Skip to content

Are You Getting the Most From Intune?

Microsoft just changed the licensing model. Advanced Intune capabilities are now included in the new pricing for M365 E3 and E5 — whether your organization is ready to use them or not. This guide helps IT decision makers understand what changed, what it means for their environment, and what to do next.

Topics to Explore

➡️The Microsoft change explained: what's actually in the box now

➡️ The bigger picture: the endpoint management market is moving — all at once

➡️ Finding your path: where are you starting from?

➡️ The standard to aim for: what a well-run endpoint environment actually delivers

➡️ Interactive Tool: not sure which path is right for you?

Why this guide, why now?

Something just changed

In December 2025, Microsoft announced that advanced Intune capabilities — previously only available as a paid add-on through the Intune Suite — would be included in Microsoft 365 E3 and E5 subscriptions at no extra charge. By July 1, 2026, those features will land in your tenant automatically, accompanied by a $3 per user per month price increase.

For most organizations, this announcement quietly landed in an IT newsletter and got filed away. That's a mistake. Because what Microsoft has actually done is lower the barrier to modern endpoint management — and created a decision point that every VP and Director responsible for technology, operations, or compliance now needs to understand.

ebf-microsof-intune
$3
per user/month increase for M365 E3 and E5 from July 2026 — with Intune Suite now included in the price
1 in 4
top-performing companies cite change management as their core AI scaling challenge — McKinsey 2026
29%
of organizations co-create business and technology strategy together — McKinsey 2026

The organizations that treat this as just another licensing change will pay more and get the same results. The ones that treat it as a forcing function — a reason to finally get their endpoint environment aligned with where their technology strategy is going — will come out ahead.

This guide is for leaders who want to be in the second group.

The Microsoft change explained

What's actually in the box now

The headline is straightforward: Microsoft has moved significant endpoint management capabilities from a paid add-on into standard E3 and E5 licenses. The $3 per user per month price increase reflects this. For organizations that were already buying the Intune Suite separately, this is a net positive. For those who weren't, it's an opportunity that comes with a modest cost adjustment. 

The implications depend entirely on where your organization is starting from and which license tier you're on. 

What's included in M365 E3 from July 2026

Intune Remote Help — secure remote device support with full auditability. Intune Advanced Analytics — endpoint health, compliance visibility, and performance insights. Intune Plan 2 — including Tunnel for Mobile Application Management and specialty device management. 

Additional capabilities for M365 E5

Everything in E3, plus: Intune Endpoint Privilege Management — granular control over admin rights without permanent local admin access. Enterprise Application Management. Microsoft Cloud PKI — cloud-hosted certificate infrastructure. Security Copilot agents in Intune — AI-powered endpoint risk insights and automated remediation. 

Important: E5 security and E5 compliance add-ons are different

Organizations running M365 E3 with the E5 Security add-on get Endpoint Privilege Management and Intune Plan 2 — but not Remote Help or Advanced Analytics. Organizations with the E5 Compliance add-on get no additional Intune Suite coverage. If you're on either of these configurations, the July 2026 price increase on your underlying E3 license still applies, without the full Suite benefit.

This is the part most organizations miss. The features are not plug-and-play. Activating Remote Help requires configuration. Getting Advanced Analytics to surface meaningful data requires Entra ID integration and policy setup. Endpoint Privilege Management requires a Zero Trust architecture that many organizations haven't built yet. 

The license is the permission slip. The capability is the destination. Getting from one to the other is the actual challenge — and it's where most organizations will either capture the value or let it sit unused while paying the higher rate. 

The bigger picture

The endpoint management market is moving

The Microsoft licensing change doesn't exist in isolation. It's happening at the same time as two other significant shifts that together create the most consequential endpoint management decision point in years.

Intune Landing Page

The platform consolidation moment 

The enterprise endpoint management market is contracting around a smaller number of credible platforms. SCCM — long the default for large organizations — has a clear and well-supported migration path to Intune that Microsoft has invested heavily in building. Third-party MDM platforms that once competed on features are increasingly being evaluated against an Intune that has narrowed the gap significantly. For IT leaders, this means the platform decisions that felt deferrable two years ago are now actively costing organizations money or capability. 

The AI mandate landing on endpoint infrastructure

Every VP and Director in a regulated industry is navigating some version of the same pressure: leadership wants to show progress on AI, and the technology team is being asked to enable it. What most AI strategy conversations skip over is that AI tools — Microsoft Copilot, Security Copilot, AI-assisted documentation and analytics — run on endpoint infrastructure. They require consistent, governed, low-latency access to every device they touch.

