Forum Discussion

Yeo-Zao's avatar
Yeo-Zao
Copper Contributor
Apr 10, 2022
Solved

Looking at Intune subscriptions and its related features

Hey guys, I need help for subscription for my company. Please kindly advice me which is the baseline plans I can subscribe in order to fulfill the features I am looking at.   Intune alone for now,...
Intune
Mobile Application Management (MAM)
mobile device management (mdm)
  • Harm_Veenstra's avatar
    Harm_Veenstra
    Apr 11, 2022
    It seems like you want a bit of MAM and MDM, it's best to completely manage the devices with MDM in my opinion. Are the devices BYOD or COD? Per licensed user you can have 15 devices registered. Licensing a user can be done manual or, if you have Azure AD Premium P1 and Azure AD Connect, by assinging Windows Active Directory Groups to that license. You can set the max amount of devices to one user if you want, that way you know that they can only use one device.

    But without Azure AD Connect and syncing users, you will have users having a seperate account next to their Active Directory account with different passwords.. I wouldn't recommend it, running Azure AD Connect is free and will only cost you some server resources.
Harm_Veenstra's avatar
Harm_Veenstra
MVP
Apr 11, 2022
It seems like you want a bit of MAM and MDM, it's best to completely manage the devices with MDM in my opinion. Are the devices BYOD or COD? Per licensed user you can have 15 devices registered. Licensing a user can be done manual or, if you have Azure AD Premium P1 and Azure AD Connect, by assinging Windows Active Directory Groups to that license. You can set the max amount of devices to one user if you want, that way you know that they can only use one device.

But without Azure AD Connect and syncing users, you will have users having a seperate account next to their Active Directory account with different passwords.. I wouldn't recommend it, running Azure AD Connect is free and will only cost you some server resources.
Yeo-Zao's avatar
Yeo-Zao
Copper Contributor
Apr 12, 2022

Thanks for the clear explanation. I'm starting to get a bigger picture. Those devices we are managing are BYOD.

 

Considering Azure AD connect as optional (I'm not sure if my senior IT would be comfortable opening up on-prem AD connections), I can basically subscribe to EMS + E3 to perform the required tasks mentioned.

 

I also undertsand the cons of manual user entries that will end up separate accounts for the users apart from their AD accounts.

 

For subscription sizing wise, I just need to subscribe the total amount of users accounts, doesn't matter how many administrators there are.

 

Then there are no on-prem requirements like server os versions, AD versions and exchange versions etc.

 

Hope I have a good rough summeries here? 

  • Harm_Veenstra's avatar
    Harm_Veenstra
    MVP
    Apr 12, 2022

    Sounds like it 👌But the admins should have a Intune license too for administration.

    • Yeo-Zao's avatar
      Yeo-Zao
      Copper Contributor
      Apr 13, 2022
      Yup I understood. Total subscription sizing = users + admins. Don't mind me asking few last questions here.

      - I checked and notice the operation of iPhone and Android is slightly different. Android devices after registered, will create a "work" space of apps.
      IPhone does not. All apps are together in homepage. So when wiping the phone, are we still able to just wipe company's data only for iPhone?

      - other than deploying standard office apps to mobile devices, can we also deploy and control 3rd party apps from appstore/play store?