Microsoft 365 adds advanced Microsoft Intune solutions at scale

In the last three years, Microsoft launched multiple endpoint management solutions with advanced capabilities that enable IT professionals to unify mission critical endpoint management functionality in one cost-effective plan with the Microsoft Intune Suite. These capabilities are essential to accelerate every organization’s journey towards Zero Trust security, improving end user productivity, and empowering IT and security professionals to improve total cost of ownership (TCO).

Today, IT teams face new challenges, as device inventories grow larger, more diverse, and are much more widely distributed and dynamic than just a few years ago. At the same time, they are still expected to keep systems protected, compliant, and operational with limited budgets. To meet evolving security needs and growing demands, organizations need more advanced security and management tools capable of transforming IT operations in ways that can safeguard against AI-enhanced attack vectors and new risks while preserving productivity on every endpoint.

To help organizations make this transition, Microsoft is bringing powerful capabilities of the Microsoft Intune Suite to Microsoft 365 E3 and Microsoft 365 E5. By expanding these offerings, more customers can confidently embrace transformation and stay secure in the age of AI.

“Intune Suite makes managing 10,000 or 40,000 devices effortless through automation and unification. The capacity to scale effortlessly while simplifying processes has led to more efficient updates and quicker incorporation of new assets.” –Roman Kleyn, Head of Workplace Design, Krones AGⁱ

Unifying Endpoint Management: Key capabilities driving customer choice

Microsoft Intune empowers IT to solve issues faster, get proactive with data and secure diverse devices with Intune Remote Help, Intune Advanced Analytics, Microsoft Tunnel for Mobile Application Management, specialty device management and firmware updates. These capabilities will be added to Microsoft Enterprise Mobility and Security E3 (EMS E3) which also extends this value to Microsoft 365 E3. Furthermore, to unify advanced security and device management, Intune Endpoint Privilege Management, Intune Enterprise Application Management and Microsoft Cloud PKI will be added to Microsoft 365 E5.

These changes, alongside the Microsoft Security Copilot and Microsoft 365 updates, will fundamentally expand the availability of Intune integrated, cloud powered capabilities. This expansion will provide seamless access to advanced management and security features as well as agentic, automated workflow capabilities within Microsoft’s most comprehensive commercial products. It will empower IT to help safeguard productivity and strengthen their Zero Trust posture by minimizing risk, maintaining compliance, and ensuring seamless, secure digital employee experiences. Ultimately, this change will enable proactive issue prevention, more secure work, and efficient ways to scale operations.

With the rollout of Microsoft Security Copilot in Intune, we’ve helped organizations enter a new era where AI is increasingly incorporated into their IT operations. Last month at Microsoft Ignite 2025, we announced a significant step that goes even further, putting AI at the core of endpoint management. With the launch of a new wave of Security Copilot agents in Intune and more ways to explore Intune data, IT can ask important questions, take action on the answers, and simplify complex tasks with intelligence and automation.

Here’s a closer look at why organizations are choosing Intune and Security Copilot as their endpoint management solution.

Enhanced security simplifies implementation of Zero Trust principles

In 2025, 79% of ransomware attacks involved remote management tools on endpoints, highlighting the critical need for Zero Trust controls and least-privilege access on every device.ⁱⁱ

• Endpoint Privilege Management enables organizations to adopt a least privilege approach, mitigating systemic risks of local admin privileges by providing elevated access only to approved apps or services. Just-in-time elevation helps to maintain productivity without compromising security.
  • Copilot in Intune offers assistance by providing valuable insights based on Microsoft Defender threat intelligence that assesses an app’s risk before IT approves an elevation.
• Microsoft Tunnel for Mobile Application Management supports Zero Trust principles by providing secure per-app VPN connectivity access to company resources without requiring enrollment, protects corporate data and respects employee privacy.

AI-powered insights and remote assistance powers productivity

“Remote Help closed the gap that we had for remote management. Now we have an enterprise-compatible solution with audit logs, allowing us to see what’s happened, who is connected to whom, etc. These are true benefits from an enterprise solution,” – Michael Meier, Senior System Administrator, Krones AGⁱⁱⁱ

• Advanced Analytics offers AI-powered anomaly detection to proactively identify device health and other forms of digital friction and gives IT visibility into areas of focus to keep operations running smoothly and ensure device compliance.

  • Copilot in Intune assists admins of all experience levels in performing complex tasks such as writing KQL queries through the simple use of natural language.

