Understanding Microsoft Intune Suite vs. Endpoint Manager

What happened with Microsoft Endpoint Manager?

During Microsoft Ignite 2022, Microsoft announced a complete overhaul of its endpoint management products. That overhaul included the initial introduction of the Intune Suite and the rebranding of Microsoft Endpoint Manager to Microsoft Intune. That rebranding brought back the name that in practice never went away: Microsoft Intune. Until that moment, Intune was still the name of the Microsoft cloud management platform for endpoints. After that moment, Intune received a more prominent position within Microsoft's unified endpoint management (UEM) platform. It became the name of the product family that contains the Microsoft unified endpoint management platforms, and the name Microsoft Endpoint Manager no longer exists.

From a technical perspective, however, not much has changed. Microsoft Endpoint Manager was only the branding of the endpoint management, so the change of name doesn't mean a lot for the IT administrator. Before, an IT administrator would go to the Microsoft Endpoint Manager admin center and now, an IT administrator must go to the Microsoft Intune admin center.

What does the Microsoft Intune product family include?

Microsoft Intune, the latest rebrand of the Microsoft endpoint management services, brings the existing products together in a single product family and almost a single management interface. The admin interface for most of the functionalities of the different products is available via the Microsoft Intune admin center, which Microsoft previously provided via the Microsoft Endpoint Manager admin center. The only exception is Configuration Manager -- that product still has its own admin interface via the Configuration Manager admin console.

In addition to simplifying the admin experience, Intune makes the licensing process easier for customers. For example, a license for Configuration Manager also includes a license for Intune. This simplifies the path for organizations with all types of environments -- on premises, in the cloud or a hybrid model. An exception to this is the introduction of the Intune Suite. That includes new components with a separate licensing model for those solutions.

Here is a closer look at the main products and tools that are part of the Microsoft Intune product family.

Microsoft Intune

Microsoft Intune can still be used as a separate management platform for mobile device management (MDM) and UEM.

IT administrators can manage configurations and verify compliance on Android, iOS, iPadOS, macOS and Windows devices. Verifying compliance is even available for Linux devices. IT can also configure apps and protect data in apps on Android, iOS and iPadOS. Even a basic integration for Chrome OS is available. Besides these built-in functionalities, Intune also provides many integrations with third-party products and, of course, other Microsoft products. These integrations can go a long way for organizations trying to meet industry compliance standards.

Configuration Manager

Previously known as System Center Configuration Manager, Configuration Manager is now part of the Microsoft Intune product family and Microsoft has rebranded it to Microsoft Configuration Manager. Even as part of the product family, IT administrators can still use Configuration Manager as a separate standalone product.

Configuration Manager is Microsoft's on-premises device management platform. IT admins can use it to manage laptops, desktops and servers for organizations. IT can manage those devices on the intranet and the internet. It enables IT to deploy apps, software updates and OSes, monitor compliance and query devices, among other tasks. To initiate a cloud migration, IT can attach Configuration Manager to the cloud provider, add more functionalities and move to the single administrative interface in the Microsoft Intune admin center.

Co-management

With the co-management service from Microsoft, IT admins have a bridge from an on-premises environment to a cloud environment. It enables IT administrators to combine Configuration Manager with Intune for Windows endpoint management. With the simplified licensing that comes with Microsoft Intune, this doesn't require any additional licenses.

Co-management means that IT manages devices with both Configuration Manager and Intune. That combination enables the path to the cloud for organizations by switching workloads from Configuration Manager to Intune. Those workloads are simply groups of configuration options that IT switches from one device management product to another.

Endpoint analytics

Endpoint analytics is a cloud-based service that integrates directly with Microsoft Intune to provide metrics and insights about the health and performance of the Windows devices within the environment. IT can use those metrics to identify compatibility issues with apps, drivers and security updates, to get insights about the performance of the device.

Windows Autopilot

Windows Autopilot is a cloud-based platform that IT admins can use to configure Windows devices for an out-of-the-box experience for end users. This way, organizations can quickly get devices up and running without manually imaging them.

During that experience, Windows Autopilot installs apps and applies configurations. Those configurations include options to join the devices to Azure Active Directory (Azure AD) and automatically enroll the devices to Intune or Configuration Manager. One of the most important configurations that IT will need to set via Windows Autopilot is the end-user device's account type -- standard or administrator.

Microsoft Intune Suite

The Microsoft Intune Suite is a collection of advanced endpoint management and endpoint security platforms. At this moment, that includes the ability to: provide remote assistance (Remote Help); manage endpoint privileges (Endpoint Privilege Management); manage VPN on mobile apps (Microsoft Tunnel for MAM); manage protection for specialty devices; and receive advanced endpoint analytics.

Besides the currently available tools and utilities, there are more already announced by Microsoft. That includes an option for managing certificates and a separate one for third-party application updates.

How can IT perform Intune management tasks?

The biggest advantage of the Intune Suite for IT administrators is that it brings almost all of Microsoft's endpoint management tools and services into a single admin console with the Microsoft Intune admin center portal. This offers a unified experience where all the different management features become available via that same single admin console.

When IT administrators use Intune in combination with Configuration Manager, they can also access the information from either group of managed devices via that same console. This way, IT can retrieve inventory information and configuration options from those devices through the admin interface.

At this moment, most Configuration Manager-related configuration options only require the Configuration Manager admin console. However, when looking at Intune specifically, all its management tasks are available via the Microsoft Intune admin center. With the rebranding from Microsoft Endpoint Manager to Microsoft Intune, it's no longer difficult for IT to find evidence of Intune within this console. Intune was, is, and remains, the designated MDM and mobile application management (MAM) provider. The best place to verify that information is in the Tenant admin node under the Tenant status option. This will display information referring to Intune with the MDM authority and the Total Intune licenses.

The main features of Intune focus on device management, app management and reporting, and each of them are critical for IT administrators to know.

Device management

IT can manage devices using the Devices node in the Microsoft Intune admin center. That node includes configuring devices with restriction profiles, certificate profiles, VPN profiles, Wi-Fi profiles and much more. IT can also use this for device compliance policies that verify the device's status compared to the compliance baseline of the organization before granting access to company resources and data. The Endpoint Security node also contains nearly all security-related device configuration options. This currently overlaps with many settings that are available in the device restriction profiles as well.

Application management

IT can perform app management tasks using the Apps node in the Microsoft Intune admin center. From this node, IT can deploy, configure and protect apps. More specifically, IT can deploy company-specific apps to managed devices and can manage apps on company and personal devices. That includes both managed and unmanaged devices. In the latter case, only the app is managed based on the identity of the user. That identity must exist in Azure AD.

Reporting

The Intune reporting information is available via the Reports node in the Microsoft Intune admin center. IT can use this node to retrieve information about device compliance, updates, endpoint security and endpoint analytics. The latter is a very helpful Intune feature that provides insights into the device's performance and the app's performance on those devices. Besides that, the different nodes for Devices and Apps also contain the sub-node called Monitor for configuration and compliance information of the different policies and the status information for the app deployments.

Intune Suite management

The different aspects of the Intune Suite are available via different nodes within the Microsoft Intune admin center portal. There is not a single location for all of the Intune Suite, as they are available on the location that contains related functionalities. For example: IT can provide remote assistance through the Devices node, manage endpoint privileges through the Endpoint Security node, and managing VPN for MAM can be achieved through the Apps node.