Forum Discussion
Solved
Looking at Intune subscriptions and its related features
Hey guys, I need help for subscription for my company. Please kindly advice me which is the baseline plans I can subscribe in order to fulfill the features I am looking at. Intune alone for now,...
- It seems like you want a bit of MAM and MDM, it's best to completely manage the devices with MDM in my opinion. Are the devices BYOD or COD? Per licensed user you can have 15 devices registered. Licensing a user can be done manual or, if you have Azure AD Premium P1 and Azure AD Connect, by assinging Windows Active Directory Groups to that license. You can set the max amount of devices to one user if you want, that way you know that they can only use one device.
But without Azure AD Connect and syncing users, you will have users having a seperate account next to their Active Directory account with different passwords.. I wouldn't recommend it, running Azure AD Connect is free and will only cost you some server resources.
So sorry, I think I am getting a bit confused here. Let's go back to the basic features I am looking at and hopefully I can catch your professional advise again moving along.
Its confirmed that the standalone EMS+ E3 covers:
- Restriction of copy and paste data from controlled apps on mobile devices
- Remote wipe of controlled apps' information (not wiping whole phone) - MDM
- Management of devices in group tags
All these can be done with manual management on the intune portal with the standalone EMS+ E3 plan away from any AD features? We have just a small pool of devices to manage, so I believe manual management is quite manageable for us.
Next set of questions will be (Still with EMS+ E3 plan alone in mind):
1. How would the assigning of devices licenses work? Manually assigning the license to devices or it will be auto assigned once device is registered?
2. Assuming all processes are manual, Am I able to restrict 1 user per registered device? Or users can abuse and register multiple devices (without AD connect)
Apologies and appreciate your kind patience to go through with me a bit slowly.
Thanks!
Its confirmed that the standalone EMS+ E3 covers:
- Restriction of copy and paste data from controlled apps on mobile devices
- Remote wipe of controlled apps' information (not wiping whole phone) - MDM
- Management of devices in group tags
All these can be done with manual management on the intune portal with the standalone EMS+ E3 plan away from any AD features? We have just a small pool of devices to manage, so I believe manual management is quite manageable for us.
Next set of questions will be (Still with EMS+ E3 plan alone in mind):
1. How would the assigning of devices licenses work? Manually assigning the license to devices or it will be auto assigned once device is registered?
2. Assuming all processes are manual, Am I able to restrict 1 user per registered device? Or users can abuse and register multiple devices (without AD connect)
Apologies and appreciate your kind patience to go through with me a bit slowly.
Thanks!
It seems like you want a bit of MAM and MDM, it's best to completely manage the devices with MDM in my opinion. Are the devices BYOD or COD? Per licensed user you can have 15 devices registered. Licensing a user can be done manual or, if you have Azure AD Premium P1 and Azure AD Connect, by assinging Windows Active Directory Groups to that license. You can set the max amount of devices to one user if you want, that way you know that they can only use one device.
But without Azure AD Connect and syncing users, you will have users having a seperate account next to their Active Directory account with different passwords.. I wouldn't recommend it, running Azure AD Connect is free and will only cost you some server resources.
But without Azure AD Connect and syncing users, you will have users having a seperate account next to their Active Directory account with different passwords.. I wouldn't recommend it, running Azure AD Connect is free and will only cost you some server resources.
Thanks for the clear explanation. I'm starting to get a bigger picture. Those devices we are managing are BYOD.
Considering Azure AD connect as optional (I'm not sure if my senior IT would be comfortable opening up on-prem AD connections), I can basically subscribe to EMS + E3 to perform the required tasks mentioned.
I also undertsand the cons of manual user entries that will end up separate accounts for the users apart from their AD accounts.
For subscription sizing wise, I just need to subscribe the total amount of users accounts, doesn't matter how many administrators there are.
Then there are no on-prem requirements like server os versions, AD versions and exchange versions etc.
Hope I have a good rough summeries here?
Sounds like it 👌But the admins should have a Intune license too for administration.
- Yup I understood. Total subscription sizing = users + admins. Don't mind me asking few last questions here.
- I checked and notice the operation of iPhone and Android is slightly different. Android devices after registered, will create a "work" space of apps.
IPhone does not. All apps are together in homepage. So when wiping the phone, are we still able to just wipe company's data only for iPhone?
- other than deploying standard office apps to mobile devices, can we also deploy and control 3rd party apps from appstore/play store?