• Remote Help allows IT teams to safely and remotely support and fix issues more quickly. All interactions are fully auditable and use strong authentication, trusted connections, role-based access control, and device compliance checks.

Streamlined app deployment and automated certificate lifecycle management helps maintain compliance and protection at scale

“Cloud PKI within the Intune Suite allows you to go cloud native in terms of certificate deployment, which means you can provision PKIs with just a few clicks — that’s a blessing for all the IT administrators. With this built-in service, Microsoft hosts everything for you to manage certificates.” Niklas Tinner, Senior Endpoint Engineer, baseVISION AG^iv

• Enterprise Application Management streamlines app deployment and updates, reduces IT overhead, and improves the digital user experience with a curated catalog of 1000+ of prepackaged applications.

  • The Vulnerability Remediation Agent helps reduce the effort of discovering and prioritizing breach or work disruption risks, giving IT insight on what patches to prioritize.

• Microsoft Cloud PKI allows IT to streamline the management of the complete certificate lifecycle and reduce the dependency on on-premises infrastructure. It also helps prevent phishing and mitigate other risks with certificate based authentication to Wi-Fi and VPN services.

A unified IT ecosystem for long term value

Including Intune’s advanced capabilities directly into Microsoft 365 is the latest step in our larger vision to create a unified, strategic foundation that enables companies to manage and secure their endpoints. Intune and Security Copilot are built to work seamlessly within Microsoft 365, Windows 11, Windows 365, Entra, Purview and Defender.

“One New Zealand saved $800K by modernizing with Windows 365 and Microsoft Intune, cutting provisioning-related tickets by 80%. Devices that once took four to six hours to provision are now ready in 30 minutes. User assignments take less than 15 seconds, and onboarding time for call center staff dropped almost 95%.^v

In addition to Intune’s upcoming changes within Microsoft 365, the recently announced Windows resiliency and security capabilities will be added to Windows Enterprise E3:

• Windows Resiliency Initiative recovery tools now include quick machine recovery (QMR) with enterprise-level controls, point-in-time restore, and cloud rebuild for Windows 11. Through Intune, QMR enables fast restoration of apps, settings, and files, as well as Windows Backup and OneDrive.
  
  
• Windows Autopatch now includes update readiness, in preview, giving IT teams real-time visibility into device compliance and risks through a pre-built Intune dashboard. Administrators can quickly identify, diagnose, and remediate updates, telemetry and policy issues directly within Autopatch.

What does this mean for your organization?

Microsoft is committed to delivering a unified management and security foundation on a trusted, cloud platform that elevates how organizations operate and defend at scale. Aligning this with AI-powered and agentic automation enables stronger Zero Trust controls to help safeguard productivity, minimizes risks, and improves agility for IT teams and end users.

When you’re ready to learn more, connect with your Microsoft account team to discuss adoption roadmaps and discover how a comprehensive, AI-ready portfolio can help you solve even the most complex IT challenges.

FAQ

1. Which Intune related capabilities are included in each plan?

Here is a summary of the Microsoft 365 plan changes related to Microsoft Intune:

2. What is included in Intune Plan 2? 

Intune Plan 2 capabilities planned to be included in Microsoft Enterprise Mobility and Security E3 include: Tunnel for Mobile Application Management (MAM) for secure per-app VPN connectivity access to company resources without requiring full device enrollment. Specialty device management covers the protection for devices such as AR/VR headsets, smart screens, and certain meeting room systems for specialized business needs. Firmware over the air (FOTA) updates for supported Zebra devices.

3. When do these changes take effect?  

For the 2026 planned product additions to Microsoft 365, a Microsoft 365 admin center notification will be posted for administrators of eligible organizations 30 days in advance of the effective change.

4. Do I need to change my plan to use the Intune Suite capabilities or any of its add-ons?  

No action is necessary. All eligible tenants with Microsoft Enterprise Mobility and Security E3 and Microsoft 365 E5 will automatically be provisioned with the Intune Suite capabilities based on the table above. 

^{i Success with Intune Suite streamlines Krones AG global operations | Microsoft Customer Stories
ii Microsoft Digital Defense Report 2025 – Safeguarding Trust in the AI Era
iii Success with Intune Suite streamlines Krones AG global operations | Microsoft Customer Stories
iv Microsoft Cloud PKI—Certificate Management | Microsoft Security
v One New Zealand saves $800,000 by modernizing with Windows 365 and Microsoft Intune | Microsoft Customer Stories}

Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.