Microsoft Intune overview (2023)

Microsoft has made steady progress since we last looked at their Intune servicemanagement of mobile devices(MDM) input. Of course, the obvious move in their marketing and technology directions is to steer customers toward Enterprise Mobility + Security (EMS), a SKU that connects Intune to various Microsoft Azure security and identity management products. All management console development focused on the updated Azure Portal experience, while legacy management functionality remained available. Functional parity between the two environments has not yet been achieved, but expect the Azure environment to catch up and surpass the legacy tool. However, there is still some work to be done on the current version, the pairing of Intune and Azure lags a little behind some competitors, especiallyVMware AirWatch,our editor's choice wins in this category.

Part of the difficulty is that you can't talk to anyone on the Microsoft EMM team about providing simple basic MDM capabilities. According to Microsoft, that's not what customers want, and therefore not what they're focusing on. With that in mind, it's easy to overlook some of the features available by focusing only on MDM. Microsoft has taken advantage of its opportunitiesMicrosoft Azure Active Directory($0.50 in Microsoft Azure)(Opens in new window)(AD) service to deliver high quality to customersidentity managementfeatures that are tightly integrated with Intune MDM.

When you upgrade to EMM product levels E3 and E5, you add Azure AD Premium with Azure Information Protection and Advanced Threat Analytics from Microsoft. The top tier also adds Cloud App security and a range of advanced document management features designed to enable administrators to protect data at the file level, regardless of the devices used for access. Add to that the recent partnership with Citrix and you have an interesting array of possibilities. Why do you want both Citrix and Microsoft EMM? The answer is in apps. Citrix has a large number of business customers using XenDesktop and Citrix Receiver products. The cooperation agreement between the two companies combines the best of both worlds.

Device installation and registration

Signing up for a Microsoft Intune trial is one of the easiest ways to evaluate all the products in this table. After entering the initial account information, I was able to begin device registration in less than 10 minutes. However, enrolling devices in Intune is a little different than some other products. For all three platforms, download the Intune Company Portal app and sign in with your Intune credentials. This will download the app and initiate any additional steps required, such as adding certificates on iOS devices. In iOS, you can register business devices by serial number, which makes managing multiple devices much easier.

Microsoft Intune provides a list of users called Device Enrollment Manager. This role can be assigned to any registered user and allows that user to report more than the usual limit of five devices. Using this approach, you can delegate the enrollment task to an administrative person, giving them responsibility for all company-owned devices for a single group of users.

When you start the Administration Console for the first time, you will be prompted to install Microsoft Silverlight if you have not already done so. Be sure to uncheck the two checkboxes "Set Bing as my search engine" and "Set MSN as my homepage" unless you want the Silverlight installer to make these changes for you. Silverlight is compatible with all major browsers, so this shouldn't be a problem. Undoing something that prevents you from changing your current browser settings is a bit annoying. Overall, though, Microsoft Intune had one of the easiest and most comprehensive sign-up processes I've come across.

Management and rules

Microsoft offers two options for managing Intune. The first one is pretty much the same as we checked before. The latest version is part of the new Azure portal. The main dashboard page has a similar theme to other Azure management tools. With this new version of Azure, you now have the opportunity to customize your dashboard in the same way as with other products such as VMware AirWatch andIBMMaaS360(4.00 per unit per month at IBM)(Opens in new window). Device Location is now available for enterprise-owned iOS devices signed in via DEP and configured in supervised mode. Support for geolocation on other devices is planned for a future release.

Reporting includes a wide range of pre-built reports that cover most of the information you typically want from an MDM system. Generating a new report launches a new web browser page with a search field and print and export buttons. Some reports, such as Device History, allow you to enter up to 90 days in advance. You can also save any report with custom selections to save time later. Intune does not allow you to create new reports or customize existing ones.

Policies are created and modified from the Policies section of the administrative portal. The home screen provides a quick status of the current rules and marks problems with a red circle containing an exclamation point. The process of creating a new policy uses a wizard-based approach to guide you through the necessary steps. Each platform comes with a list of available policy templates that you must customize to select from a list of options. The templates themselves cannot be changed and the user is limited to using the provided templates. Still, the list of options is quite extensive and should cover everything you need to set or limit on any supported platform.

Microsoft makes it easy to get help from any administration page, including action dialog boxes such as the Drag/Delete window. I was able to use this procedure to remove Windows Mobile devices from the list of managed devices. For Android devices, it is now possible to remotely control the screen using Teamviewer, although the session initialization process is cumbersome compared to other solutions.

Still a high price

Microsoft's Basic Intune plan costs $6 per device per month for up to five devices. If the user actually had five devices, that would be $1.20 per device. unit, which is pretty good. Two units per user is, however, a much more realistic expectation, and the price per unit would be $3. The actual final price will likely be between $4 and $5 per device, given that most users typically have one device (a phone) which would be the only device they manage.

Intune EMS pricing is publicly available on the websiteMicrosoft EMS-prisside(Opens in new window)and starts at $8.74 per unit per month for an E3 subscription that offers Azure AD Premium, Microsoft Intune, Azure Rights Management and Microsoft Advanced Threat Analytics. At the top, Microsoft offers an E5 subscription that costs $14.80 per device per month, which adds Advanced Threat Intelligence and Cloud App Security to the E3 tier.

in general,Intune provides a robust suite that covers all the main MDM functions for the three major platforms. Integrates with all Microsoft infrastructure management tools such asSystem Center Configuration Managerif you are already using this tool. It is also tightly integrated with on-premises AD or Azure AD for user authentication. As expected, support for Windows Mobile devices is the most reliable of all the products reviewed. The extra features offered by the EMS package are definitely worth the price.