This Week in IT – Microsoft’s Intune Suite: Next-Level IT or Overpriced Toolset?

LISTEN ON:

This Week in IT, I take a closer look at Microsoft’s new Intune Suite, which is now generally available this month. The new package includes all the core features of existing Intune plans plus 5 new advanced features for: endpoint privilege management, remote help, enterprise app management, advanced analytics, and cloud PKI. But will it be too expensive for most organizations, or does it represent good value?

Links and resources

Transcript

This Week in IT, I take a look at Microsoft’s new Intune Suite, which is now generally available this month. The new package includes five new advanced features for Enterprise Privilege Management, Remote Help, Enterprise App Management, Advanced Analytics, and Cloud PKI. But will it be too expensive for most organizations or does it represent good value? Stay tuned to find out!

Hello and welcome to the show where I cover everything about Microsoft 365, Windows, and Azure. But before I get started today, I’ve got a quick favor to ask you. 80% of the people who watched last week’s video weren’t subscribed to the channel. As we go live today, we’re on about 3,130 subscribers and I’d really love it if we could push that up to 3,160 this week. So if you’d like to help us meet our goal, then please subscribe to the channel and don’t forget to hit the bell notification to make sure that you don’t miss out on our weekly uploads.

So Microsoft Intune is the company’s mobile device management and mobile application management platform. Now at Ignite last year, they announced that they’d be releasing a new package called the Microsoft Intune Suite. What exactly is it? The new suite incorporates all the features of the two existing plans. So that’s plan one which includes the core Intune functionality and configuration manager. Then you’ve got plan two which includes things like the tunneling application but without those core features. But the new suite includes these extra features from plan two and a set of five new advanced features. Now two of those features have already been generally available.

That’s the enterprise privilege management solution and remote help. But Microsoft announced this week that the rest of the features are going to be generally available this month, completing what they describe as the beginning of the new Intune Suite. Just the beginning because Microsoft is planning to add even more features over time. So what exactly are we getting extra this month? So general availability, we’re getting the enterprise app management suite, the advanced analytics and the cloud PKI. So let’s go through them one by one. So if you’ve ever been involved in Windows deployment and managing application deployment, you’ll know how time consuming it can be to package third-party applications so that you can roll them out with technologies like configuration manager, Intune or a third-party technology.

Lots of testing involved, lots of trial and error to try and get it right. It’s a real time sink. Now what Microsoft announced at Ignite was a service where they would provide a catalog of pre-packaged third-party apps that are already rolled up and packaged for you so that you can just basically press a few buttons and roll them out to any devices that are managed by Intune. So it might be things like, I don’t know, Dropbox or Adobe, Acrobat Reader, all of these applications that we commonly have to roll out our PCs that are not directly from Microsoft.

Now I haven’t actually seen this list of applications, what exactly is there at the moment and I assume that Microsoft will just continue to add to the list of available third-party applications that you can roll out using this service.(…) Now it’s of course not only about the initial rollout of an application but every time the manufacturer releases an update or a bug fix you’ve basically got to incorporate that into your package and then test it again. Now of course with this service Microsoft is taking that burden away from you. So once you’ve deployed an application using enterprise app management then essentially Microsoft takes responsibility for making sure that application also stays up to date.

And of course just like anything else in Intune you can manage all of this from the Intune admin center. Now the advanced analytics seem to me to be a little bit more wishy-washy, a little less concrete what the value is. So I started to read into it in a little bit more detail. So according to Microsoft this is offering advanced AI and analytics driven capabilities that will help you to understand, anticipate and proactively improve the end user experience. So what does that mean exactly? Well Microsoft gave a couple of examples and I’ll just give one of them to you now so you get a better idea of how this service could potentially help you. So because the analytics service provides deep near real-time insights into your connected devices and your managed apps it’ll help you to understand, anticipate and proactively help users do their jobs and continue doing their jobs.

So an example of this is for example imagine you’ve got people out in the field using devices and you’ve got a problem with a battery that’s either defective or it’s not able to hold its charge anymore. Now of course the device is probably reporting that information to firmware and I guess that Intune is able to read that information and it can report back to you that there’s a problem with the battery on that device so that you can proactively step in and make sure that the user isn’t left with a piece of hardware that they can’t use anymore. So for instance you would be able to replace the battery or to replace the hardware ahead of time before it becomes an actual problem.

So I can see in particular circumstances this being quite useful especially as I said for people who are using devices out in the field that are critical and that would be a big problem if they were not able to actually carry on with what they’re doing or in situations where it’s not easy to quickly get them a replacement device just like that you need to know in advance that there’s going to be a problem. Microsoft also announced as part of this that the Intune Suite now includes advanced analysis using the Cousteau query language so this is something that comes from Microsoft Sentinel and it’s basically a specialized language specifically designed for querying device logs security logs that kind of thing so that power is now part of the Intune Suite.

Now while I think the enterprise app management part of this is probably going to be the most compelling for the biggest range of organizations I think that second in the list is this new cloud PKI that they announced back at Ignite. Now of course we’re all used to potentially having to set up and maintain these complex PKI infrastructures using Active Directory on-premises and Microsoft is hoping to make that a thing of the past. Now there are several problems with setting up your own on-premises PKI. First of all it requires quite a lot of knowledge about how that actually works, it’s complicated to secure and of course you’ve got to maintain the whole thing.

