Microsoft Intune: Pros & Cons for MDM Management

It’s common for an MSP to question the value of Microsoft Intune when it comes to managing their customers. There are a few common concerns that tend to come up, including the pricing structure and the lack of multi-tenancy. It’s also something new that the MSP and their staff may need to learn. 

With that said, is MS Intune bringing value to the MSP’s table? Is there some potential to be leveraged out of using Microsoft’s MDM as a managed service provider? In this article, we’ll talk about the product itself, how MSPs are integrating Intune into their stacks, and give the final verdict on whether or not Intune can replace an RMM tool.

What this article will cover:

• What is Microsoft Intune?
• Pros of Microsoft Intune
• Cons of using Intune
• Is Microsoft Intune a good MDM?
• Can Intune replace an RMM tool?
• Alternative MDM solutions

What is Microsoft Intune?

Microsoft Intune is the proprietary SaaS solution provided by Microsoft. It is a cloud-based desktop and mobile device management tool that currently supports Mac-OS, iOS, Android, and Windows 10. Intune started out as an enterprise-level management tool, but has become heavily used by SMBs in recent years.

Intune is a cloud-based solution that enables mobile device management and mobile application management -- meaning it’s used to control how devices are utilized and enforce policies that allow IT professionals to keep devices and the network secure. The app actually focuses heavily on configurations and features that improve endpoint security.

Intune also helps users set up laptops and mobile devices by automatically deploying and enforcing device configurations across a large number of individual installs. In total, Intune works for device onboarding, configuration, and administration for highly homogeneous environments and device configurations. 

Noteworthy Intune Features:

• Autopilot deployments
• Device provisioning
• Automated RMM deployment
• Microsoft Defender deployment and management
• Policy enforcement on end-users and devices (standard lockdowns on accounts, expiries, screensaver lockouts)
• Microsoft Office configurations

Microsoft Intune pros

What is the upside of using MS Intune? Let’s take a closer look. 

• Conditional access

Privilege access control is a critical part of IT security. Intune allows you to set accessibility rules that help keep people with lower levels of security from accidentally using unsafe devices to access important resources. Conditional access and privilege access control are also important components of certain compliance requirements. 

• Zero-touch deployment

Zero-touch deployment allows MSPs to ship ready-to-go devices to customers and save a significant amount of time when onboarding. 

• Mobile features

Intune brings mobile device features that supplement a lot of MDM features in RMM solutions. One useful example is the ability to easily and quickly separate personal and company data on devices. This feature alone can be invaluable in a number of different privacy and security scenarios.

• Device flexibility

Intune can manage many different ownership and usage configurations. As an example, Android mobile devices can be managed under BYOD (Bring Your Own Device), CYOD (Choose Your Own Device), COBO (Corporately Owned, Business Only), and COPE (Corporately Owned, Personally Enabled) models.

Microsoft Intune cons

What challenges come with using Intune? Here are some common bits of MSP-specific feedback:

• Difficult to use

Intune itself can be challenging to use, especially if the MSP hasn’t been formally trained on the use of the product. Either training/reviewing documentation is recommended prior to using SCCM.

• Finicky remote options 

Even though the remote assistance features in SCCM are really good, it can be challenging at times when the remote options don't work for a particular endpoint. Troubleshooting the remote options can also prove to be a challenge.

• Single tenant

Subscription and all associated data is locked inside a single tenant -- a major problem for managed service providers. There is currently no way for a service provider to monitor and manage across multiple customers/subscriptions. If you’re trying to manage 100 clients, it means logging into 100 different Intune accounts (a common thread among MS Office services in general). 

• Pricing

The price of per-device license for Microsoft Intune has many users turning toward competing MDMs. It can be costly, especially for MSPs who need to convince smaller businesses that a noticeable increase in their pricing is worth the squeeze. 

Is Microsoft Intune a good MDM?

While it’s becoming clear why Intune won’t serve as an RMM replacement, how does it hold up as a Mobile Device Management system? That is its designed role, after all. 

Probably the most obvious advantage offered by Microsoft Intune is its integration with existing services that you’re probably already selling to your clients. 

