Microsoft has made regular progress since we final checked out their Intune cellular system administration (MDM) entry. The plain push from their advertising and marketing and technical instructions is, after all, to maneuver prospects in the direction of their Enterprise Mobility + Safety (EMS) Suite, a bundle SKU that mixes Intune with varied Microsoft Azure safety and identification administration merchandise. All administration console improvement has been targeted on the up to date Azure portal expertise, whereas the legacy administration operate nonetheless stays accessible. Characteristic parity between the 2 experiences has not been reached but, however anticipate the Azure expertise to catch up and surpass the older instrument. Nonetheless, with some work left to go on the present model, the Intune and Azure pairing stays a bit behind a few of the competitors, notably VMware AirWatch, our Editors’ Alternative winner on this class.
A part of the problem is that you would be able to’t have a dialog with anybody on the Microsoft EMM workforce about delivering easy core MDM capabilities. In response to Microsoft, it is not what prospects need and due to this fact not what they’re targeted on delivering. With that thought in thoughts, it is simple to miss a few of the performance accessible with a deal with simply MDM. Microsoft has leveraged its Microsoft Azure Lively Listing (AD) service to provide prospects high-grade identity management capabilities that are tightly integrated with Intune MDM.
When you step up to the EMM product E3 and E5 tiers, you add Azure AD Premium in addition to Microsoft’s Azure Information Protection and Advanced Threat Analytics capabilities. The highest tier also adds Cloud App security and a number of high-end document management features intended to let administrators protect data at the file level no matter what devices are used to access it. Add to that the recent partnership with Citrix and you have an interesting array of possibilities. Why would you want both Citrix and Microsoft EMM? The answer is in the applications. Citrix has a huge number of corporate customers that use their XenDesktop and Citrix Receiver products. The cooperative agreement between the two companies brings the best of both worlds together.
Installation and Device Registration
Signing up for a Microsoft Intune trial is one of the easier evaluation processes of all the products in this roundup. After entering the initial account information, I was able to start registering devices in under 10 minutes. However, device registration is a little different with Intune than some of the other products. For all three platforms, you must download the Intune Company Portal app and log in with your Intune user credentials. This will download the app and launch any additional required steps, such as adding certificates on iOS devices. On iOS, it’s possible to enroll corporate devices by serial number, making it much easier to bring multiple devices under management.
Microsoft Intune provides a user roll called the Device Enrollment Manager. This role can be given to any registered user and lets that user register more than the normal five-device limitation. Using this approach makes it possible to delegate an enrollment task to an administrative person, giving them responsibility for all company-owned devices for one group of users.
The first time you launch the management console, you will be prompted to install Microsoft Silverlight if you haven’t done that previously. Be sure you uncheck the two checkboxes for “Make Bing my search engine” and “Make MSN my homepage” unless you’d like the Silverlight installer to make those changes for you. Silverlight is compatible with all of the major browsers so that shouldn’t be a problem. It is a bit annoying to have to uncheck something to prevent modification of your current browser settings. Still, overall, Microsoft Intune had one of the easiest all-around registration processes I encountered.
Management and Policies
Microsoft offers two options for managing Intune. The first is basically the same as we reviewed previously. The latest version is part of the new Azure portal. The main dashboard page adheres to a similar theme as other Azure management tools. With this new Azure version ,you now have the ability to customize the dashboard as you can with other products such as VMware AirWatch and IBM MaaS360. Device location is now possible for corporate-owned iOS devices enrolled through DEP and configured in supervised mode. Support for geolocation on other devices is planned for a future release.
Reporting includes a nice range of canned reports covering most of the information you’d typically want to get out of your MDM system. Generating a new report launches a new web browser page with a search box, print, and export buttons. Some reports, such as Device History, let you enter a time period up to 90 days prior. You can also save any report with custom selections to save time later. Intune does not provide a way to create new reports or customize any existing ones.
Creating and modifying policies happens from within the Policy section of the administration portal. The initial screen gives a quick status of current policies and indicates problems with a red circle containing an exclamation point. The process of creating a new policy uses a wizard-based approach to lead you through the required steps. Each platform includes a list of available policy templates which must be customized to pick and choose from a list of settings. The templates themselves cannot be modified and you are limited to using the templates provided. That being said, the list of options is quite extensive and should cover anything you would need to either configure or constrict on any supported platform.
Microsoft does make it easy to get help from any of the management pages, including from within action dialog boxes such as the Retire/Wipe box. I was able to use this process to remove the Windows Mobile device from the list of managed devices. For Android devices, you can now remotely control the screen using Teamviewer, although the process to initiate a session is cumbersome when compared to other solutions.
Still A High Price
Microsoft prices the Basic Intune plan at $6 per device per month, for up to five devices. If a user actually had five devices, that would work out to $1.20 per device, which is pretty good. However, two devices per user is a far more realistic expectation, and would make the per-device price $3. An actual final price would probably be somewhere between $4 and $5 per device based on the large majority of users typically having a single device (phone), which would be the one device under management.
Pricing for Intune as part of the EMS suite is publicly available on the Microsoft EMS pricing page and starts at $8.74 per device per month for an E3 subscription offering Azure AD Premium, Microsoft Intune, Azure Rights Management, and Microsoft Advanced Threat Analytics. At the high end, Microsoft offers their E5 subscription, which will cost you $14.80 per device per month, adding Advanced Threat Analytics and Cloud App Security to the E3 tier.
Overall, Intune delivers a solid package including all of the basic MDM features for the three major platforms. It integrates with all of Microsoft’s infrastructure management tools, such as System Center Configuration Manager, should you already be using that tool. It also tightly integrates with either on-premises AD or Azure AD for user authentication. Support for Windows Mobile devices is the most robust of all the products reviewed as you’d expect. The additional features provided in their EMS Suite are definitely worth the money.