In which phase of the Microsoft Intune application life cycle would you assign an app to users and or devices you manage and monitor them on the Azure portal?

  • "There is a single pane of glass for user access and a single sign-on facility for the user. If you have already logged in to Microsoft Azure or on-premises, you can redirect directly to Microsoft Endpoint Manager, monitor all your security threats, and analyze the data associated with the application in a single, unified way."
  • "The mobile and tablet-based versions need improvement because they are not completely user-friendly, compared to the web version. Also, data synchronization with our existing asset manager, the synchronization between multiple assets and multiple devices, takes a lot of time due to the security scanning. It should be reduced."

We use it for general safety and security for all our data and applications.

Because we are using Microsoft Office 365 on the cloud, it is very critical for us to protect our user data. We have shared files in OneDrive, Microsoft Excel, PowerPoint, and Word. We also have geographically diverse locations across Asia-Pacific, Europe, and America. Microsoft Endpoint Manager protects us from all kinds of security vulnerabilities and threats to our data.

We have it deployed in specific departments and divisions within our organization, including product engineering and DevOps.

It protects our devices well against outside threats including phishing attacks, spam, and other third-party attackers. It provides us with a very high level of visibility into security threats so that they can be analyzed properly before they attack our applications and user data.

We have more than 1,000 users who access certain applications. We do not want to give all the users access to specific data. Permission Access gives us flexibility and reduces the human effort and time involved in giving permissions to users and groups. They can share or exchange information accordingly. We do not worry about what they are sharing or about the folders and data they can access because we have already set their permissions.

If you look at the data loss that has happened in the past, obviously Endpoint Manager is saving us money. In addition, it saves human effort on manual work, as well as time, and there has been an overall performance improvement. It's obviously enhancing the user experience.

I like

  • all the security features it has
  • the graphical user interface, which is very smooth. 
  • the fact that it is very easy to understand
  • the integration with other applications.

There is a single pane of glass for user access and a single sign-on facility for the user. If you have already logged in to Microsoft Azure or on-premises, you can redirect directly to Microsoft Endpoint Manager, monitor all your security threats, and analyze the data associated with the application in a single, unified way.

You can adjust your security policies and any other rules with the solution and apply them to specific groups or specific users. Overall, it is a highly customizable and easily manageable solution.

Integration with Microsoft applications like Microsoft Office, Microsoft Dynamics, and 365, is very smooth. As far as MS applications go, it is a very good solution to work with. Microsoft Endpoint Manager is a solution for every organization that is using Microsoft applications or Azure, whether on-premises or in the cloud. It is a well-suited application for those environments.

We are also using Conditional Access along with the rule-based features. We apply them to specific users in a group so that they can't access particular user data, such as column-based or tab-based data. It can be hidden from those specific users in the groups. Conditional Access can be used to allow or block access to on-premises data based on policies. When we use Conditional Access, it is typically a combination of device compliance policies so that only the compliant devices can access or exchange data between the sources and destinations.

Permission Management is a part of Conditional Access. It is very transparent and very easy to use. Within a few clicks, you can easily configure which devices you want to permit and which devices you want to deny, whether it is for Amazon S3 or Google cloud. Because we are using Microsoft Azure, we are typically working with Microsoft SQL Server, Microsoft Office 365, Dynamics, et cetera. But it works well with all applications. That is helpful because we do not want compatibility issues.

For example, if there is a compliance policy in the organization, you can allow specific mobile devices into an application so that only a specific group of users can access it. The rest of the users can't access it as there might be confidential data there. You can implement that with Conditional Access policies.

For non-Microsoft applications, integration requires some advanced levels of configuration for IP addresses, among other things. It might be somewhat complex when it comes to third-party applications.

The mobile and tablet-based versions need improvement because they are not completely user-friendly, compared to the web version.

Also, data synchronization with our existing asset manager, the synchronization between multiple assets and multiple devices, takes a lot of time due to the security scanning. It should be reduced.

I've been using it for almost two years.

Because it is reliable, that is the reason that it can be adopted. If it weren't reliable and secure, itself, how could it secure our applications? It is highly reliable and secure.

Endpoint Manager is highly scalable. It can scale per your requirements.

The customer support services are very good, but not perfect.

We migrated to Azure and our requirements changed. We have found Endpoint Manager to be suitable because of the compatibility and overall performance issues.

We faced so many issues, three to four years back, when we were using VMware and Cisco-based cloud security solutions. There were threats detected and but some valuable financial transaction information was lost. It was very painful. After analyzing our requirements, we are now using multiple security solutions because we have multiple applications. Every application has its requirements in terms of data storage and security. We are using not only Microsoft Endpoint Manager, but a solution for DDoS, as well as Microsoft Sentinel. They are top-level security solutions provided by Microsoft, so that we can secure our email, data, and overall user information.

The implementation of every Microsoft solution is very easy, if you are already using Microsoft solutions. There are no issues with that.

