As part of Microsofts Cloud offering , Intune is the functionality to control remote devices via the cloud instead of OnPremise Domain Controllers. With remote workers using devices like Microsoft Surfaces nowadays for portability they are rarely in the office or connected to a VPN which is able to connect back to the domain for new updates.
Windows 10 Intune allows a user to go to a store and purchase a device with their company credit card , and enter their Office 365 username and password on setup and it will setup the computer and download all the App's over the internet wiithout the need for being in the Office!
With Azure AD offering and now Windows 10 Intune slowely removing the need for onpremise Group Policys the move for cloud management is coming! You can also use these policies for deployment to Phones and Tablets as well. It's also a great tool for Asset Management, Security Auditing and remote assistant for devices in your firm.
Cost
Packages start from 4.50 GBP / Month
https://www.microsoft.com/en-gb/cloud-platform/microsoft-intune-pricing
Windows 10 inbuilt MDM or the Client
There are some features that the Inbuilt MDM in Windows 10 cannot do per below
Features
First, let’s take a look at an overview of the features available for the client and for Windows 10 MDM:
| FEATURE | INTUNE CLIENT | Windows 10 MDM |
|---|---|---|
| Auto Enrollment via Azure AD | ✗ | ✓ |
| Software Deployment via Single MSI | ✓ | ✓ |
| Software Deployment via MSI + additional files | ✓ | ✗ |
| Software Deployment via EXE + additional files | ✓ | ✗ |
| Configuration Policies | ✗ | ✓ |
| Compliance Policies | ✗ | ✓ |
| Windows Update Policy | Approved Updates & Reporting | Policy |
| Endpoint Protection Policy & Reporting | ✓ | Policy |
| Software License Management | ✓ | ✗ |
| Hardware Inventory | ✓ | Limited |
| Conditional Access | ✗ | ✓ |
Note 3 key items here – software deployment, Windows Update management and Endpoint Protection management:
Policies
Understanding the configuration policies possible with either approach is important for getting a full picture of how much control you have over Windows 10 PCs:
| POLICY | Intune Client | Windows 10 MDM |
|---|---|---|
| Custom Configuration (OMA-URI) | ✗ | ✓ |
| Edition Upgrade Policy✗✓ | ✗ | ✓ |
| Email Profile✗✓ | ✗ | ✓ |
| General Configuration✗✓ | ✗ | ✓ |
| PKCS #12 (.PFX) Certificate Profile✗✓ | ✗ | ✓ |
| SCEP Certificate Profile✗✓ | ✗ | ✓ |
| Trusted Certificate Profile✗✓ | ✗ | ✓ |
| VPN Profile✗✓ | ✗ | ✓ |
| Wi-Fi Import✗✓ | ✗ | ✓ |
| Windows Information Protection (Enterprise Data Protection)✗✓ | ✗ | ✓ |
| Microsoft Intune Agent Settings | ✓ | N/A |
| Microsoft Intune Center Settings | ✓ | N/A |
| Windows Firewall Settings | ✓ | ✗ |
| Exchange ActiveSync | ✗ | ✓ |
| Mobile Device Security | ✗ | ✓ |