Microsoft Intune Licensing Overview
Intune User Licensing
Microsoft Intune is typically licensed per user. In this capacity it's expected that for each Intune license up to 5 devices for that one Individual can be managed and configured via Intune. Intune typically isn't licensed standalone per device. Intune is also typically bundled with 3 various products two of which have the tag called "Unified" Meaning that multiple products are bundled together to make licensing and usage easier. 
Enterprise Mobility and Security (EMS) A3 / A5
Microsoft Unified M365 A3 / A5
Intune Device Licensing 
Microsoft Intune isn't typically licensed per standalone device but can be with an amendment. This typically isn't recommended as certain user features such as advanced reporting, user metrics, and user-based targeting may be affected. In this mode everything should be expected to be managed device based. This is also referred to as Intune for Devices A1. An enterprise equivalent isn't known at this time refer to your Microsoft representative. 
Intune for Education Explanation
Intune for Education P1
Microsoft additionally has a licensing SKU called Intune for Education. When educational institutions license Intune they are additionally supposed to receive the Intune for Education license. This includes access to the Intune for Education portal as well as specific licensing additions either discounted or added with no additional cost such as Remote Help or Universal Print. 
Intune Addon's and Defender for Endpoint
Intune has additionally licensed features and security addon's below. These addon's add additional capabilities and features often seen in 3rd party products but completely unified under the Microsoft management portals offering ease of access, additional security integrations across the ecosystem, and centralized reporting. These features can be broken up into two central categories. Feature addon's and Security addon's explained below.

Intune Feature Addon's
There are additional addon's to Intune that will be explained later in this documentation guide. These addon's and features are only meant to add capabilities to the system. Intune is still a fully capable MDM (mobile device management system) These addon's and security additions merely add to its capabilities. For a quick list Intune has the following addon's currently available. Any pricing listed isn't accurate for Education please contact your Education representative for accurate pricing. Education plans are typically cheaper than Enterprise.

Microsoft Intune Endpoint Privilege Management
Microsoft Intune Endpoint Privilege Management is a feature available in Intune that allows organizations to automate and manage when workers have permission to use admin privilege for specific tasks on both Windows cloud connected and co-managed endpoints. The feature enables admins to set policies that allow standard users to perform tasks usually reserved for an administrator. Endpoint Privilege Management is enabled in Intune at the tenant level, with granular controls to leverage built-in Windows OS protections. To access Endpoint Privilege Management in the Intune admin center, navigate to the Endpoint Security under Manage and click on Privilege management.
In simpler terms, Microsoft Intune Endpoint Privilege Management allows your organization’s users to run as a standard user (without administrator rights) and complete tasks that require elevated privileges. Tasks that commonly require administrative privileges are application installs (like Microsoft 365 Applications), updating device drivers, and more.
Microsoft Intune Suite 
Microsoft Intune Suite is a cloud-based endpoint management solution that provides a range of benefits to organizations. Here are some of the benefits of Microsoft Intune Suite license. 
Simplified endpoint management experience
Improved security posture
Exceptional user experiences
Advanced endpoint analytics capabilities
Remote Help
Endpoint Privilege Management
Microsoft Tunnel for Mobile App Management
Endpoint Security Addon's
Defender for Endpoint
(Vulnerability Management)
Microsoft Defender for Endpoint is deeply integrated with the Microsoft ecosystem. It has visibility of all the software on a given device as well as insights into changes such as patches, installations, and uninstallations. It provides actionable alerts and enables you to respond quickly. Threat intelligence is amplified by the power of the Intelligent Security Graph with signals across Windows, Azure, and Office to detect unknown threats.
Leveraging Microsoft threat intelligence, breach likelihood predictions, business contexts, and devices assessments, Defender Vulnerability Management rapidly and continuously prioritizes the biggest vulnerabilities on your most critical assets and provides security recommendations to mitigate risk.
Defender for Endpoint
Plan 1 and Plan 2 
Microsoft Defender for Endpoint P1 includes the following capabilities
Next-generation protection that includes industry-leading, robust antimalware and antivirus protection
Manual response actions, such as sending a file to quarantine, that your security team can take on devices or files when threats are detected. 
Microsoft Defender for Endpoint P2 offers all the capabilities in P1, plus endpoint detection and response, automated investigation and incident response, and threat and vulnerability management. 
Endpoint detection and response (EDR)
Automated investigation and remediation (XDR)
Threat and vulnerability management
License Assignment
Once Intune licenses are purchased, you'll need to assign licenses to users before deploying Intune. It's highly recommended to use dynamic group licensing. Dynamic group licensing uses attributes located within the user properties to auto populate users in an M365 or Security Group based on a syntax you set in the Azure AD portal. If you have AD Connect deployed, you'll update the user attributes in Active Directory. 
Licensing Users in the M365 Admin and Azure AD Portals
Please feel free to watch the Intune licensing & Explanation video below. 

You may also like

Back to Top