Forum Discussion
Looking at Intune subscriptions and its related features
- It seems like you want a bit of MAM and MDM, it's best to completely manage the devices with MDM in my opinion. Are the devices BYOD or COD? Per licensed user you can have 15 devices registered. Licensing a user can be done manual or, if you have Azure AD Premium P1 and Azure AD Connect, by assinging Windows Active Directory Groups to that license. You can set the max amount of devices to one user if you want, that way you know that they can only use one device.
But without Azure AD Connect and syncing users, you will have users having a seperate account next to their Active Directory account with different passwords.. I wouldn't recommend it, running Azure AD Connect is free and will only cost you some server resources.
Harm_VeenstraHey, thanks for slowing directing me to the right path.
Firstly I am not looking at Office 365 subscriptions as we already using on-prem solutions (AD and Exchange). Its good to hear that intune has no requirements with on-prem exchange versions.
I am looking to manage mainly personal mobile devices, both existing and new (new hires). Currently we don't register them to AD, we only simply allow the devices into the network by static IPs. I don't think our AD is accessible from the internet either as it is on prem and not configured to do so. This mean using intune standalone will be the best solution for us?
- So sorry, I think I am getting a bit confused here. Let's go back to the basic features I am looking at and hopefully I can catch your professional advise again moving along.
Its confirmed that the standalone EMS+ E3 covers:
- Restriction of copy and paste data from controlled apps on mobile devices
- Remote wipe of controlled apps' information (not wiping whole phone) - MDM
- Management of devices in group tags
All these can be done with manual management on the intune portal with the standalone EMS+ E3 plan away from any AD features? We have just a small pool of devices to manage, so I believe manual management is quite manageable for us.
Next set of questions will be (Still with EMS+ E3 plan alone in mind):
1. How would the assigning of devices licenses work? Manually assigning the license to devices or it will be auto assigned once device is registered?
2. Assuming all processes are manual, Am I able to restrict 1 user per registered device? Or users can abuse and register multiple devices (without AD connect)
Apologies and appreciate your kind patience to go through with me a bit slowly.
Thanks!- It seems like you want a bit of MAM and MDM, it's best to completely manage the devices with MDM in my opinion. Are the devices BYOD or COD? Per licensed user you can have 15 devices registered. Licensing a user can be done manual or, if you have Azure AD Premium P1 and Azure AD Connect, by assinging Windows Active Directory Groups to that license. You can set the max amount of devices to one user if you want, that way you know that they can only use one device.
But without Azure AD Connect and syncing users, you will have users having a seperate account next to their Active Directory account with different passwords.. I wouldn't recommend it, running Azure AD Connect is free and will only cost you some server resources.Thanks for the clear explanation. I'm starting to get a bigger picture. Those devices we are managing are BYOD.
Considering Azure AD connect as optional (I'm not sure if my senior IT would be comfortable opening up on-prem AD connections), I can basically subscribe to EMS + E3 to perform the required tasks mentioned.
I also undertsand the cons of manual user entries that will end up separate accounts for the users apart from their AD accounts.
For subscription sizing wise, I just need to subscribe the total amount of users accounts, doesn't matter how many administrators there are.
Then there are no on-prem requirements like server os versions, AD versions and exchange versions etc.
Hope I have a good rough summeries here?