Microsoft Intune

The feature we value most is Intune's deep integration with other M365 products: Azure AD Conditional Access (Entra ID), Microsoft Defender for Endpoint (EDR), Microsoft Purview, Microsoft Security, etc... This powerful combinaison allows us to enforce Zero Trust principles by ensuring that only Compliant, healthy devices can access sensitive company data.

Some of the standout features of Intune include Autopilot, Settings Catalog, and the unified interface across platforms. In terms of Autopilot, this is the feature that really got me into Intune. I was used to the days of creating images for device models and uploading those images to SCCM task sequences. Autopilot completely changed the game, allowing us to just use vanilla Windows installs and Autopilot did the rest over top of the OOBE. This has completely improved my company's workflow rather than having to take the time to package on Windows images and wait for the task sequence to complete. Being able to order a machine and have it arrive ready to be Autopiloted with little to no interaction is a great workflow. I think Autopilot is one of Microsoft Intune's most appealing features. Next, I really enjoy the Settings Catalog because I am able to be as granular as I want with it. I can have one big settings catalog policy, or I can create several smaller policies. I think pushing towards Settings Catalog being the standard is the way going forward as it supports a wide range of settings. An improvement to the Setting Catalog's filtering and search functionality could be helpful as the search can be hit or miss and it can sometimes be hard to find settings. Having tags / categories for settings in the setting catalog could be a good way to help it be more user friendly. Lastly, the unified interface is very helpful because once you know how to manage one platform, the rest are easy to manage as well since all of the policy and app configuration are labeled the same and follow similar formats. Once you learn how to navigate Intune, it's easy to find what you're looking for.

L'atout de Microsoft Intune est indéniablement son intégrative native avec Azure AD et Microsoft 365. On y retrouve dans un emplacement unique : la gestion des appareils, des utilisateurs et des politiques de sécurité. Il n'est plus nécessaire dans 90% de déployer des GPO : le provisionnement d'applications fonctionne à merveille.

What we dislike most is the product's significant complexity and steep learning curve. Also, performance could probability get better, to deliver policies faster, and check compliance more often.

My biggest issues with Microsoft Intune would be the speed of device actions / syncs and Remote Help. Myself along with my colleagues have all agreed on the fact that Intune actions can be so slow for the Windows platform. When you send a wipe command or a restart command, for example, there is no telling when that command is going to hit the device. Sometimes it's instant, sometimes 5 minutes, sometimes 20, sometimes it feels like never. Compared to managing Apple devices, sending a wipe or restart command happens within 5-10 seconds, it's lightning fast. I'm sure a lot of that lies in the way the Windows operating system works, but Microsoft should put a lot more effort into making these actions faster. I have talked to many frustrated individuals about how slow Intune is and sometimes it can be hard to recommend the product due to the speed of the actions. Compared to other MDM platforms out there, when a policy gets pushed, it almost feels instant how quickly the device got that policy. That is not only good for efficiency, but also for security, as if there is something we need to push or pull back fast, then we can be confident that the action will occur. My next pain point is Remote Help. First, the Remote Help action in Intune to activate a Remote Help session is very inconsistent and often does not send the notification to the end user. Next, it is frustrating to have to enable authenticated sessions to see UAC prompts every single Remote Help session. It is a preference that should be saved so that way our techs don't have to click on it every time. Next, unattended access is a highly requested feature and would benefit us greatly as we are currently paying for another service for unattended access.

L'aspect le plus désagréable dans Microsoft Intune se situe particulièrement dans la lourdeur de multiples configurations. On se perd parfois dans les menus pour faire quelques choses de simple. Aussi, je trouve que la synchronisation des appareils avec les politiques de sécurité ou de déploiement est parfois très longue ce qui laisse un doute sur le bon fonctionnement de ce que l'on déploie.