Today, many customers have started to consolidate their endpoint management platforms and are now looking towards Intune to take a bigger role in endpoint management across all types of devices, PC, mobile devices and even AVD. Specifically, we have seen many customers starting to deploy Autopilot with great success but for some it meant updating SCCM to the current version to be compatible with Intune co-management and for others a need to work with their infrastructure teams to make sure firewall rules and networking were correct for communication to work across the Intune ecosystem and endpoints.
It’s been a while since we last touched on this topic ( “Securing the Endpoint” ) and with the announcement for the new Microsoft Intune Suite we felt we needed to revisit the topic again and let you know what we have been seeing with our customers and what the announcement will provide.
So, what is this new Intune Suite all about?
In general, besides adding some new capabilities which we will get into below, this new announcement feels like a rebranding away from Microsoft Endpoint Manager, which, as a previous re-branding, never really took off. Everyone just thought it was Intune renamed but it really was meant to encompass Intune, SCCM, and co-management as a whole. Microsoft has renamed the portal from “Microsoft Endpoint Manager Admin Center” to “Intune Admin Center”.
Are you ready for a single pane of glass? Is this finally going to be a reality?
Enter Microsoft Intune Suite
Microsoft has recently launched the general availability of Microsoft Intune Suite, a powerful endpoint management and security solution that aims to streamline protection for cloud-connected and on-premises endpoints. The consolidation of endpoint management and security solutions will serve as a single vendor for all endpoint security needs. This will help customers have single analytics, instead of multiple disparate datasets, with consistent visibility to potential vulnerabilities and anomalies.
Intune Suite’s core capabilities include managing cloud-connected devices on various operating systems such as Windows, Android, Mac, iOS, and Linux. It will also include Microsoft configuration manager to manage on-premises endpoints such as Windows PCs and servers. Intune will also provide endpoint analytics to help IT administrators understand and modify user experience.
The new product comes with features such as “Remote Help” that allows IT helpdesk teams to remotely diagnose and resolve issues with a user’s desktop and mobile devices, utilizing their existing company identity. Currently, Remote Help is accessible to Windows users only, but will soon be available for Android and Mac endpoints in future editions. Remote Help is going to be a great option for replacing Bomgar and TeamViewer assuming it has parity in features.
One of the most exciting updates coming in my opinion is Endpoint Privilege Management which will be a part of the Intune Suite in April, allowing organizations to automate controlled elevation of Windows standard users for timely privileges without compromising security. This is a great step toward bringing automation with a zero-trust approach to endpoint management with a mix of operational efficiency and just in time permission. Additionally, this will be a great option for giving users temporary admin rights to do things like install printers for example.
For streamlining access, Intune has added Microsoft Tunnel for mobile app management, which routes protected access from personal mobile devices to corporate resources through a micro-Virtual Private Network (VPN). This capability has also been extended to Intune’s specialty devices, which include AR/VR headsets, wearable headsets, conference room meeting devices, and large smart screen devices.
In the future, Intune will be adding Advanced App Management to provide an enterprise application catalog and managing tools to simplify the discovery, deployment, and automatic updating of applications to alleviate risks associated with outdated applications. By the end of the year, Intune will feature a Cloud Certificate Management solution to issue and manage VPN and Wi-Fi certificates from Intune to devices without on-premises infrastructure.
Licensing
Intune Suite features are available as tiered subscriptions.
The basic tier for Intune called Plan 1 will include Intune’s core capabilities and will be available to customers with subscriptions to Microsoft 365 E3, E5, F1, and F3; Enterprise Mobility + Security E3 and E5; and Business Premium plans.
Core Capabilities include:
- Cross-platform endpoint management
- Built-in endpoint security
- Mobile application management
- Endpoint analytics
- Microsoft Configuration Manager (Microsoft Configuration Manager included in all Plan 1 license except Business Premium)
Add-ons for Plan 1
- Microsoft Intune Remote Help
- Microsoft Intune Endpoint Privilege Management
- Microsoft Intune advanced endpoint analytics – Will be available as an add-on soon
Plan 2 will be an add-on, available only to Plan 1 subscribers, and will feature only advanced capabilities such as:
- Microsoft Intune Tunnel for Mobile Application Management
- Microsoft Intune management of specialty devices
Microsoft Intune Suite, the top tier, will similarly be available as an add-on to Plan 1 customers and will include:
- Microsoft Intune Tunnel for Mobile Application Management
- Microsoft Intune management of specialty devices
- Microsoft Intune Remote Help
- Microsoft Intune Endpoint Privilege Management
- Microsoft Intune advanced endpoint analytics
- Advanced capabilities that are on the way – Advanced app management (TBA), cloud certification (TBA)
Note: Plan 2 and the Intune Suite are not yet available for GCC, GCC High, or DoD customers.
Planet works with customers every day that are looking to increase their capabilities while reducing costs. The Intune Suite is a great step in that direction. In a recent survey, two-thirds of respondents indicated that they are using more than ten tools to manage their devices. The Intune Suite endpoint management addresses a wide range of management scenarios across an ever-growing number of device types that will allow you to eliminate these extra tools and save you money on licensing costs.
The current pricing models for each plan can be found here.
With Intune Suite, customers can rest assured that they are receiving a comprehensive, unified endpoint management solution to ensure that their devices, operating systems, and apps are up to date, protected, and performant.
If you would like to hear more about the latest update with Intune Suite, be sure to join our next office hours on March 23rd, 2023, at 1:00 EST. We look forward to sharing what are customers are doing with Intune and digging deeper into the Microsoft Intune Suite announcement. To learn more about these plans check out this Microsoft Learn article.