Across industries, customers are already using advanced Microsoft Intune Suite capabilities to solve real endpoint challenges, such as reducing standing privilege, improving IT response times, modernizing certificate management, and preparing for AI-assisted operations.
Now, more Microsoft 365 customers can put these same capabilities to work. The packaging changes announced in December 2025 are now in effect. As of July 1, advanced Intune Suite capabilities are included in Microsoft 365 E5, with select capabilities available in Microsoft 365 E3,1 as shown below:
The above table highlights how advanced Microsoft Intune capabilities are included across Microsoft 365 E3 and E5.Why this change matters now
Endpoint management is being redefined as IT and security teams look beyond disconnected tools toward a platform that brings identity, security, compliance, and AI governance together across endpoints.
Microsoft Intune helps organizations move from principle to execution. It gives admins visibility and control across devices, with clear audit trails and consistent policy enforcement, reducing potential risk before attackers can exploit it. Microsoft was recently recognized as a Leader in The Forrester Wave™: Endpoint Management Platforms, Q2 2026. Strengthening endpoint management using Microsoft Intune can help advance Zero Trust through healthier devices, least-privilege access, consistent policies, and trusted data—an essential foundation for AI-era operations.
The customer stories below show what this looks like in practice: protecting endpoints, empowering IT teams, and optimizing IT operations with AI-driven capabilities, including Microsoft Security Copilot in Intune.2
Protect endpoints
Protecting endpoints starts with reducing everyday risks, such as standing admin rights and certificate infrastructure that can be difficult to manage.
Microsoft Intune Endpoint Privilege Management (EPM) removes broad local admin rights while still allowing users to complete approved tasks that require elevation. This supports a Zero Trust approach such as least privilege, without slowing productivity.
Organizations like Hino Motors are applying EPM across both Cloud PCs and physical PCs to maintain a consistent security posture. For Hino Motors, EPM is part of a broader Windows 365 and Intune security model that helps reduce administrative privilege while keeping work moving.
“Intune allows us to manage both Cloud PCs and physical PCs without distinction, and I feel that it is a big plus. With the introduction of Windows 365, we will eliminate administrative privileges as part of our security enhancements, and to do so, we are using Microsoft Intune Endpoint Privilege Management (EPM).”
Masahiro Kimura, Office Head of Communication Infrastructure Office, Hino Computer System Co, Ltd
Traditional Public Key Infrastructure (PKI) solutions can be complex to deploy, costly to maintain, and slow to scale. Microsoft Cloud PKI addresses this with a fully managed, cloud-based service that automates certificate lifecycle management, removing the need for on-premises infrastructure and establishing a path for certificate-based authentication.
Türkiye’s largest integrated industrial group, SOCAR Türkiye, applied advanced Microsoft Cloud PKI features across its devices, helping establish a unified Zero Trust security model that verifies all access explicitly.
“[Cloud PKI] was a very important feature because the devices may be used by executives who have access to highly confidential information. We wanted to ensure that they have streamlined access to do what they need to do while also ensuring security.”
Fırat Bilmiş, IT System Services Supervisor, SOCAR Türkiye
Across industries, the outcome is consistent: stronger security, reduced risk, and a foundation to build on. That foundation enables a faster response and more effective troubleshooting, helping IT teams keep operations running and users productive.
Empower IT
Empowering IT starts by reducing the time between identifying a problem and resolving it. Remote support is no longer just a help desk convenience. It can become a business continuity lever for organizations with distributed operations.
Some remote support tools operate outside an organization’s identity and device management controls. Microsoft Intune Remote Help supports Zero Trust principles through identity, role-based access, and policy controls.
Manufacturing organization Krones AG highlights this impact, demonstrating its importance for global operations and the ability to support users without delay.
“We use Remote Help to support users wherever they are, without needing to be physically in front of their device.”
David Meneses, User and Endpoint Services, Krones AG
Remote Help provides a more secure, auditable way for IT admins to assist users, helping accelerate resolution while maintaining access and compliance controls.
Empowerment also comes from increased visibility. Microsoft Intune Advanced Analytics helps teams move from reactive troubleshooting to proactive endpoint management by surfacing device health, performance issues, and anomalies. Within Advanced Analytics, capabilities like near real-time device query and Multi-Device Query (MDQ) give IT the ability to investigate individual devices or analyze device data at scale, helping teams quickly identify issues, understand their impact, and take action with confidence.
This level of visibility becomes even more important as estates grow beyond PCs to include shared, mobile, and frontline devices. European fashion retailer Lindex demonstrates how scalable access to device data can give IT the oversight needed across a distributed retail environment. By using Intune to manage shared Android devices across stores, Lindex helps employees spend more time with customers and less time addressing device issues.
