Microsoft Intune Suite Licensing: What’s New?

June 30, 2023
IT Microsoft

Interested in learning more about NPI’s services?

Contact Us

Microsoft announced an overhaul of its endpoint management products during Microsoft Ignite 2022 including the introduction of a new family of products. While Microsoft introduced Microsoft Intune as the new name for all endpoint management-related products, the name itself is not new. The cloud-based endpoint management platform has been known as Microsoft Intune since it was rebranded from Windows Intune in 2014. Now all of Microsoft’s endpoint management solutions are under the Microsoft Intune umbrella.

The other change is the introduction of the Microsoft Intune Suite, a collection of new advanced endpoint management and security tools. These offerings are designed to help organizations simplify their endpoint management experience, improve their security posture, and create a better user experience. They introduced platforms for supporting remote users, securely accessing on-premises resources, providing advanced insights on devices, controlled local administrator permissions and more. With a new naming convention and suite comes a new licensing model.

Microsoft Introduces New Licensing Model for Microsoft Intune

All the existing functionalities are still available for the same price, just renamed as Microsoft Intune Plan 1. This plan includes all the existing features in Microsoft Intune and is included in Enterprise Mobility & Security E3/E5, Microsoft 365 E3/E5, and the Frontline offerings of M365 F1/F3. Microsoft Intune Plan 2 is an add-on to Plan 1 and offers advanced endpoint management capabilities such as Microsoft Intune Tunnel for Mobile Application Management and Management of specialty devices.

Tunnel for Mobile Application Management (Tunnel for MAM) is a lightweight VPN for Android, iOS and iPadOS devices that provides secure remote access to on-premises corporate resources. This enables organizations to be more flexible with the devices that users can work from, enabling IT to provide that lightweight VPN on personal devices without needing to manage the entire device. Just managing the app will now be sufficient to provide secure remote access to on-premises corporate resources.

Microsoft Intune Management of specialty devices is a set of device management, configuration and protection capabilities for special, purpose-built devices such as augmented reality and virtual reality headsets, large smart-screen devices, and conference room devices. IT can now also achieve a zero-trust security model by relying on the management capabilities for specialty devices. Those capabilities enable IT to provision, manage certificates and Wi-Fi, improve security with conditional access, verify compliance, manage the app lifecycle, and provide remote actions.

The full Microsoft Intune Suite is where advanced features are introduced and are also available as add-ons. These include:

  • Microsoft Intune Remote Help enables IT administrators to provide remote assistance to their end users, a critical component to get remote
    workers as productive as possible by allowing IT to remotely troubleshoot issues on the desktop of a user or remotely assist a user with a technical question. As a standalone offering, it may not be in the same playing field as competitive products yet, but with the announcement of support for Android and Mac devices, that might change in the near future.
  • Endpoint Privilege Management (EPM) is probably the most important platform that has become available with the Intune Suite. EPM enables organizations to rely on the least privilege principle in their zero-trust model. EPM provides a controlled elevation of standard users on Windows devices. That allows IT to provide users with standard permissions without getting int the way of user productivity. IT can configure the elevation settings and rules for the user, and the user can run the required installation or process with elevated permissions. There is no longer the need for providing those type of users with additional local administrative permissions, meaning a lower attack surface by introducing the least privilege for users on their corporate devices.

With the Microsoft Intune Suite, Microsoft introduced many new utilities and has already announced new features and entire new components of the product family as a whole. The first additional component that Microsoft has announced is Advanced App Management, which will offer organizations an enterprise app catalog with controls for easy app discovery, deployment and automatic updating.  This will help organizations with mitigating risks that are introduced with outdated applications.

Another component that Microsoft has announced for later this year is cloud certificate management, which will offer the ability to issue and manage certificates to devices without the need for an on-premises infrastructure. This could apply to certificates that can be used for connecting via VPN or WiFi and could benefit organizations that are now still relying on that on-premises certificate infrastructure for providing certificates to end-user devices.

Changes to Licensing Reveal New Opportunities for Leverage

According to Microsoft, this is just the beginning for its Intune Suite of offerings. More additions and capabilities are anticipated for later this year. These developments are welcome as organizations try to improve their security posture and stay ahead of a constantly evolving and highly sophisticated threat landscape.

However, changes to Microsoft licensing typically imply some degree of buyer risk. There is opportunity to overspend and/or overbuy if you’re not fully up to speed on Microsoft’s licensing terms and their implications for new and existing security product customers. Additionally, many organizations with a multi-vendor approach to security may have an opportunity to consolidate disparate vendor footprints and/or introduce new competition for added negotiation leverage.