Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Christian Cawley

Microsoft Intune MDM review

Microsoft Intune Review Listing.

Managing mobile devices in a corporate setting is crucial for IT teams, regardless of whether the organization is based in one or multiple locations. Microsoft offers its Mobile Device Management (MDM) tool, Microsoft Intune, with Microsoft Endpoint Manager as part of Microsoft 365. 

With a range of features, Intune enables you to effectively manage a fleet of mobile devices and the installed software, making it a popular choice for many corporations that rely on Microsoft.

Is it the best MDM solution? Here, we look at the features and other aspects of Microsoft Intune to help you decide.


Microsoft provides plenty of documentation to help get you started with Intune (Image credit: Microsoft)

Microsoft Intune: Features

Microsoft Intune is a potent device management tool that seamlessly integrates with your organization's existing services. It offers many features that manage every aspect of device usage, from users to apps and security settings. One of the standout features of Intune is its configuration profiles, which can be applied to individual devices or groups and can restrict user access to Bluetooth, limit printer options, manage updates, and even run a device as a dedicated kiosk. 

In addition to these powerful configuration options, Intune also offers a variety of administrative templates, a cloud-based settings overview, authentication certificates for Wi-Fi, VPN, and email profiles, and custom settings for managing devices beyond Intune's limits. The device restrictions offered by Intune also control security and hardware, limit or prevent data sharing, and maintain the integrity of the hardware and data. This means that you can be confident that your devices are secure and that your data is protected. 

Identity protection, Wi-Fi and VPN profiles, multiuser device management, preference files for macOS, and a settings catalog for Windows and macOS are also available. With all these features and more, Microsoft Intune is clearly one of the best choices for managing devices in an organization. 

Microsoft's Configuration Manager and Intune work together to allow you to manage both on-premises clients and servers as well as mobile devices (Image credit: Microsoft)

Microsoft Intune: Compatibility

Many devices are typically connected to networks, from printers and PCs to phones and tablets. MDM and Unified Endpoint Management (UEM) solutions, therefore, must be able to handle devices from multiple manufacturers, running a mix of operating systems.

Can Microsoft Intune handle this? 

The MDM software is designed to manage various devices, including those operating on Windows, macOS, iOS, iPadOS, and Android. It uses the existing MDM frameworks in third-party operating systems, such as the Apple Company Portal app and Android Enterprise.

This allows for implementing and managing various device ownership and usage dynamics. For instance, Android devices can be managed under the BYOD (Bring Your Own Device), CYOD (Choose Your Own Device), COBO (Corporately Owned, Business Only), and COPE (Corporately Owned, Personally Enabled) systems.

However, for cross-compatibility between management environments to be successful, some knowledge of the individual host systems is required. Therefore, understanding the iOS/iPadOS deployment framework methodology is critical for managing iPhones and iPads.

To utilize devices with Microsoft Intune, they must run Windows 10/11, Android 8.0 or later (including Samsung KNOX 3.0 or above), Apple iOS 14.0, Apple iPadOS 14.0 or above, or Mac OS X 11 or later.

You can sign up for a free trial to Intune on Microsoft's site (Image credit: Microsoft)

Microsoft Intune: Installation and setup

Managing devices has become much easier with the Microsoft Intune platform. Its cloud-based management console allows users to oversee all enrolled devices conveniently and efficiently. With this platform, users can easily register and manage devices of different operating systems, including iOS, Android, and Windows. 

The enrollment process can vary depending on the device and operating system. For instance, iOS devices assigned for Automated Device Enrollment (ADE) require resetting before enrollment. However, devices registered for BYOD (Bring Your Own Device) purposes will not be wiped. The enrollment process is much more straightforward for Android and Windows devices and can be completed in just a few steps.

Microsoft devices are highly compatible with the Intune platform, with only the Autopilot enrollment type requiring a machine reset or wipe. This makes the platform ideal for businesses that use Microsoft devices and want to streamline their device management process. Additionally, the platform offers a range of management features, including device inventory, monitoring, and policy enforcement, making it easier to manage devices across the organization.

Considering all these factors, it's apparent that the Microsoft Intune platform is an excellent choice for quick and efficient device management. With its easy-to-use interface, cloud-based management console, and compatibility with various devices and operating systems, it's no wonder the platform has become a popular choice among businesses looking to streamline their device management processes.

We saw a good example of this need for preparation when we attempted to enroll our test machine running Windows 11 with Microsoft InTune. Despite visiting the 'Company Portal' Website' and trying to enroll our device through signing into a work account, both the portal and admin interface stubbornly refused to recognize the endpoint. Curiously the device also didn't appear under 'Enrolment Failures' in the Intune Admin dashboard either.

We checked our account settings on the Windows machine and saw that it was correctly connected to our new Microsoft Work account, complete with our own .onmicrosoft.com subdomain, so put this down to a systems glitch. 

Despite our personal woes, the overall setup experience was seamless and we were particularly pleased not to have to download a hefty installer for setup. 

This said, Intune 'Company Portal' is also available as a standalone app from the Microsoft Online Store. We installed it in an attempt to enroll our test machine only to be told we were already registered with another organization. Given InTune's reputation however, we feel sure this was also due to temporary technical issues and isn't a reflection on the platform itself. 