If your endpoint environment isn't ready, your AI strategy stalls at the last mile. That's not an AI problem. It's a workspace problem.

Intune is the management layer that Microsoft's AI tools are built to run on. Organizations that have Intune properly configured — with Entra ID integration, Conditional Access, and Endpoint Privilege Management in place — are positioned to deploy AI tools to their users. Organizations that don't are going to discover the gap the hard way, midway through a rollout.

Intune Landing Page (2)

Finding your path

Where are you starting from?

The right response to the Microsoft licensing change isn't the same for every organization. It depends on your current platform, your compliance requirements, your team's capacity, and your strategic priorities. Here are the three situations we see most often in regulated industries — and what the right move looks like in each. 

PATH A: For current Intune users 

You're already on Intune and there's more to explore.

This is more common than most IT leaders want to admit. Organizations migrate to Intune, declare success, and then spend the next eighteen months managing the same environment they always had — just on a different platform. The capabilities landing in July 2026 are an opportunity to change that. 

The questions to ask:

Are you using Conditional Access and Entra ID integration, or is Intune operating as a standalone tool?

Do your users have local admin rights that haven't been governed? Endpoint Privilege Management is now included in E3 and E5 — this is the Zero Trust capability that makes those rights auditable and controlled.

Is your IT team spending significant time on remote support calls? Remote Help — now included in E3 and E5 — replaces third-party remote support tools with a fully auditable, compliant alternative.

If you're on E5: Security Copilot agents in Intune are being rolled out now. Are you positioned to activate them?

If you're on E5 Security or E5 Compliance: do you know which Suite capabilities you have and which you don't? The picture is more nuanced than E3 vs. E5.

The honest answer for most organizations in this path: a significant portion of what's now available in their license is either not configured or not working the way it should. A workspace diagnostic is the fastest way to find out what's ready and what isn't. 

PATH B: For migration evaluators

You're on another platform and evaluating whether to move.

If your organization is running SCCM, Jamf, ManageEngine, or another MDM, the Microsoft licensing change has shifted the cost calculus. But a migration decision shouldn't be driven by licensing alone — it needs to account for migration complexity, compliance risk, team capacity, and strategic fit. 

What the decision actually depends on:

Your current licensing tier. If you're on M365 E3 or E5, you're now paying for Intune Suite capabilities regardless of whether you use them. The question isn't whether to pay — you already are. It's whether to get the value.

Your compliance environment. SCCM migrations in healthcare or financial services carry different risk profiles than the same migration in a less regulated vertical. Compliance policy continuity — making sure nothing falls through the gap during transition — is the most common failure point.

Your device mix. If your organization is Mac-heavy, Jamf provides deeper native Mac management than Intune. The answer for mixed estates is often co-management — Intune for Windows and compliance policy, Jamf for Mac-native management — rather than a full platform replacement.

Your team's bandwidth. A migration executed under time pressure with an understaffed team is a migration that creates the next crisis. If your environment isn't stable, that needs to be addressed before any migration begins.

The SCCM path is the most compelling right now: Microsoft has built a co-management option that lets SCCM and Intune run simultaneously during the transition, reducing the risk of a hard cutover. For organizations on M365 E3 or E5, this path unlocks capabilities they're already paying for. 

PATH C: For organizations staying put

You're staying on your current platform and want to understand what it means.

Not every organization should migrate to Intune, and this guide isn't a pitch for migration. For some organizations — particularly those with Mac-heavy environments where Jamf provides deeper native management — staying on the current platform is the right call for now. 

But staying put doesn't mean standing still. Even if your endpoint management platform isn't changing, the world around it is. Here's what leaders in this position need to understand: 

Your leadership is going to ask about AI. The endpoint management platform question will come up in the context of AI deployment readiness — specifically whether your current environment can support the AI tools your organization wants to adopt. Have a prepared answer.

Compliance requirements are tightening across regulated industries. HIPAA, FINRA, FERPA, and PCI DSS 4.0 are all creating new expectations around endpoint governance, audit trails, and access controls. Whether you're on Intune or not, these requirements apply to your environment.

The market context will keep coming up. Citrix pricing, Omnissa's evolution, and Microsoft's continued investment in Intune as the foundation of AI-ready endpoint management are all conversations your vendors, your peers, and your leadership will be having. Understanding the landscape — even if you're not changing platforms — is part of the job.