In terms of maintenance, the services are fully managed by Microsoft, including all the upgrades, updates, and security patches, without any customer involvement.

Microsoft helped us with the implementation, through their support and consulting teams. And the solution architect team is very helpful.

Every security solution has a return on investment. We adopt security solutions just to protect our user information, which is very valuable for any organization.

We see return on investment in terms of performance meeting our expectations, but given the pricing, some organizations may require some additional budget for it.

The pricing of Endpoint Manager is fine. The licensing is not that complex, but small and midsized organizations might have challenges with the pricing plans. There are a lot of categories—E2, E3, E5—to choose from. 

The minimum starts at $2 to $3 per user, per month and it goes up to $14 to $15 per month. It depends on your requirements.

We used Okta but Microsoft Authenticator replaced it. Both are good, but Okta is much higher in price compared to Endpoint Manager. Also, Okta is a third-party application for Azure, while Endpoint Manager is core, proprietary software by Microsoft. With Okta, the compatibility issue is always there. 

Also, Okta requires a lot of authentication processes, rules, and policies. Microsoft Endpoint Manager doesn't need them because it already includes overall security policies, and the rules apply to them.

There are multiple Microsoft security solutions for securing your applications, data, emails, et cetera. If you have any particular requirements that are compatible with the Microsoft Endpoint Manager, then go ahead with it. If you are already using Microsoft products, then Microsoft Endpoint Manager is a perfect choice. I highly recommend it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

Last updated: Nov 24, 2022

Flag as inappropriate

Modern enterprises have to equip their workforces with apps and capabilities so that they have access to company resources while working remotely. Companies can use Intune for managing apps or devices or both. Microsoft Intune provides a wide range of tools and functions to configure, assign, protect, and monitor apps. However, to use Intune to protect and manage apps, businesses need to determine app requirements that are needed by the users, such as the platforms and capabilities that their workforce needs, and configure the solution accordingly. In this article, we will explore how businesses can manage the application lifecycle with Microsoft Endpoint Manager.

What Is Application Lifecycle Management (ALM) with Microsoft Endpoint Manager?

The application lifecycle in Microsoft Intune begins with the addition of an app and progresses through various phases until the app is removed. Here is an overview of the application lifecycle management in Microsoft Intune.

  • Adding an application to Intune is the first stage of the application lifecycle management using Microsoft Endpoint Manager. There are different options for adding and managing applications to Intune depending upon the type of platform, such as iOS, Android, Windows, or macOS, or the usage scenario, such as managed device or bring your own device (BYOD). Additionally, different types of apps such as in-house (line-of-business), apps from the store, built-in apps, and web apps can be supported in Intune. Apps can be added to Intune from the Microsoft Endpoint Manager from Apps > App categories.

  • After adding the applications to Intune, they have to be deployed to users and devices that have to be managed. There are different methods for deploying applications depending upon the type of apps that are being delivered.   iOS/iPadOS, Windows apps, and other store apps can be distributed from private stores and business/volume stores using Endpoint Manager. Packages have to be uploaded to Managed Google Play if line of business (LOB) apps or web apps have to be deployed on Android devices and with Android Enterprise.   Endpoint Manager can be used to deploy users’ own applications to Intune. The applications are stored in Azure in the same location in which the Azure AD tenant was created.  

    Complex application installation is supported using Microsoft Endpoint Manager for macOS and Windows using packaging tools and additional functions.

  • Custom configuration settings can be set up for iOS/iPadOS apps, Android apps, and Microsoft Edge browser using Intune app configuration policies. App configuration policies can be deployed either for managed devices or managed apps. While store apps, built-in apps, and web apps can be automatically updated from the app store, in-house or custom LOB apps can be updated using the Endpoint Manager.

  • Applications can be protected by enforcing app protection policies (APP) in Intune. In addition to apps, it can also protect corporate data on operating systems, including Windows and macOS. Additional security features can be enabled using the Microsoft Intune App SDK.

  • The application lifecycle ends when the application has to be installed. The earlier assignments for the targeted members or groups have to be removed. Applications can be uninstalled from Intune managed devices if they were deployed using an “Available for enrolled devices” or “Required” assignment.

Apps4rent Can Help with Microsoft Intune Configuration

Microsoft Endpoint Manager, which combines the services of Microsoft Intune, Configuration Manager, Desktop Analytics, co-management, and Windows Autopilot, is an important component of the Microsoft 365 stack. Intune provides businesses with multiple methods to deploy and manage various types of apps across diverse platforms. However, IT admins need deep expertise on the specifics of app platforms, deployment, configuration, protection, and retirement to manage the application lifecycle. As a Microsoft Gold Partner in specializations such as Cloud Platform and Cloud Productivity, Apps4Rent provides managed Azure services along with Microsoft 365 licensing to help businesses migrate and secure their cloud workloads. Contact our Microsoft-certified cloud advisors, available 24/7 via phone, chat, and email for assistance.