So Microsoft is suggesting that you will be able to use their new cloud PKI infrastructure instead of your on-premises Active Directory certificate services. They’re promising that it’s going to be simple to set up that you’ll be able to do it in just minutes that you can manage the certificate lifestyle and that the certificates can be deployed automatically to any devices that are managed by Intune. They’re also saying that cloud PKI will work with Active Directory certificate services for TLS and SSL certificates but you won’t need to deploy certificate revocation lists, Intune certificate connectors, network device enrollment service servers or any of the reverse proxy infrastructure that you might have needed in the past. With this you’ll now be able to issue renew or revoke certificates directly from the Intune admin center either manually or automatically.

So I think the cloud PKI service has a big potential to really reduce complexity and costs and also the expertise required to deploy PKI on-premises is of course difficult to find as well and hopefully with this new service that will be less of a problem. So the big question how much is all this going to cost you? And of course it’s an important question because if you remember back around Ignite or I think it was even before that they announced the remote help service which is part of Intune Suite and at that point you could buy it as an add-on service. So if you have the Intune plan 1 which is eight dollars a month you could buy remote help for three and a half dollars per user per month and there’s a big outcry about it.

People saying that it’s just way too expensive because essentially they took the remote help from Windows 11, improved it a bit and of course the remote help in Windows was previously a free tool. They made a few tweaks to make it compatible with Azure Active Directory I think and a few other tweaks to make it a little bit more enterprise friendly and then slapped this huge price onto it. So what’s going to happen with Intune Suite? Now just bear in mind that Intune plan 1 already costs eight dollars per user per month. If you want to have Intune plan 2 that’s four dollars so that’s twelve dollars already but the Intune Suite which includes everything in plan 2 and these five new advanced features is going to be ten dollars per user a month and I think that’s actually a pretty good deal. If you have Intune plan 1 and let’s say you just want one of these five new advanced features, let’s say you wanted the endpoint privilege management, then you can purchase that separately as an add-on to plan one only as I understand.

You need to have those core Intune services available to be able to buy these things as add-ons. So let’s just quickly go through the add-on prices. The remote help as I said before is three and a half dollars per user a month. The endpoint privilege management piece is three dollars. Enterprise app management will cost you two dollars. Advanced analytics five and the cloud PKI two dollars a month. So let’s say the Intune Suite comes in budget, why would you either consider using this?(…) So of course you can get all of these features through various third-party products and all the rest of it. That can end up being quite complex to manage and to license.

So the value that Microsoft says they’re offering here is to have all of these features in a single package. So obviously the Intune Suite licensed for ten dollars per user a month and all the management happens through the Intune admin interface and you don’t have to manage all these different vendor relationships and different technologies and it just helps to reduce the complexity overall and hopefully lower licensing costs. And some of these features like enterprise app management and cloud PKI should really help you to achieve things that required quite specialist knowledge before. Setting up a public key infrastructure is not simple if you don’t know what you’re doing and of course packaging applications is also a bit of a cross between a science and a black art. You know you really need to have a lot of experience to be able to do that manually so hopefully that should help organizations that are maybe not able to get that expertise to be able to do things that they’ve never been able to do before.

And another advantage of using Intune of course it’s all cloud-based and it can still manage your on-premises devices as well as your remote devices and not just windows. It can manage your mobile OS’s, Android, iOS, your iPads. I think it can do Linux and Mac OS as well so regardless of what operating systems you’re running you can use Intune for your management piece. So personally I think that this offers pretty good value. The only caveat of course is that some of these advanced features, I’ll take endpoint privilege management as an example, that isn’t as well fleshed out as a third party solution and of course Microsoft will probably expand that in the future.

Now I asked Steve Dispenser, I think it was at Ignite 2022 about the endpoint privilege management piece as that was coming into preview, if they would consider adding more advanced features to it that the third party options have and here is what he said. But do you think there might be plans in the future to extend this endpoint privilege management capability to do things like challenge response situation where the users are offline for instance and might need to elevate a process? Yeah maybe.(…) So our plan is to build a complete solution for our customers.(…) We think we’re going to get out the door with EPM in a fairly complete scenario.

We think that we’ll see a good amount of adoption based on what we’re hearing from customers and certainly we’re going to start getting requests from customers for additional scenario support exactly like the one you mentioned. I think that’s a great example and like we always do, we’ll take those and sort of stack them and build them and exactly what order and when. Obviously as you said it’s early days and so we can’t exactly commit at this point but what I will say is because it’s a part of the Intune Premium Suite, it really gives us at Microsoft the license to go really invest in these solutions and so I expect this to get richer and richer over time. And of course we can say the same thing about the enterprise app management. Maybe that doesn’t include all the third party apps that you use for whatever reason.

The cloud PKI probably not going to give you quite as much flexibility as the certificate services role in active directory. So it all depends of course how complex your operations are as to whether this is something that you might want to consider looking at or not. Let me know in the comments below what you think of the Intune Suite. What do you think of these five new advanced features? Maybe you’ve used them in preview or maybe you’ve used the end point privilege management and the remote help. How does that stuck up for you? Or do you think that this is still too expensive? I’d love to know what you think.

If you got value from this video I’d really appreciate it if you gave it a thumbs up because that helps us to get it seen by a wider audience on YouTube and it really helps to grow the channel. I’m going to put a video on the screen now about the new features, the most important new features in Windows Server 2025. Do check that out. But that’s it from me for this week and I’ll see you next time.