Mobile Device Management With InTune Questions

Copper Contributor

The company I work for have in the last month, migrated their on-premise email to 365 email services.

Relatively small company with just over 100 employees.


For desktop and laptops, we have an internal domain, which is used for device authentication and vpn.

Every 90 days our AD policy requires users to reset their password.


For pc and laptop users, both local and remote, because their kit has been added to our domain, the password change isn't too much of a problem.


However for mobile users, on android and iOS devices, using a mix of outlook app and built in email app, changing password becomes quite a manual fair, especially since some have multiple mobile devices (iPad, iPhone etc)


The password change date causes frequent account lockouts because the 365 domain controller also replicates with our internal domain controller, and when users for example change their password on their desktop pc, account locks quickly happened when they haven't manually changed their mobile device password!


One caveat is that we dont currently have the option / service to allow users to reset their password via the web / 365


  • Our circumstances covered, would InTune be the logical solution.
  • Prices?
  • Presume there our options for both managed devices and byod ?

Posting here, as had been waiting in the telephone queue for some time!



1 Reply

Hi @GrahamCarter,


I am not a licensing expert but you could use the following website to check which license fits your goals.


My advice is to migrate your devices to Azure AD Joined and use Intune for your configuration. You could also consider using passwordless authentication on your device so your user doesn't have to change their password anymore. 


Another option is to configure Self-Service-Password-Reset, so your users can reset their password via internet, but you need an Azure AD P1 license.

Enable Azure Active Directory self-service password reset - Microsoft Entra | Microsoft Docs. 


With a Azure AD P1 license are you also able to use Conditional Access and enforce your users to use only the Outlook app on mobile devices.


To answer your question.

  • Our circumstances covered, would Intune be the logical solution.

Intune would always be a logical solution in my opinion, so you can manage your devices outside your office but you have to change configurations and the way to manage your devices. Also, my advise is consider to change your password policy and don't change your password every 90 day anymore but use passwordless authentication or use a password phrase with a minimum of 30 characters and change only when needed.


  • Prices?

For a Small company with just over 100 user, I would give you the advice to M365 business Premium. This license includes Intune, Azure AD P1 and Office 365.

Microsoft 365 Business Premium | M365 Maps


You can check the pricing of the license on the Microsoft website if you know which license you want to use. for M365 BP you can use the following link: Microsoft 365 for Business | Small Business | Microsoft 365


  • Presume there our options for both managed devices and byod ?

Intune can manage BYOD and managed device as well. 


Hopefully this helps you. 


Kind regards,