Help CenterMicrosoft Intune is a cloud-based service for managing devices and applications, allowing organizations to control access, security, and compliance across their corporate network. Microsoft offers several different Intune licensing options, including Intune Plan 1, Intune Plan 2, the Intune Suite, and Add-On options. Each plan provides different levels of device management, security, and compliance capabilities.
In this article, we will explore the differences between these Intune licensing options and help you decide which one is best for your organization.
What is Microsoft Intune?
Microsoft Intune is part of Microsoft Endpoint Manager and provides Mobile Device Management (MDM) and Mobile Application Management (MAM) for organizations. It allows IT admins to manage devices, secure company data, and ensure that compliance policies are enforced across devices such as PCs, smartphones, and tablets.
Key Differences Between Intune Plan 1, Plan 2, Intune Suite, and Add-On
1. Intune Plan 1
- Core Features: Intune Plan 1 is the foundational plan and includes basic device management and security capabilities, making it suitable for small to medium-sized organizations.
- Mobile Device Management (MDM): Manage devices such as Windows PCs, macOS, iOS, and Android.
- Mobile Application Management (MAM): Manage apps on devices without requiring full device management.
- Compliance Policies: Create policies to ensure that devices comply with security and organizational standards.
- Conditional Access: Control access to company resources based on compliance policies.
- Integration with Microsoft 365: Plan 1 integrates with Microsoft 365, providing secure access to company data.
- App Protection: Protect company data within apps by setting rules for how apps handle company information.
2. Intune Plan 2
- Enhanced Features: Intune Plan 2 includes everything in Plan 1, plus more advanced management and security capabilities.
- Advanced Compliance: Plan 2 adds more granular control over compliance policies and enforcement, enabling IT admins to manage complex environments.
- Conditional Access with Multiple Conditions: Set up more advanced conditions for device and app access based on a broader range of criteria.
- Endpoint Analytics: Provides advanced reporting and insights on device health, performance, and security.
- Role-Based Access Control (RBAC): More detailed control over who can perform certain actions within Intune, giving large organizations better management and delegation capabilities.
- Windows Autopilot: Allows IT departments to configure and deploy new devices without manual intervention.
3. Intune Suite
- Comprehensive Solution: The Intune Suite is a more comprehensive solution that builds on Plan 2, providing additional advanced security, management, and analytics features. It is designed for large enterprises or heavily regulated industries that need top-tier protection and device management.
- Endpoint Privilege Management: Allows the delegation of limited admin privileges to users for specific tasks, reducing the need for full admin access.
- Remote Help: Enables remote assistance to employees' devices to resolve technical issues.
- Endpoint Security Management: Provides deeper integration with security solutions, allowing for more extensive management of antivirus, firewall, and other security policies.
- Risk-Based Conditional Access: Uses risk scores and security signals to enforce conditional access policies.
- Application Lifecycle Management: Full control over app deployment, updates, and lifecycle management across devices.
4. Intune Add-On
Some capabilities are available to buy as a standalone add-on. Other capabilities are only available with Intune Plan 2 or the Intune Suite.
The following table provides a list of add-on capabilities and associated Intune Plans. For information about Microsoft Intune Plans and pricing, see Intune Plans and pricing
Endpoint Privilege Management supports your zero-trust journey by helping your organization achieve a broad user base running with least privilege, while allowing users to still run tasks allowed by your organization to remain productive.
Enterprise App Management is an Intune Suite add-on that is available for trial and purchase. Enterprise Application Management provides an Enterprise App Catalog of Win32 applications that are easily accessible in Intune. You can add these applications to your tenant by selecting them from the Enterprise App Catalog. When you add an Enterprise App Catalog app to your Intune tenant, default installation, requirements, and detection settings are automatically provided. You can modify these settings as well. In addition, Intune hosts Enterprise App Catalog apps in Microsoft storage. For more information, see Microsoft Intune Enterprise Application Management.
Microsoft Intune Advanced Analytics is set of analytics-driven capabilities that help IT admins understand, anticipate, and improve the end-user experience.
When you use the Microsoft Tunnel VPN Gateway, you can extend Tunnel support by adding Tunnel for Mobile Application Management (MAM). Tunnel MAM extends the Microsoft Tunnel VPN gateway to support devices that run Android or iOS, and that aren't enrolled with Microsoft Intune.
Microsoft Cloud PKI is a cloud-based service that simplifies and automates certificate lifecycle management for Intune-managed devices. It provides a dedicated public key infrastructure (PKI) for your organization and handles the certificate issuance, renewal, and revocation for all Intune-supported platforms.
Firmware over-the-air (FOTA) update allows you to remotely update the firmware of supported devices wirelessly with more control.
Specialized devices management is a set of device management, configuration, and protection capabilities for special, purpose-built devices such as AR/VR headsets, large smart-screen devices, and conference room meeting devices.
Pricing
1. Intune Plan 1
- Price: Approximately $8 per user/month.
- Includes: Basic device and app management features, Mobile Device Management (MDM), Mobile Application Management (MAM), compliance policies, and integration with Microsoft 365.
2. Intune Plan 2
- Price: Typically around $4 per user/month.
- Includes: Requires Intune Plan 1, and offers more advanced features such as Tunnel for Mobile Application Management, Specialized devices management and Firmware over-the-air
3. Intune Suite
- Price: Around $10 per user/month.
- Includes: Requires Plan1 and offer all Plan 2 features plus additional capabilities such as Endpoint Privilege Management, Remote Help, Advanced Analytics, Cloud PKI and Enterprise App Management
4. Add-On
- Intune Remote Help - Price: Around $3.5 per user/month.
- EPM - Price: Around $3 per user/month.
- Advanced Analytics - Price: Around $5 per user/month.
- Enterprise Application Management - Price: Around $2 per user/month.
- Cloud PKI - Price: Around $2 per user/month.
Which Intune Plan is Right for You?
Choosing the right Intune plan depends on the size of your organization, the complexity of your IT infrastructure, and your security needs.
- Small to Medium-Sized Businesses: Intune Plan 1 offers all the essential device management and security features for small to medium-sized businesses that need a cost-effective, basic MDM solution.
- Enterprises and Regulated Industries: Intune Plan 2 is better suited for larger organizations or those in regulated industries that require advanced compliance features, more robust security controls, and additional management capabilities such as Windows Autopilot and endpoint analytics.
- Large Enterprises with Advanced Security Needs: The Intune Suite is the most comprehensive option, providing full endpoint management, advanced security controls, and additional tools like remote help and advanced conditional access. It is best for enterprises with complex environments and stringent security requirements.
- Specific Feature Needs: If your organization only needs certain features, the Intune Add-On options allow you to customize your solution without subscribing to the full Intune Suite. This is useful for businesses that need specific functionalities such as remote help or advanced compliance tools.
Conclusion
Microsoft Intune offers a flexible range of plans and options to fit organizations of all sizes and industries. Plan 1 is great for businesses looking for basic mobile and device management, while Plan 2 offers advanced features for more complex environments. The Intune Suite is designed for large enterprises that need premium features, while Add-On options allow for tailored solutions based on specific needs.
By understanding the key differences between Intune Plan 1, Plan 2, the Intune Suite, and Add-Ons, you can choose the right level of device management and security for your organization.
Thank you again for pointing out that mistake! Let me know if you'd like to refine any part further.