With all the recent restructuring of Microsoft's endpoint management products and add-ons, IT teams need to know what Intune Suite, Microsoft's latest suite, has to offer.
- Peter van der Woude,KPN Consulting ICT
Published:18. maj 2023
At Microsoft Ignite 2022, Microsoft announced another overhaul of its endpoint management products - not only announcing a new name for its endpoint management products, but also the launch of a new product family.
Microsoft presentedMicrosoftIntuneas the new name for all endpoint management products, meaning the endMicrosoft Endpoint Manager. Microsoft also introduced a growing family of endpoint management products, now known as Microsoft Intune Suite, a new suite that provides advanced endpoint management capabilities.
Introduction to Microsoft Intune
Microsoft Intune as a name is not really new. Microsoft's cloud-based endpoint management platform has always been known as Microsoft Intune after it was renamed from Windows Intune in 2014. This name faded into the background when Microsoft rebranded its endpoint management platforms under the Microsoft Endpoint Manager umbrella.
The rebranding brings all Microsoft platforms and endpoint management services under the umbrella of Microsoft Intune. This makes more sense and will be a minor community fix since Microsoft Intune never really took off as a name for cloud-based endpoint management platforms.
Another big change is the new family of products in Microsoft Intune. Microsoft Intune is a collection of powerful new tools for endpoint management and security. These offerings will help organizations simplify endpoint management, improve security and create even betteruser experience. This was achieved by introducing platforms to support remote users, secure access to local resources, advanced device visibility, controlled local administrator rights and more.
Microsoft Intune Suite introduces several new management components that are sure to help organizations take the next step in endpoint management.
Help remote users with remote assistance
Remote Assistance was the first Microsoft Intune platform introduced and enables IT administrators to provide remote assistance to end users. This is a key element for remote workers to be as productive as possibleenabling the IT department to remotely troubleshoot issues on the user's desktopor help you externally with any technical questions. As a standalone offering, it may not yet be on par with competing products, but with the announcement of support for Android and Mac devices, that could change in the near future.
Secure remote access to company resources with Microsoft's mobile application management tunnel
Another recently introduced solution is Microsoft's Tunnel for Mobile Application Management (Tunnel for MAM). The MAM tunnel is lightVPNfor devices with Android, iOS and iPadOS systems, enabling secure remote access to local corporate resources. Before the release of Intune, Microsoft Tunnel was only available for managed devices, but this new version accepts the managed application as sufficient.
This allows organizations to be more flexible about the devices that users can work from. It allows IT to deliver this lightweight VPN on personal devices without having to manage the entire device. Application management alone will now be sufficient for secure remote access to on-premises enterprise resources.
Gain additional insights with advanced endpoint analysis
Endpoint Analytics is an existing feature of Microsoft Intunegives organizations visibility and data about their devices. These insights help create the best user experience.
As part of Microsoft Intune, Microsoft introduced advanced endpoint analytics. The goal of Advanced Endpoint Analytics is to get an even deeper insight into the user experience. Enables IT to proactively detect and resolve issues that may impact user productivity. This is achieved initially by enabling features that provide this detailed information, enabling proactive problem detection and improved troubleshooting capabilities.
Protect dedicated devices with dedicated device management
For dedicated devices, Microsoft Intune Suite improves administration by managing dedicated devices.Units for special tasksis a common term fordevices, such as Teams Room devices, VR devices, wearables and more.
With Microsoft Intune, IT can now achieve a zero-trust security model by relying on specialized device management capabilities. These features enable the IT department to provide specialized devices,certificate and Wi-Fi network managementon specific devices, improve security with conditional access on specific devices, control compliance on specific devices, manage the application lifecycle on specific devices, and perform remote operations on specific devices.
Secure elevated rights with Endpoint Privilege Management
Endpoint Privilege Management (EPM) is perhaps the most important platform that has become available in Intune. EPM enables organizations to rely on the principle of least privilege in their zero-trust model. EPM provides controlled privilege escalation for standard users on Windows devices.
This allows IT to assign default permissions to users without disrupting user productivity. IT can configure permission settings and policies for the user, and the user can run the necessary installation or process with elevated privileges. There is no longer a need to grant additional local administrative permissions to these types of users. This means a smaller attack surface by introducing the least privileged users on their corporate devices.
What's next for Microsoft Intune?
With Microsoft Intune Suite, Microsoft has introduced many new tools and has already announced new features and completely new components for the entire product family. This is good news because these add-ons will add value to Microsoft Intune. The first additional component announced by Microsoft is advanced application management. Advanced application management will provide organizations with a catalog of business applications with controls that help discover, deploy and automatically update applications. This will help organizations mitigate the risk of outdated applications.
Another component Microsoft announced late this year is cloud certificate management. Cloud certificate management will enable the issuance and management of certificates to devices without the need for local infrastructure. It can be, for example, certificates that can be usedto connect via VPN or Wi-Fi. This can benefit many organizations that still rely on this local certificate infrastructure to deliver certificates to end-user devices.
There are promising additions to the Microsoft Intune suite later this year that will significantly improve the security experience for many organizations, and more changes are likely to follow in the near future.
Overview of the new Microsoft Intune licensing model
With a new name and a new package comes onenovilicense model. The good news is that all existing features will continue to be available at the same price as before, just under a new name. This option is represented by Microsoft Intune Plan 1.
In addition, Microsoft introduced Microsoft Intune Plan 2 and Microsoft Intune Suite. The first will include new features and the second will include new solutions. A brief overview of these new license plans is provided in the table below.
|Microsoft Intune plan 1||Microsoft Intune plan 2||Microsoft Intune|
|This plan includes all existing Microsoft Intune features and is included in Enterprise Mobility + Security E3/E5, Microsoft 365 E3/E5, Microsoft 365 F1/F3, and Business Premium plans.||This plan is in addition to Plan 1 and includes Tunnel for Mobile App Management features, special device management and future advanced capabilities.||This plan is in addition to Plan 1, it includes all the features of Plan 2 plus the additional features of Remote Assistance, Endpoint Permission Management, Advanced Endpoint Analytics, Advanced App Management, Cloud Certificate Management and future advanced management checks.|
If your organization does not need the full Microsoft Intune Suite, it is also possible to license different add-ons independently.
Explore the Windows operating system and its management in depth
- Microsoft Intune Author: Petervan der Woude
- Top 4 Unified Endpoint Management Software Vendors in 2023 by BrienPosey
- How to remotely delete Office 365 on your smartphone by MichaelGoad
- Completing your Windows 11 migration with Microsoft IntuneBy BrienPosey