CommunityUniversityPartnersDevelopersSupportLogin
Platform
Solutions
Pricing
Resources
Platform View overview
Automation

AI-powered IT Automation for All Your Endpoints

Configuration

Hundreds of Worklets to Automate Anything

Patching

Automated Cross-OS & Hundreds of Titles

Vulnerability Remediation

Automated and Manual Vuln Sync and Remediation

Remote Control

Instantly Troubleshoot Windows and macOS

Reporting

Dashboard, PDF Exports and API Flexibility

Deployment

Automatically Deploy Hundreds of Software Titles

Cloud Architecture

Zero Hardware and Fast, Reliable Agent

Services & Support Plans
Security
Ratings & Reviews

Thousands of Customers Managing 1,000,000 Endpoints

INSTANT DEMOS

Deploy in Seconds

Remote Access

FixNow

Ask Otto AI Scripting

Software Deployment

Single Pane Dashboard

Automate with Worklets

Find & Fix Vulnerabilities

Worklets Catalog

Cross OS Patching

Cross OS Visibility

Desired State Config

Endpoint Organization

Secure Script Signing

OUTCOMES

Automated Cross-OS Updates

Everything Updated — Desktops, Laptops, Servers

Visibility & Reporting

Prove Everything in Your Environment is Up to Date

Automated Software Updates

One Source to Keep All Your Software Up to Date

Zero-Hardware IT Cloud

No VPN, No Servers, One Fast, Reliable Agent

Automated Configuration

Eliminate Drift and Keep Everything Up to Date

Cross-Platform Troubleshooting

Quickly Resolve Windows & macOS Tickets

INDUSTRIES

State & Local Government

K-12 Education

Colleges & Universities

Pharmaceuticals

Sports Organizations

MSPs

SaaS

TOPICS

IT Automation

Patching & Endpoint Automation

Vulnerability Remediation

IT Operations

Patch Tuesday

Automox Updates

View All

SOURCES

Events

Blog

Reports & Guides

Case Studies

Solution Briefs

News & Press

Videos

Podcasts

View All

FEATURED

UPCOMING

Home > Blog > What is Intune?
Otto background

What is Intune?

Connect With Us

We're obsessed with making your job easier. Start your free trial today and go from reactive to proactive endpoint management with one click.

What is Intune?

Intune is Microsoft’s cloud-based mobile device management (MDM) solution. It provides agentless management for devices and is hosted in Azure – which means it doesn’t require on-prem infrastructure nor will it need VPNs to manage devices.

How does Intune work?

Intune is hosted in the Azure cloud and its management console can be accessed via a web browser, like Edge or Chrome. Much of the Intune functionality is policy-driven, which includes the following:

  • Device profiles for initial deployment and configuration

  • Configuration policies for devices and applications

  • Compliance policies that work with Azure Active Directory (Azure AD) to help vet conditional access to application and company data

Furthermore, policies and profiles can be deployed over the air to groups of devices or users based on what the administrator specifies. Also, profiles for initial device configuration and deployment can be distributed to Windows devices through Autopilot (or to Apple devices through Apple Business or School Manager).

What OSes are covered with Intune?

Intune can manage the following OSes:

  • Windows 10 and 11

  • Android 8.0+, Android Enterprise

  • Apple macOS 10.15+, iPadOS 13.0+, iOS 13.0+

Does Intune work with third-party software?

Intune is geared toward making it easy to patch Microsoft products. While there are some ways to update third-party apps, it costs time and/or money to make it happen.

Since Intune doesn't patch third-party applications natively, users often purchase add-on products from third-party providers to extend Intune capabilities to cover third-party application patching.

Also, Intune doesn’t support Linux operating systems nor does it help with Windows Server. This leaves organizations running SCCM (or another tool) to manage Windows Server and Linux, which usually means they have duplicative workflows and require on-prem infrastructure.

What can Intune do?

Intune’s primary use case is for more modern device management over SCCM, as it eliminates some of the requirements SCCM has like a VPN connection to the domain and (typically) on-prem infrastructure. Many organizations run both Intune and SCCM together since not all operating systems commonly seen in the enterprise are covered by just one of these tools.

But Intune can also manage bring your own device (BYOD) endpoints without requiring an agent to be installed – something that may not be permitted or possible for non-corporate owned devices.