Intune can be used to retire, wipe, rename and scan mobile devices (Image credit: Microsoft)

Overall, installation and enrollment for Microsoft Intune require considerable planning and prior awareness of the organization's mobile inventory. Working methods across all departments should also be understood before Intune is licensed and devices can begin to be enrolled.

(Image credit: Microsoft)

Microsoft Intune: Interface

The 'Microsoft Intune' Admin Center is fairly well laid out, though the sheer number of options can be overwhelming at times.

The main dashboard displays when you first log in, from where you can quickly view options to enroll devices or set device policies. You can also see the number of enrolled device and their compliance status.

Since our last review, we noted that the 'Devices' Overview page has had an overhaul. You can now view enrolled devices by platform. Microsoft also claim that the device overview tab itself will also only display active issues with "up to date" information, suggesting previously it may have displayed past/resolved issues. Monitoring and reports have also been moved into a new area.

(Image credit: Microsoft)

Microsoft Intune: Performance

Given that we were unable to successfully enroll our test machine with Intune, we were unable to perform our usual tests. Fortunately we already knew that Microsoft would pass with flying colors. 

This is because when testing endpoint protection platforms, we always attempt to download a fake computer virus to our test machine (provided by the good people of EICAR), to check how the agent software responds. 

Each time we do this we have to disable the security settings in Microsoft Edge and Microsoft Defender as they unfailingly detect and block the malware each time. This means if you're using InTune to manage Windows devices, you can easily push the latest updates and configure Microsoft's own security settings on your endpoints.

The Intune Admin Center also has a management interface for aspects like Antivirus, Firewall and full disk encryption, which can display alerts about vulnerable endpoints. 

We did have more joy generating a certificate to enroll an iPhone using the online portal, which can be installed via apps like Apple Configurator. 

Microsoft Intune: Plans and pricing

Microsoft offers various pricing options for Intune, depending on the type of business and device usage. It's important to note that Intune may rely on existing licenses for Microsoft Endpoint Manager and Microsoft 365. 

If these licenses are already in place, Intune costs $2.00 per device per month ($1.50 for non-profits). However, if the other permits are not accounted for, the total cost is approximately $32.00 per user per month.

InTune is also available as a standalone platform. The lowest-priced 'Plan 1' is listed as $8. (We assume this is per user, per month, but this isn't stated on Microsoft's pricing page). The tech giant also stresses that this plan includes subscriptions to Microsoft 365 E3, E5, F1, F3, Enterprise Mobility + Security E3 and E5, and Business Premium plans.

Subscribers benefit from Intune's core capabilities, such as cross-platform device management, security, and Endpoint Analytics. Remote Help and Privilege Management are available as a paid-for add-on for $3.50 and $3.00, respectively.

Microsoft Intune Plan 2 is an add-on to 'Plan 1' for (presumably) an extra $4 per user per month. These additional perks include Microsoft Intune Tunnel, a lightweight VPN for iOS and Android devices that doesn't require device enrollment. Subscribers to Plan 1 + Plan 2 also benefit from Microsoft Intune's management of "specialty devices" such as AR/VR headsets, large-screen 'smart' devices, and conference room meeting devices.

The Microsoft Intune Suite is another add-on, costing an extra $10. It includes all the benefits of Plan 1 and Plan 2, as well as the aforementioned remote help and privilege management, at no extra cost. Subscribers can also view more advanced endpoint analytics.

Even assuming that users don't need the extra bolt-ons from 'Intune Plan 2' or 'Intune Sui,'', Intune is one of the pricier MDM platforms we've reviewed. Unlike other platforms we've researched, there also doesn't seem to be a discount for organizations that want to enroll large numbers of devices (100+). 

Microsoft offers a free 30-day trial of Intune with no payment information required upfront, so you've nothing to lose by taking the platform for a test spin. 

Microsoft Intune: Final verdict

When it comes to Mobile Device Management (MDM), businesses have numerous options. The market is full of choices, ranging from well-established companies to newer entrants. If you see the Microsoft name, it may either catch your interest or give you pause. The tech giant's Windows operating system holds around 70% market share, which may explain why most malware is designed to run on it.

In fairness to Microsoft, Intune is designed to manage all kinds of endpoints, from Macs to mobile devices. 'Intune Suite' subscribers can even manage more exotic endpoints like VR headsets. The Intune Admin Center is also an online portal, so if you have a Microsoft account, there's no requirement to use Windows hardware to manage your endpoints.

If you're interested in exploring Microsoft Intune, there's much to consider. For example, it boasts broad compatibility with mobile platforms, a cloud-based management console, and device enrollment that can be simple or detailed based on your organization's needs. However, it's essential to remember that the per-device licensing costs of Microsoft Intune may lead you to consider alternative MDM solutions.

Considering that Intune’s core features are bundled with other Microsoft subscriptions, such as Microsoft 365, the cost of signing up may be negligible if you’re already using these services. This cost-effectiveness can provide a sense of confidence in the value you’re getting from Microsoft Intune.

Some organizations may also hesitate to comply with the requirement to wipe devices under certain circumstances before enrolling, despite the potential improvement to overall security.

Overall, weighing the pros and cons of various MDM options before deciding is essential. Each business has unique needs, so what may work for one may not be the best fit for another. By researching and considering all factors, you can make an informed decision that will benefit your organization in the long run.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.