Microsoft

Microsoft Intune Feedback

How can we improve Microsoft Intune

Improve documentation - it is very vague on what works with "Intune client" and what works with "MDM"

I had to open a ticket with support to get the following authorative answer:

1. intune client manages only two policies; intune agent policy and intune firewall settings
2. all other windows* related policies require device managed by MDM
3. MDM and intune client do not (cannot) coexist on the same computer

While there is a short note on TechNet regarding the differences between intune client and MDM it would have been VERY useful to have these three short points covered in bold letters.

FWIW marketing wise you are implying that windows 10 systems can be fully managed and I would as a customer argue that it isn't exactly true - remote access doesn't work and neither does endpoint protection (defender) ;-)

82 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Kaj Niemi shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    9 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Thank you for bringing up this issue! It has been holding us up in our discovery phase for some time now.

        Regards,
        Jordan

      • Mike commented  ·   ·  Flag as inappropriate

        Yes please contact me as well regarding that topic - I agree with everyone.

      • Chad Simmons commented  ·   ·  Flag as inappropriate

        You are welcome to contact me.
        I see this is a big deal when rolling out Intune to a new customer as there is simply too much undocumented and too much vagueness to give definitive answers to the pros and cons to each management scenario.

      • Stephen commented  ·   ·  Flag as inappropriate

        I can't stress enough how high this should be on the priority list to fix.
        I agree that the marketing and message is very misleading.
        A lot of us are moving clients closer to a cloud-only model, and managing desktops with InTune is sold as a solution but only after fighting with it for hours do you realize these severe shortcomings of not having the option to configure both screen lock timeout AND firewall/endpoint protection. I think your priority should be to improve the robust management of Windows Pro/Enterprise clients with the Intune client, able to do inventory, manage EPP, and the basics of enterprise security like screen lock, password complexity, etc. This seems like such a no-brainer, and the fix can't come quick enough.

      • Oliver Kieselbach commented  ·   ·  Flag as inappropriate

        Oh yeah this is so true I had to learn the three mentioned points by doing a lot of tests. It's not clear enough. And it is always talked about real Dekstop Management with the Intune client but never mentioned the coexistence problem. Very disappointing... needed to do a Intune PoC to find all this by myself...

      • Kaj Niemi commented  ·   ·  Flag as inappropriate

        @CathyMoya yes it is ok to contact me. the emails you send out via this service have a reply address of no-reply@ so it is hard to respond to those :-)

      • David Chanter commented  ·   ·  Flag as inappropriate

        I agree, Marketing Material around "Desktop" management is misleading at best. I do not wish to manage my desktop fleet as if they were phones.

      • Kaj Niemi commented  ·   ·  Flag as inappropriate

        my definition of "endpoint protection not working" is that as an EMS admin I would have liked to see the malware check status.

      Feedback and Knowledge Base