A guide to Microsoft Endpoint Manager licensing and cost
There are many options for Microsoft Endpoint Manager licensing. Organizations should evaluate each licensing, including Intune, Microsoft 365 and Configuration Manager.
Editor's note:As of March 1, 2023, Microsoft brought the functions of Microsoft Intune and Microsoft Endpoint Manager under the umbrella of the Microsoft Intune Suite. As such, Microsoft's endpoint management licensing has changed since this article's publication. Find up-to-date information on Microsoft licensing on the company's website.
Microsoft promises that Microsoft Endpoint Manager can make it easier to manage endpoint devices, but it isn't easy to navigate the licensing and cost evaluation process when transitioning to this platform.
Microsoft promotes Endpoint Manager as platform that enables customers to secure, deploy and manage their users, devices and endpoints. The biggest selling point for Microsoft customers is that the platform integrates Microsoft Intune and Microsoft Endpoint Configuration Manager -- formerly System Center Configuration Manager -- making it easier to use the two products together.
Unfortunately, this has led some customers to wonder what has happened to one or both of these products, and this confusion persists to confusion about Microsoft Endpoint Manager (MEM) licensing.
The short answer is that these products have not been replaced and still work much the same as they always have. With the release of MEM, these products are now under the Endpoint Manager umbrella and can offer a more unified management experience for IT administrators. This comes with more options for licensing as well.
How does licensing work for Microsoft Endpoint Manager?
To understand what a full Microsoft Endpoint Manager license costs and how MEM licensing works, customers should review what exactly the platform is and what it includes. In addition to Intune and Configuration Manager, MEM includes Endpoint analytics, Windows Autopilot, Defender for Endpoint and Azure Active Directory (Azure AD).
Another component of Microsoft Endpoint Manager is the admin center, which functions as a centralized portal for IT admins to create policies and manage devices. The admin center integrates with device management services such as groups, reports and conditional access. It also enables administrators to work with both Intune and Configuration Manager within the same console, allowing them to manage devices for either product and co-manage workloads across both products.
Microsoft Endpoint Manager is an integrated platform for IT to access different services it already has licensing for; MEM is not a standalone service that customers can subscribe to.
Co-management is, in fact, one of the biggest selling points for Endpoint Manager. The co-management features allow IT admins to use both Intune and Configuration Manager concurrently for Windows 10 desktop management, choosing one as the management authority.
However, Microsoft Endpoint Manager is not a standalone product or a new license. Customers still need active licenses to use Configuration Manager, Intune or the other services under the MEM umbrella. Microsoft Endpoint Manager provides an integrated platform for IT to access different services it already has licensing for; MEM is not a standalone service that customers can simply subscribe to.
For example, customers that want to use Configuration Manager must still buy a license and software assurance (SA) or acquire equivalent subscription rights through a qualified plan, such as Microsoft 365 Enterprise or Enterprise Mobility + Security (EMS). Intune is similar in this regard. Although Intune doesn't require SA, it still requires a standalone license or rights through a qualified plan such as EMS or Microsoft 365.
Customers currently licensed for Intune automatically receive a license for Configuration Manager when co-managing Windows 10 devices.
Customers currently licensed for Configuration Manager automatically receive a license for Intune when co-managing Windows 10 devices.
This simplified licensing only applies to Windows devices that IT is co-managing through Microsoft Endpoint Manager. Configuration Manager customers that want to manage endpoints, such as iOS or Android devices, require separate Intune licenses. Even if IT only plans to co-manage Windows devices, they still need Azure AD Premium and at least one Intune license to support administrative access. In addition, the new co-management licensing does not apply to other MEM products, such as Windows Autopilot or Defender for Endpoint.
Common licensing bundles for Microsoft Endpoint Manager customers
Microsoft has undoubtedly made it easier to co-manage Windows 10 devices, but that is where the simplicity ends. Customers must still contend with the complexities of licensing the individual products that fall under the MEM umbrella. At the very least, customers need to license Configuration Manager, Intune or both to derive the real benefits of Microsoft Endpoint Manager:
Customers managing on-premises clients and servers and co-managing Windows 10 PCs need a licensed version of Configuration Manager.
Customers managing Windows, macOS and mobile devices from the cloud, in addition to co-managing Windows 10 PCs, require full Intune licenses.
Customers managing on-premises clients and servers, co-managing Windows 10 PCs and managing Windows, macOS and mobile devices from the cloud require full licenses for Configuration Manager and Intune.
In addition to these licenses, customers will need licenses for any other Microsoft Endpoint Manager products they need to use, such as Azure AD Premium, to support co-management. Although this adds to the overall Microsoft Endpoint Manager costs, customers with current Configuration Manager or Intune licenses can start co-managing their Windows 10 machines right away, which could help some organizations.
That said, Microsoft licensing can still be a complex process, and many organizations will find it easier to opt for one of the qualified EMS or Microsoft 365 bundles listed below:
Enterprise Mobility + Security. The EMS E3 and E5 plans include Configuration Manager, Intune, Windows Autopilot and Azure AD Premium -- either P1 or P2. The plans also come with other features related to identity and access management, endpoint management, information protection and identity-driven security. The E3 plan is $8.80 per user, per month, and the E5 plan is $14.80 per user, per month.
Microsoft 365 Enterprise. The Microsoft 365 E3, E5 and F3 plans include all EMS features as well as Endpoint Analytics. In addition, the E5 plan includes Defender for Endpoint. The Microsoft 365 plans also come with many other features, including the Microsoft 365 apps and services related to email and calendar, meeting and voice, social and intranet, files and content, work management and advanced analytics. The E3 plan is $32 per user, per month, the E5 plan is $57 and the F3 plan is $8.
Of course, there's a lot more to these programs, and there are plenty more differences between the individual licensing options. Organizations considering one of these bundles should look at the details of each licensing plan and determine which products and services they need. IT and executives should then collaborate to determine which license is possible from both a financial and a management perspective.
Although services such as Microsoft 365 can make life easier for administrators and executives alike, subscription fees can quickly add up. Organizations should carefully weigh the total cost of licensing each user and IT admin with Microsoft 365 against the alternatives. Only a thorough cost analysis can yield the best decision.
No matter what approach customers take to implementing Microsoft Endpoint Manager products, the first step is to understand that Endpoint Manager is a platform and not a product in and of itself. There are no SKUs, subscription plans or suggested retail prices specific to Microsoft Endpoint Manager.
Microsoft Endpoint Manager might help streamline certain administrative tasks, and it might make it easier for organizations to bridge the gap between on-premises and cloud-based management. Many customers will easily justify the costs of any additional licensing because of all the benefits that the MEM platform offers.
