Getty Images/iStockphoto

What does the new Microsoft Intune Suite include?

With all the recent name changes with Microsoft's endpoint management products and add-ons, IT teams need to know what Intune Suite -- Microsoft's latest bundle -- offers.

During Microsoft Ignite 2022, Microsoft announced another overhaul of its endpoint management products -- not only did it announce a new name for its endpoint management products, but it also announced the introduction of a new family of products.

Microsoft introduced Microsoft Intune as the new name for all endpoint management-related products, which means no more Microsoft Endpoint Manager. Microsoft also introduced the growing family of endpoint management-related products now known as Microsoft Intune Suite, a new suite for advanced endpoint management functionalities.

An introduction to the Microsoft Intune Suite

Microsoft Intune as a name is actually not new. The cloud-based endpoint management platform from Microsoft has always been known as Microsoft Intune after it was rebranded from Windows Intune in 2014. The name moved to the background when Microsoft rebranded its endpoint management platforms under the Microsoft Endpoint Manager umbrella.

With the rebranding, all of Microsoft's endpoint management platforms and services are under the Microsoft Intune umbrella. That makes more sense and will be a minor adjustment for the community, as Microsoft Intune never really went away as the name of the cloud-based endpoint management platforms.

The other big change is the new family of products in the Microsoft Intune Suite. The Microsoft Intune Suite is a collection of new advanced endpoint management and security tools. Those offerings will help organizations with simplifying their endpoint management experience, improving their security posture and creating an even better user experience. That's achieved by introducing platforms for supporting remote users, securely accessing on-premises resources, advanced insights of devices, controlled local administrator permissions and more.

The Microsoft Intune Suite introduces some new management components that will certainly help organizations with making that next step in their endpoint management.

A timeline of Microsoft Intune's evolution.

Assist remote users with Remote Help

Remote Help was the first platform of the Microsoft Intune Suite that was introduced, and it enables IT administrators to provide remote assistance to their end users. This is a critical component to get remote workers as productive as possible by allowing IT to remotely troubleshoot issues on the desktop of a user or remotely assist a user with any technical question. As a standalone offering, it might not be in the same playing field as competitive products yet, but with the announcement of support for Android and Mac devices, that might change in the near future.

Secure remote access to corporate resources with Microsoft Tunnel for Mobile Application Management

Another recently introduced solution is Microsoft Tunnel for Mobile Application Management (Tunnel for MAM). Tunnel for MAM is a lightweight VPN for Android, iOS and iPadOS devices that provides secure remote access to on-premises corporate resources. Before the release of the Intune Suite, Microsoft Tunnel was only available for managed devices, but this new version will accept a managed application as sufficient.

This enables organizations to be more flexible with the devices that users can work from. It enables IT to provide that lightweight VPN on personal devices, without needing to manage the entire device. Just managing the app will now be sufficient to provide secure remote access to on-premises corporate resources.

Attain additional insights with Advanced Endpoint Analytics

Endpoint Analytics is an already existing feature of Microsoft Intune that provides organizations with insights and metrics about their devices. Those insights help with creating the best user experience.

As part of the Microsoft Intune Suite, Microsoft introduced Advanced Endpoint Analytics. The goal of Advanced Endpoint Analytics is to gain even deeper insights into the user experience. It enables IT to proactively detect and remediate issues that might impact the productivity of the user. Initially that is achieved by enabling features that provide those granular insights, enabling proactive detection of issues and enhanced troubleshooting capabilities.

Protect purpose-built devices with management of specialty devices

For purpose-built devices, the Microsoft Intune Suite improves the management capabilities with management of specialty devices. Purpose-built devices is the collective name for devices such as Teams Room devices, VR devices, wearable devices and more.

With the Microsoft Intune Suite, IT can now also achieve a zero-trust security model by relying on the management capabilities for specialty devices. Those capabilities enable IT to provision specialty devices, manage certificates and Wi-Fi on specialty devices, improve security with conditional access for specialty devices, verify compliance of specialty devices, manage the app lifecycle on specialty devices and provide remote actions on specialty devices.

Provide elevated permissions with Endpoint Privilege Management

Endpoint Privilege Management (EPM) is probably the most important platform that has become available with the Intune Suite. EPM enables organizations to rely on the least privilege principle in their zero-trust model. EPM provides a controlled elevation of standard users on Windows devices.

There are promising additions to the Microsoft Intune Suite coming later this year that will greatly improve the security posture of many organizations, and there will likely be further developments in the near future.

That allows IT to provide users with standard permissions without getting in the way of user productivity. IT can configure the elevation settings and rules for the user, and the user can run the required installation or process with elevated permissions. There is no longer the need for providing those type of users with additional local administrative permissions. That means a lower attack surface by introducing the least privilege for users on their corporate devices.

What's next for the Microsoft Intune Suite?

With the Microsoft Intune Suite, Microsoft introduced many new utilities and has already announced new features and entire new components of the product family on the whole. That is great news because these additions will add more value to the Microsoft Intune Suite. The first additional component that Microsoft has announced is advanced app management. Advanced app management will offer organizations an enterprise app catalog with controls for easy app discovery, deployment and automatic updating. This will help organizations with mitigating risks that are introduced with outdated applications.

Another component that Microsoft has announced for later this year is cloud certificate management. Cloud certificate management will offer the ability to issue and manage certificates to devices without the need for an on-premises infrastructure. For example, this could apply to certificates that can be used for connecting via VPN or Wi-Fi. That could benefit many organizations that are now still relying on that on-premises certificate infrastructure for providing certificates to end-user devices.

There are promising additions to the Microsoft Intune Suite coming later this year that will greatly improve the security posture of many organizations, and there will likely be further developments in the near future.

An overview of the new licensing model for Microsoft Intune

With a new name and a new suite comes a new licensing model. The good news is that all existing functionalities will still be available for the same price as before, just with a new name. This option is represented with Microsoft Intune Plan 1.

On top of that, Microsoft introduced Microsoft Intune Plan 2 and Microsoft Intune Suite. The first will cover the new features and the latter will include the new solutions. A brief summary of these new licensing plans is in the following table.

Microsoft Intune Plan 1 Microsoft Intune Plan 2 Microsoft Intune Suite
This plan includes all the existing features in Microsoft Intune and is included in the Enterprise Mobility + Security E3/E5, Microsoft 365 E3/E5, Microsoft 365 F1/F3 and Business Premium plans. This plan is an addition to Plan 1 and includes the features of Tunnel for Mobile App Management, specialty device management and future advanced capabilities. This plan is an addition to Plan 1, includes all the feature of Plan 2, and includes the additional features of Remote help, Endpoint Privilege Management, Advanced Endpoint Analytics, advanced app management, cloud certificate management and future advanced management controls.

In case an organization doesn't need the complete Microsoft Intune Suite, it's also possible to license the different add-ons in a standalone fashion.

Dig Deeper on Windows OS and management

Virtual Desktop