plan is approximately $8 per user per month. If you are already paying for M365 there is a good chance you already have Intune in your license and do not know it, which is exactly how Microsoft likes things. The Intune Suite, which adds features such as remote help, endpoint privilege management, and advanced analytics, is an additional cost on top of that. Licensing is truly one of the most confusing aspects of the product. I once spent an afternoon on a call with a Microsoft licensing specialist trying to figure out if our E3 licenses covered a specific feature, and even he was not entirely sure. There was a moment of silence on the call that told me everything I needed to know.

Where Intune really shines, however, is the integration with the rest of the Microsoft ecosystem. If your organization runs Entra ID for identity, Defender for Endpoint for security, Autopilot for device provisioning, and Purview for data protection, then Intune is the glue that ties all of it together. Conditional Access is the feature I lean on the most — the ability to say “this device can only access company email if it is encrypted, has the latest OS patches, and is connecting from a known network” is genuinely powerful. We blocked roughly forty compromised personal devices over the first three months after enabling compliance-based Conditional Access and I sleep better knowing those policies are running in the background.

Autopilot deserves a mention because it changed the way we onboard employees. We order a laptop from Dell and have it shipped directly to the new hire’s home and when they open it and connect to Wi-Fi, Autopilot kicks in — downloads their profile, installs their apps, applies our security policies and they are working within an hour. Before Intune I was imaging machines one by one in a storage closet. I do not miss that closet.

Now the complaints, and I have a few. The admin portal is slow. Not in a “takes a second to load” way, but in a “I clicked on a device profile and now I am looking at a spinner for fifteen seconds while I think about my career choices” way. Every page change in the Intune console is heavier than it should be and when you are troubleshooting a problem on device number six of the day, those seconds add up into real lost time. Microsoft has been making improvements to this, but it is still noticeably slow compared to competing consoles such as Jamf or even their own Azure portal.

Policy sync delays are the other big frustration. When I push a new configuration profile or compliance policy, it does not hit devices immediately. Intune is based on a check-in cycle — devices sync roughly every eight hours by default, and you can manually sync them, but even that isn’t instant. I’ve had cases where I’ve deployed a critical security policy and then sat on the compliance dashboard and watched it sit at 30% for a whole day as devices were slowly checking in. If you are accustomed to Group Policy in an on-prem world where changes propagate in minutes, the pace of Intune will test your patience.

macOS and Linux support is where things get thin. Windows management in Intune is deep and mature — the Settings Catalog alone has thousands of configurable options. macOS gets maybe a quarter of that coverage, and you will find yourself writing custom shell scripts and uploading .mobileconfig profiles to fill the gaps. Linux support came later and is still bare bones. If your fleet is mostly Mac, honestly, Jamf is still the better tool and most Mac-heavy IT teams I know use Jamf in conjunction with Intune rather than trying to make Intune do everything.

Reporting is mediocre. The built-in reports give you basics — device compliance status, app install success rates, hardware inventory — but anything beyond surface-level analysis requires exporting to Power BI or writing KQL queries in Log Analytics. For a product that Microsoft is positioning as enterprise grade, the out-of-the-box reporting seems like an afterthought. I have created more custom dashboards than I care to admit just to answer questions that the console should answer natively.

Microsoft support is a sore spot across the board, and Intune is no exception. Opening a ticket via the admin center is pretty easy, but the quality of the support you receive varies wildly. I have had cases resolved in a day by someone who clearly understood the product, and I have had cases where I spent a week going back and forth with a first tier agent who kept asking me to reproduce the issue on a device I had already wiped. One Capterra reviewer described the support experience as “excruciating,” and while that seems a little dramatic, I can relate to the sentiment.

Despite all of that, I am not switching. The integration with Entra ID and Defender alone makes Intune the obvious choice for any organization that is already invested in Microsoft 365. Building a Zero Trust posture without it would be bolting together three or four different products and hoping they talk to each other, which is its own kind of nightmare. Intune is not elegant, it is not fast and the documentation has a habit of being six months behind the actual product. But it works, it scales, and when you finally get a policy set dialed in correctly, the entire fleet just quietly does what it is supposed to do. That is all I really want from endpoint management — I just wish it frustrated me less on the way there.