The software offers sufficient configurations for effectively managing every aspect of devices in your client base. As you would expect, you can control who uses them, and how, to what apps are installed, how they're used, and various security settings.

Configuration profiles are used to populate these settings, with different profiles available for various devices and platforms. Profiles can be easily applied to devices individually or in a group with Microsoft Intune.

Intune also features identity protection, Wi-Fi and VPN profiles, multi-user device management, and preference files for macOS. The Windows and macOS library contains settings that can be configured in one easy to access location.

There are quite a few MDMs to choose from, and you may be immediately intrigued by Microsoft’s proprietary offering, or that might be enough to dissuade you. All things considered, Intune does boast wide compatibility for mobile platforms, a cloud-based management console, and device enrollment that ranges from simple to in-depth.

Can MS Intune replace an RMM tool?

Look around the internet and you’ll find plenty of questions surrounding the “MDM vs. RMM” topic. Finding the answer begins by understanding the differences between these tools and where their limitations come into play.

The primary difference between these software solutions is that MDM focuses on managing mobile devices while RMM solutions are intended to be comprehensive. RMM tools are so multi-use that many RMM solutions include their own MDM functionalities.

The major flaw in any MSP’s plan to use Intune as an RMM replacement lies in its lack of multitenancy. Having to manage a unique account for each user is untenable for an MSP with any hope of growing and scaling. The single dashboard benefit of a solid RMM tool instantly knocks Intune out of the running. 

All-in-one RMMs like NinjaOne take it one step further, providing a single dashboard that helps MSPs collect better customer data and avoid wasted time spent toggling between software. By providing easy, complete visibility into their clients’ systems, all-in-one remote monitoring and management options are the best tool for the job. 

We would be remiss not to mention that RMM tools like Ninja can work together with Intune, giving you Microsoft-native device administration capabilities for mobile devices alongside the proactive device support and infrastructure management capabilities in Ninja. Thousands of our MSP partners use Ninja and Intune together for a more unified endpoint management experience.

Alternative MDM solutions

If you’re planning to search for a different MDM tool, it helps to know what to keep an eye out for. Probably the most important aspect of Mobile Device Management software is its ease of use and minimal learning curve. Information about devices, their status, location, and availability should be instantly accessible and easy to navigate. Some MDM suites even offer mobile management consoles that allow technicians to work in the field.

In terms of functionality, MDM software should have granular account control, enabling the sysadmin to create and configure multiple accounts with a great deal of flexibility. 

The following are a few alternatives to Intune that you can explore for your MDM needs:

Miradore

Miradore is a feature-packed MDM tool with both free and premium options. With comprehensive functionality, a straightforward interface, and easy device enrollment, Miradore offers up a complete MDM experience. Some cons include a lack of support for Chrome OS and Linux. As you would expect, the free version of Miradore does not bring all of the features of the premium version (which many MSPs would consider essential).  

ManageEngine MDM

ManageEngine supports both on-premises and cloud hosting and boasts a comprehensive set of features. In addition to Android, iOS, Windows, and macOS, ManageEngine also supports Chrome OS.

ManageEngine brings some horsepower to the table when it comes to security management, and can detect compromised devices, rooting, and even jailbreak on iPhones and iPads. As is standard, remote wipes can be initiated, and mobile-based threats to a corporate network shielded by granular permissions by device or user.

NinjaOne

MSPs can also consider NinjaOne as a complete RMM and MDM solution all wrapped in a single intuitive application that offers much-needed multi-tenancy. This is a great option for partners looking to reduce costs by downgrading M365 user licenses, or who need a single-pane-of-glass for infrastructure and end-user devices.

Conclusion

Intune is billed by Microsoft as a mobile device management (MDM) solution, but their definition is broad enough to include devices like laptops and desktops. Because Intune brings mobile device features that mimic a lot of MDM features you’d find in RMM solutions, MSPs often wonder if they can replace their RMM with Intune. 

As we’ve learned, Intune by itself isn’t quite enough. While it’s not a replacement for an RMM solution, Intune can work with next-gen RMM tools like NinjaOne to provide a comprehensive MDM experience that’s designed for MSPs.