Forum Discussion
Looking at Intune subscriptions and its related features
Hey guys, I need help for subscription for my company.
Please kindly advice me which is the baseline plans I can subscribe in order to fulfill the features I am looking at.
Intune alone for now, I believed is referred as Enterprise Mobility + Security (EMS) ?
I am looking at what should be MAM features:
- Restricted copy and paste of information from controlled apps
- Remote wipe of controlled apps' information (not wiping whole phone)
- At least 3 admin accounts + X numbers of users (Are there different accounts/subscriptions for admins?)
- Able to manage devices by groups (ie: Sales / Operators / Admins / Managements etc)
With the above requirements, will Enterprise Mobility + Security E3 plan be enough?
Also , are there any minimum requirements for on premise Exchange to support intune?
I am having only very general idea of intune products, my question might be down to very basic stuffs.
Appreciate for any help as much as possible!
- It seems like you want a bit of MAM and MDM, it's best to completely manage the devices with MDM in my opinion. Are the devices BYOD or COD? Per licensed user you can have 15 devices registered. Licensing a user can be done manual or, if you have Azure AD Premium P1 and Azure AD Connect, by assinging Windows Active Directory Groups to that license. You can set the max amount of devices to one user if you want, that way you know that they can only use one device.
But without Azure AD Connect and syncing users, you will have users having a seperate account next to their Active Directory account with different passwords.. I wouldn't recommend it, running Azure AD Connect is free and will only cost you some server resources.
- EMS E3 is a good overal Intune package, but.. Do you already have certain 365 subscriptions? If you already have Office365 E3 for example, adding EMS E3 to it is good but for not that much more money you could also take Microsoft 365 E3 with has those two combined and more. You could use https://m365maps.com for easy comparison.
You can manage devices with groups by adding Group Tags to the Autopilot devices for example. On premise Exchange has no relation to Intune, you can use Intune to configure Outlook settings for that but there's no real requirement. There are no different subscriptions for admins, but Intune admins do require a Intune license.
But what is your main goal, manage existing and new devices? Do the devices need to be joined to your Active Directory or not? (The difference between Hybrid Join and normal Azure AD/Intune)- Yeo-ZaoCopper Contributor
Harm_VeenstraHey, thanks for slowing directing me to the right path.
Firstly I am not looking at Office 365 subscriptions as we already using on-prem solutions (AD and Exchange). Its good to hear that intune has no requirements with on-prem exchange versions.
I am looking to manage mainly personal mobile devices, both existing and new (new hires). Currently we don't register them to AD, we only simply allow the devices into the network by static IPs. I don't think our AD is accessible from the internet either as it is on prem and not configured to do so. This mean using intune standalone will be the best solution for us?
- Intune standalone (Just the Intune license) could be enough for your mobile devices, but for Conditional Access for example you do need Azure AD Premium P1 licenses. When using Intune and deploying mobile devices, the devices do get Azure AD registered and MDM managed by that, Azure AD Connect and syncing your users will be needed to assign licenses to the users.