Recently, I’ve noticed a growing trend of organizations transitioning from platforms like Omnissa Workspace ONE (formerly VMWare Airwatch) to Microsoft Intune. For many companies already invested in Microsoft’s ecosystem, leveraging Intune makes financial and operational sense. However, this shift often comes with challenges, especially for device administrators tasked with implementing and managing the transition.
Over the past year, my experience with Intune has evolved significantly. While it initially presented its share of frustrations, I’ve discovered solutions and workarounds that have made managing a large fleet of devices more feasible. Here are my takeaways from helping customers implement or migrate to Intune.
Naming Devices with Intune
One of the first things you’ll encounter when enrolling devices in Intune is its lack of automated, user-friendly naming conventions. By default, the system assigns a random GUID to enrolled devices, which doesn’t provide much help for troubleshooting or helpdesk purposes. Ideally, device names should allow IT teams to identify and resolve issues quickly.
While Intune doesn’t currently support rules for dynamic device naming, there are workarounds. For example, bulk renaming allows administrators to apply naming conventions to multiple devices simultaneously. However, this process has its limitations:
- It involves several manual steps, such as selecting devices individually for renaming.
- The naming convention can’t be automated for new enrollments—administrators must repeat the process for newly added devices.
- Supported tokens for dynamic renaming are limited to serial numbers or random strings, which may not always align with operational needs.
Despite these challenges, implementing bulk renaming is much quicker than manually renaming every device. I am hopeful that Microsoft will soon implement some new features to alleviate further device administrators’ pain points around device naming in Intune, as I have found that this is a common grievance among my peers.
Grouping Devices with Intune
Efficient device grouping is critical for managing large fleets, and while Intune offers tools for this, it requires thoughtful planning. Unlike other platforms, Intune does not provide an intuitive, out-of-the-box structure for grouping devices. However, with strategic use of its features, you may be able to create a system that meets your organization’s requirements.
Enrollment Profiles are one of the most effective tools I’ve found for setting up groups in Intune. By carefully mapping out enrollment profiles before starting your deployment, you can use them to filter devices into deployment groups that align with your organization’s structure. For example:
- You could create enrollment profiles according to a business segmentation (i.e., territories, districts, or even individual facilities).
- Use the appropriate QR code to enroll each device into its business segment.
- Once devices are enrolled under these profiles, you can use them to organize devices into manageable groups for deployments and dynamic updates.
One key consideration is that enrollment profiles are persistent—they remain tied to devices unless unenrolled and re-enrolled. Therefore, planning your enrollment profiles is essential to leverage them for device grouping.
For more customized grouping, Microsoft Graph APIs may provide another potential solution. While I am still experimenting with Graph APIs, I believe scripting with them could:
- Pull device data from your Intune tenant.
- Filter or compare the data against a CSV file or other criteria.
- Create new security groups.
- Add devices to these groups using their object IDs.
This approach would offer flexibility, and while it requires some technical expertise, it could significantly streamline device grouping for complex environments.
A Better Way to Manage Files on Android
Intune’s approach to file management reflects Microsoft’s push toward modern, secure device management. The platform doesn’t natively support file manipulation, such as adding, removing, or copying files directly on devices. While this design minimizes risks associated with older remote management methods, some scenarios—like OEM-mandated OS updates requiring large file transfers—still demand file management capabilities.
Third-party solutions like BlueFletch’s Playbook Agent can bridge the gap for such cases. Tools like these enable file manipulation at scale and provide additional features for administrators managing security and compliance. While these solutions complement Intune effectively, they highlight the need for further evolution in Intune’s native capabilities.
Conclusion
If your organization is already paying for Microsoft licenses that include Intune, it can make financial sense to consolidate to a single MDM platform. However, this transition may present device Administrators with challenges they are not accustomed to dealing with in other MDM platforms. With careful planning and strategic use of features like enrollment profiles, dynamic grouping, and third-party integrations, Intune can become a powerful tool for device management. If you have any follow-up questions, feel free to reach out to me and our team at info@bluefletch.com. Best of luck with your migrations!
