Microsoft Intune: Pros & Cons for MDM Management

It’s common for an MSP to question the value of Microsoft Intune when it comes to managing their customers. There are a few common concerns that tend to come up, including the pricing structure and the lack of multi-tenancy. It’s also something new that the MSP and their staff may need to learn. 

With that said, is MS Intune bringing value to the MSP’s table? Is there some potential to be leveraged out of using Microsoft’s MDM as a managed service provider? In this article, we’ll talk about the product itself, how MSPs are integrating Intune into their stacks, and give the final verdict on whether or not Intune can replace an RMM tool.

What this article will cover:

• What is Microsoft Intune?
• Pros of Microsoft Intune
• Cons of using Intune
• Is Microsoft Intune a good MDM?
• Can Intune replace an RMM tool?
• Alternative MDM solutions

What is Microsoft Intune?

Microsoft Intune is the proprietary SaaS solution provided by Microsoft. It is a cloud-based desktop and mobile device management tool that currently supports MacOS, iOS, Android, and Windows 10. Intune started out as an enterprise-level management tool but has become heavily used by SMBs in recent years.

Intune is a cloud-based solution that enables mobile device management and mobile application management — meaning it’s used to control how devices are utilized and enforce policies that allow IT professionals to keep devices and the network secure. The app actually focuses heavily on configurations and features that improve endpoint security.

Intune also helps users set up laptops and mobile devices by automatically deploying and enforcing device configurations across a large number of individual installs. In total, Intune works for device onboarding, configuration, and administration for highly homogeneous environments and device configurations. 

Noteworthy Intune Features:

• Autopilot deployments
• Device provisioning
• Automated RMM deployment
• Microsoft Defender deployment and management
• Policy enforcement on end-users and devices (standard lockdowns on accounts, expiries, screensaver lockouts)
• Microsoft Office configurations

Microsoft Intune pros

What is the upside of using MS Intune? Let’s take a closer look. 

• Conditional access

Privilege access control is a critical part of IT security. Intune allows you to set accessibility rules that help keep people with lower levels of security from accidentally using unsafe devices to access important resources. Conditional access and privilege access control are also important components of certain compliance requirements. 

• Zero-touch deployment

Zero-touch deployment allows MSPs to ship ready-to-go devices to customers and save a significant amount of time when onboarding. 

• Mobile features

Intune brings mobile device features that supplement a lot of MDM features in RMM solutions. One useful example is the ability to easily and quickly separate personal and company data on devices. This feature alone can be invaluable in a number of different privacy and security scenarios.

• Device flexibility

Intune can manage many different ownership and usage configurations. As an example, Android mobile devices can be managed under BYOD (Bring Your Own Device), CYOD (Choose Your Own Device), COBO (Corporately Owned, Business Only), and COPE (Corporately Owned, Personally Enabled) models.

Microsoft Intune cons

What challenges come with using Intune? Here are some common bits of MSP-specific feedback:

• Difficult to use

   

Intune itself can be challenging to use, especially if the MSP hasn’t been formally trained on the use of the product. Either training/reviewing documentation is recommended prior to using SCCM.

• Finicky remote options 

   

Even though the remote assistance features in SCCM are really good, it can be challenging at times when the remote options don’t work for a particular endpoint. Troubleshooting the remote options can also prove to be a challenge.

• Single tenant

   

The subscription and all associated data are locked inside a single tenant — a major problem for managed service providers. There is currently no way for a service provider to monitor and manage multiple customers/subscriptions. If you’re trying to manage 100 clients, it means logging into 100 different Intune accounts (a common thread among MS Office services in general). 

• Pricing

   

The price of a per-device license for Microsoft Intune has many users turning toward competing MDMs. It can be costly, especially for MSPs who need to convince smaller businesses that a noticeable increase in their pricing is worth the squeeze. 

Is Microsoft Intune a good MDM?

While it’s becoming clear why Intune won’t serve as an RMM replacement, how does it hold up as a Mobile Device Management system? That is its designed role, after all. 

Probably the most obvious advantage offered by Microsoft Intune is its integration with existing services that you’re probably already selling to your clients. 

The software offers sufficient configurations for effectively managing every aspect of devices in your client base. As you would expect, you can control who uses them, and how, to what apps are installed, how they’re used, and various security settings.

Configuration profiles are used to populate these settings, with different profiles available for various devices and platforms. Profiles can be easily applied to devices individually or in a group with Microsoft Intune.

Intune also features identity protection, Wi-Fi and VPN profiles, multi-user device management, and preference files for macOS. The Windows and macOS library contains settings that can be configured in one easy-to-access location.

There are quite a few MDMs to choose from, and you may be immediately intrigued by Microsoft’s proprietary offering, or that might be enough to dissuade you. All things considered, Intune does boast wide compatibility for mobile platforms, a cloud-based management console, and device enrollment that ranges from simple to in-depth.

Can MS Intune replace an RMM tool?

Look around the internet and you’ll find plenty of questions surrounding the “MDM vs. RMM” topic. Finding the answer begins by understanding the differences between these tools and where their limitations come into play.

The primary difference between these software solutions is that MDM focuses on managing mobile devices while RMM solutions are intended to be comprehensive. RMM tools are so multi-use that many RMM solutions include their own MDM functionalities.

The major flaw in any MSP’s plan to use Intune as an RMM replacement lies in its lack of multitenancy. Having to manage a unique account for each user is untenable for an MSP with any hope of growing and scaling. The single dashboard benefit of a solid RMM tool instantly knocks Intune out of the running. 

All-in-one RMMs like NinjaOne take it one step further, providing a single dashboard that helps MSPs collect better customer data and avoid wasted time spent toggling between software. By providing easy, complete visibility into their clients’ systems, all-in-one remote monitoring and management options are the best tool for the job. 

We would be remiss not to mention that RMM tools like Ninja can work together with Intune, giving you Microsoft-native device administration capabilities for mobile devices alongside the proactive device support and infrastructure management capabilities in Ninja. Thousands of our MSP partners use Ninja and Intune together for a more unified endpoint management experience.

Conclusion

Intune is billed by Microsoft as a mobile device management (MDM) solution, but their definition is broad enough to include devices like laptops and desktops. Because Intune brings mobile device features that mimic a lot of MDM features you’d find in RMM solutions, MSPs often wonder if they can replace their RMM with Intune. 

As we’ve learned, Intune by itself isn’t quite enough. While it’s not a replacement for an RMM solution, Intune can work with next-gen RMM tools like NinjaOne to provide a comprehensive MDM experience that’s designed for MSPs.