Additionally, organizations can use Intune to deploy software to devices that use OS-specific app stores (like Apple, Google (for Android), or Microsoft stores).

However, getting a comprehensive inventory of applications on a Windows device can be tricky. That’s because Intune only detects MSI-installed applications. So other methods (like .exe) might not be reflected in device inventory and may be more difficult to manage as a result.

Now, Intune does integrate with Azure Active Directory. That means administrators can create and enforce compliance rules, such as enforcing an updated operating system (OS) version, via conditional access for users and devices. In other words, Intune can restrict access to company applications and data if the compliance criteria are not met.

Remember, Intune is an MDM, which means it can also provision Windows and Apple devices “over the air” without an agent, using Windows Autopilot or Apple Business/School Manager. This ensures new devices are ready for an employee’s first day, without the IT team ever touching the device.

Intune can also help with patching and reboots for Windows devices. But it falls short with Apple – specifically macOS. Administrators can modify update visibility in macOS with Intune, but Intune doesn’t have tools to enforce updates and reboots with macOS. So if timely update compliance with macOS is an important part of your IT and security program, you should absolutely consider other solutions.

What are the licensing requirements?

To license Intune, you’ll need to have purchased one of the following bundles from Microsoft.

  • Microsoft 365 E5

  • Microsoft 365 E3

  • Enterprise Mobility + Security (EMS) E5

  • Enterprise Mobility + Security (EMS) E3

  • Microsoft 365 Business Premium

  • Microsoft 365 F1

  • Microsoft 365 F3

  • Microsoft 365 Government G5

  • Microsoft 365 Government G3

  • Intune for Education

Do you need other software to use Intune?

To use Intune, your computers must be connected to Azure Active Directory, which is a cloud-hosted Active Directory. Historically, this has only existed on-prem. Thus, your devices must either be purely Azure AD-joined, or Hybrid Azure AD-joined (a combination of on-prem AD and Azure AD).

To use features like automatic MDM enrollment in Intune, you’ll need Azure AD Premium, which requires the purchase of an Enterprise Mobility + Security (EMS) subscription.

Should you use Intune?

The most important thing to understand is that Intune is an agentless solution, this is generally what mobile device managers (MDMs) are. So you have to consider if it’s reasonable to manage your entire estate with an agentless solution, or if a blend of agent-based and agentless management is best. Agentless solutions can be helpful for BYOD devices or for touchless provisioning, but the level of control an agent-based solution offers is greater than agentless solutions.

With Intune (and other agentless solutions), you’re restricted to what controls the OS has made available through Windows Autopilot or Apple Business/School Manager, as well as what the MDM solution has enabled in their UI for control.

For example, Intune doesn’t have a control available for reboots and shutdown of macOS yet. But an agent-based solution may be flexible enough to easily script such an action.

Also, if you have servers, Linux-based or Windows Server, you won’t be able to manage them with Intune. So you might want to consider other solutions. If you opt for Intune anyway, just be prepared to manage servers and laptops/desktops with other tools.

However, if managing and enforcing third-party updates is a priority, you’ll definitely need another solution or a third-party add-on purchase to accompany Intune.

In the end, Intune can be a great tool to help modernize your device management capabilities and eliminate some on-prem infrastructure. But the solution itself likely won’t meet all needs of a modern organization that requires control over servers, third-party apps, and more via the cloud.

Automox for Easy IT Operations

Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.

Grab your free trial of Automox and join thousands of companies transforming IT operations into a strategic business driver.

Dive deeper into this topic

loading...

Start your free trial.

Join over 1,090,611 endpoints managed with Automox.

start your free trial now

PRODUCT

OverviewFeaturesWorkletsPricingRoadmap

COMPANY

AboutLeadershipNewsCareersDiversity in ITContact

DOCS

DocsAPIFAQ

CUSTOMERS

SupportCommunityUniversityDevelopersPartners

SOCIAL

LEGALTerms of UsePrivacy PolicyMaster Services Agreement
CSA STAREU-US DPGDPRPCI DSSSOCTX-RAMP
Copyright © 2024 Automox. AUTOMOX is a registered trademark in the US and other countries.
TX-RAMPSOCPCI DSSGDPREU-US DPCSA STAR