“With Intune, we can see the health of all the [Android] devices and keep them secure without disrupting store operations. It’s reliable, scalable, and gives us the control we need to support all our stores.”
Niklas Jenslov, Platform Engineer, Lindex
The advanced mobile capabilities that are part of Intune Plan 2 — and now included in Microsoft 365 E3 and E5 — help extend these same controls to Android, iOS, and specialized endpoint scenarios.
This includes purpose-built devices, firmware update management for supported Zebra Android devices, and Microsoft Tunnel for Mobile Application Management (MAM), which also supports Android and iOS/iPadOS. MAM protects corporate data within apps without requiring device enrollment. Microsoft Tunnel for MAM extends this further by enabling secure access to on-premises app resources from unenrolled devices through per-app VPN, helping organizations support BYOD scenarios while maintaining secure access to corporate resources.
Organizations are also simplifying application management with Microsoft Intune Enterprise Application Management (EAM), helping streamline application deployment and keep apps consistently up to date. EAM reduces manual packaging and maintenance effort by automating application deployment and updates, while helping users get faster access to the tools they need to stay productive. Building on the application management capabilities already available in Intune, EAM further simplifies software delivery at scale.
Carlsberg Group demonstrates this impact through less hands-on work for IT and fewer support delays for users.
“With Microsoft Intune, our end-users can install all the permitted applications they need directly to their laptop without waiting for IT on-site support to help them,”
Oleksii Giriiev, Service Owner for Endpoint Management and ServiceNow, Carlsberg Group
With secure remote support, access to scalable device data, and simplified application and mobile management within one solution, IT teams can move faster, act with greater confidence, and give users the support they need—wherever work happens.
Optimize with AI
With endpoints well-managed and IT equipped to act, the next opportunity is putting AI to work in the management workflow—surfacing insights, assessing risk, and guiding action.
Microsoft Security Copilot in Intune brings AI directly into the endpoint management workflow, helping admins use natural language to explore Intune data, gather insights, and take action without leaving the Intune admin center. For EPM, Copilot can help assess applications risks before elevation requests are approved, giving admins more context for least-privilege decisions. In Advanced Analytics, Copilot can also help admins build and refine KQL queries, lowering the barrier to deeper endpoint analysis and helping teams translate complex device data into practical next steps.
The Vulnerability Remediation Agent for Security Copilot in Intune is an example of how AI-assisted endpoint management can work. It uses Defender Vulnerability Management data to identify and prioritize high-risk Common Vulnerabilities and Exposures (CVE) on managed devices, provides recommendations for remediation, and guides admins through the steps they can take within Intune. This brings advanced endpoint management and AI-assisted operations together, helping IT understand what is happening and determining what matters, while leveraging the tools they already use.
PepsiCo’s Intune story points to that next step, helping IT act faster, with better context and stronger controls.
“We’re already working with Microsoft to understand new offerings like Security Copilot and Copilot in Intune, our goal is to eliminate repetitive tasks and provide a seamless, intelligent experience for our workforce.”
Sameer Rane, Director, Global Workplace Services, PepsiCo
As AI becomes part of everyday endpoint operations, advanced Intune capabilities help IT teams build the secure, data-rich foundation they need to adopt these experiences with greater clarity, control, and impact.
Get started with advanced endpoint management
Across these stories, the through-line is consistent: a strong, well-managed endpoint foundation enables stronger security, faster IT response, and trusted AI adoption. With advanced Microsoft Intune Suite capabilities now included in Microsoft 365 E5, and select capabilities in Microsoft 365 E3, more organizations can put these capabilities to work.
Whether reducing standing privilege, modernizing certificate management, streamlining application delivery, or preparing for AI-assisted operations, these capabilities work together to help IT teams manage and secure endpoints from a trusted management solution. Organizations can realize these benefits sooner by adopting the advanced Intune capabilities available through their existing Microsoft 365 plans and subscriptions.
To get started:
- Check your Microsoft 365 E3 or E5 eligibility.
- Review Message Center notifications to see what is available in your tenant.
- Connect with your account team to discuss the right adoption path for your organization.
1 Feature availability and included capabilities vary by Microsoft 365 subscription plan. Some advanced Microsoft Intune capabilities may require additional licenses. Existing customers will receive a 30-day notice in their Microsoft Admin Center and will have access by August 2026.
2 Microsoft Security Copilot and related AI capabilities may require separate licensing, learn more here.
Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune and @IntuneSuppTeam on X to continue the conversation.