The standard to aim for

What a well-run endpoint environment actually delivers

Regardless of which platform you're on, the goal is the same: an endpoint environment that your team isn't constantly firefighting, that your auditors can verify, that your users don't work around, and that your organization can build AI capability on top of.

In practice, that means:

Every device is known, managed, and in a documented compliance state — not just the ones IT provisioned, but the ones employees brought in, the ones acquired through M&A, and the ones sitting in remote locations that nobody's touched in eighteen months.

Access is governed by policy, not by who knows the admin password. Zero Trust architecture means access to sensitive systems is earned through verified identity and device compliance, not assumed because someone is on the corporate network.

Automate posts and track engagement. Plan, publish, and analyze social content from one centralized platform.

New capabilities — including AI tools — can be deployed to users without a six-month infrastructure project to get the environment ready first.

Leadership can see what's happening without waiting for an incident. Telemetry, user experience scoring, and compliance dashboards give VPs and Directors the signal they need to make informed decisions — not just the signal that something has already gone wrong.

Interactive tool

Not sure which path is right for you?

Use the interactive assessment tool below to get a personalized recommendation based on your current platform, your industry, your licensing tier, and your priorities. The tool covers the six major endpoint management platforms and produces a recommendation — along with an estimated cost model — that you can print and share with your team. 

The tool gives you:

  • A personalized recommendation — Activate, Migrate, Evaluate, or Stabilize First
  • A cost model tailored to your seat count, licensing tier, and current platform — including the July 2026 pricing picture
  • A complexity rating adjusted for your industry, environment size, and licensing clarity
  • A four-step recommended path tailored to your platform and priorities 
1
Your platform
2
Your environment
3
Your priorities
4
Your results

Step 1 of 3

What are you running today?

Select the endpoint management platform that best describes how you're managing devices today.

Step 2 of 3

Tell us about your environment

This helps us size the cost comparison and calibrate the complexity of any recommended path.

How many seats / managed endpoints? 1,000 seats
100 500 1,000 2,500 5,000+

Industry vertical

Current Microsoft 365 licensing

Step 3 of 3

What matters most right now?

Drag to rank your top priorities — most important at the top. On mobile, press and drag each item to reorder. Your recommendation will be weighted accordingly.

1
Stability first
Fix what's broken, stop the ticket flood, get to a reliable baseline
2
Security & compliance
Zero Trust, audit trails, HIPAA / FINRA / FERPA readiness
3
AI readiness
Get endpoints ready for Copilot, Security Copilot, and AI tools
4
Cost optimization
Reduce licensing overlap, tool sprawl, and management overhead
5
Team capacity
Reduce IT ticket load — give my team time for strategic work
6
Migration speed
Move fast — I need to show progress before the next renewal or review

Your #1 and #2 priorities carry the most weight in your recommendation. Reorder anytime before generating.

Anunta
Your assessment is ready. Print or save as PDF to share with your team.
Cost picture
Migration complexity
    Recommended path
    About this assessment: Cost figures are based on published Microsoft list prices effective July 1, 2026. Actual costs vary based on negotiated rates, EA discounts, and regional pricing. Complexity ratings reflect general patterns across Anunta's deployment experience — your specific environment may differ. Anunta works with all platforms listed and will always recommend the path that's right for your organization.
    intune-assessment

    Your next step

    Start with knowing what you have

    The most common mistake organizations make at this decision point is jumping to a platform decision before they have a clear picture of their current environment. Whether you're activating new Intune capabilities, evaluating a migration, or simply trying to understand where you stand — the starting point is the same: a diagnostic that maps your current environment, identifies the gaps, and gives you the information you need to make the right decision.

    That's what Anunta's Workspace Health Check does. It's not a sales pitch for a particular platform. It's an assessment of your current endpoint environment against the compliance requirements, AI readiness factors, and operational benchmarks that matter for your industry — with a clear recommendation on what to do next.

    Workspace Health Check

    Stability starts with visibility

    Anunta's Health Check is the first step to identifying unseen performance issues, misconfigurations, and compliance gaps across your digital workspace environment. Whether you're preparing for a migration, evaluating new capabilities, or troubleshooting persistent challenges — our diagnostic provides the clarity needed to take the right next step with confidence.

    Trusted by IT teams in healthcare, financial services, education, and government.

    Request your Workspace Health Check