Medhacloud Logo
Medhacloud Logo
6
Chapter 6 of 14

Device Management & Intune Licensing

Master Microsoft Intune licensing tiers, Windows Autopilot, Windows 365, BYOD strategies, and co-management with SCCM. Learn exactly which device management capabilities come with each M365 plan.

18 min read read 3 quiz questions

Key Facts

  • Microsoft Intune manages over 200 million devices worldwide, making it the dominant cloud UEM platform.
  • Intune Plan 1 is included at no extra cost in Microsoft 365 E3, E5, Business Premium, and EMS E3/E5.
  • Intune Plan 2 is an add-on at $4/user/month — it adds advanced endpoint management like firmware-over-the-air and specialty device support.
  • The full Intune Suite bundles Plan 1 + Plan 2 plus Remote Help, Endpoint Privilege Management, Advanced Analytics, and Microsoft Cloud PKI for $10/user/month.
  • Windows 365 Enterprise starts at $28.50/user/month (2 vCPU / 4 GB RAM / 128 GB) and requires a supported base license with Intune and Entra ID.
  • Windows Autopilot requires no additional license beyond Intune Plan 1 — it is a deployment service, not a separate SKU.
  • Apple device management (iOS/iPadOS/macOS) through Intune requires Apple MDM Push Certificate and optionally Apple Business Manager — no extra Microsoft license needed beyond Intune Plan 1.
  • Co-management with SCCM (now part of Microsoft Configuration Manager) lets you gradually shift workloads to Intune while keeping ConfigMgr for complex on-prem tasks like OSD and deep software deployment.

Intune Licensing Tiers

Microsoft Intune is the unified endpoint management platform for M365. It manages Windows, macOS, iOS, Android, and Linux devices from a single console. But Intune itself comes in tiers. Device enrollment planning should happen alongside your Microsoft 365 deployment — not months later. Users migrating from Google Workspace need Intune profiles ready on day one so their devices pick up policies immediately.

Intune Plan 1

Included in E3/E5/BP
  • MDM (Mobile Device Management)
  • MAM (Mobile App Management)
  • Device compliance policies
  • Conditional Access integration
  • App deployment & protection
  • Windows Autopilot

Intune Plan 2

$4/user/mo add-on
  • Everything in Plan 1
  • Microsoft Tunnel for MAM
  • Specialty device management
  • Cloud certificate management
  • Firmware-over-the-air updates

Intune Suite

$10/user/mo add-on
  • Everything in Plan 1 + 2
  • Remote Help (technician-to-user)
  • Advanced endpoint analytics
  • Enterprise app management
  • Microsoft Cloud PKI

Windows Autopilot

Autopilot is the zero-touch deployment technology that lets you ship a new laptop directly to an employee and have it auto-configure with your apps, policies, and settings on first boot. It is included in all plans with Intune Plan 1 (E3, E5, Business Premium).

  • Works with any Windows 11 device registered by the hardware vendor (Dell, HP, Lenovo, etc.)
  • User-driven mode: employee signs in, device auto-enrolls and configures
  • Pre-provisioned mode: IT pre-stages the device, employee gets a ready-to-use machine
  • Self-deploying mode: for kiosks, digital signage, shared devices — no user interaction needed

Windows 365 — Cloud PC

Windows 365 puts a full Windows desktop in the cloud. Users access it from any device — a thin client, a Mac, an iPad, even a Chromebook. The license is per-user and priced based on compute specs.

  • Windows 365 Business: Self-service, up to 300 users, no Intune required. Starts at $28.50/user/mo (2 vCPU, 4 GB RAM, 64 GB storage)
  • Windows 365 Enterprise: Intune-managed, unlimited users, Conditional Access integration. Same price tiers but with full management capabilities.
  • Windows 365 Frontline: Shared Cloud PCs for shift workers. 3 users share 1 Cloud PC. $28.50/3 users = $9.50 effective per user.
  • GPU-enabled options available for design, engineering, and data science workloads ($66+/user/mo)

Pro Tip

Windows 365 Frontline is an incredible deal for shift-based organizations. Three workers share one Cloud PC at a fraction of the cost. Combine with F3 licenses for the M365 base, and you have a fully managed frontline worker setup for under $18/user/month.

BYOD vs Corporate-Owned Devices

The licensing implications differ based on device ownership:

  • BYOD: Use MAM-only enrollment (Intune Plan 1). Protects company data in managed apps without touching personal data. No device wipe capability.
  • Corporate-owned: Full MDM enrollment. Device compliance policies, remote wipe, hardware inventory, OS update management.
  • Shared devices: Use Shared Device Mode in Intune. Workers sign in/out on shared tablets or phones. Data is cleaned between sessions.
  • No additional licensing cost for BYOD vs corporate — both scenarios are covered by the same Intune Plan 1 license.
Microsoft 365 E3$36.00/user/mo
Buy — 5% Off
Business Premium$22.00/user/mo
Buy — 5% Off
Microsoft 365 F3$8.00/user/mo
Buy — 5% Off

Did You Know?

Microsoft Intune manages over 200 million devices worldwide, making it the dominant cloud UEM platform.

Test Your Knowledge

Question 1 of 3

A company uses Microsoft 365 E3 and wants to add Remote Help so their IT team can assist users remotely through a secure, cloud-based tool. What is the most cost-effective licensing approach?

Chapter Summary

  • 1Intune Plan 1 (included in E3, E5, Business Premium) covers MDM and MAM for Windows, iOS, Android, macOS, and Linux — sufficient for most organizations managing standard devices.
  • 2Intune Plan 2 ($4/user/month) adds specialty device management for AR/VR headsets, large smart screens, and firmware-over-the-air updates for Samsung and Zebra devices.
  • 3The Intune Suite at $10/user/month bundles Plan 1 + Plan 2 plus Remote Help, Endpoint Privilege Management, Advanced Analytics, and Cloud PKI — saving roughly 40% versus purchasing each add-on individually.
  • 4Windows Autopilot is a zero-touch provisioning service included with Intune Plan 1 at no extra cost. Windows 365 Cloud PCs start at $28.50/user/month and stream a full Windows desktop from Azure.
  • 5BYOD scenarios only require MAM policies (app protection) through Intune Plan 1 — no full device enrollment needed. Corporate-owned devices use full MDM enrollment.
  • 6Apple and Android devices are fully managed through Intune Plan 1 with no additional Microsoft licensing. Apple Business Manager and Samsung Knox integration are included at no extra cost.
  • 7Co-management with Configuration Manager (SCCM) lets you gradually migrate device workloads to Intune while retaining ConfigMgr for complex tasks like OS deployment and deep software distribution.
Chapter 6 of 1443% complete
Previous

Ch. 5: Security & Compliance

Next Chapter

Ch. 7: Voice & Teams Phone

Ready to Buy Microsoft 365?

Save 5% when you purchase through Medha Cloud

View prices in:
Business Basic
$6.00
/user/mo
Our price: $5.70
Business Standard
$12.50
/user/mo
Our price: $11.88
Business Premium
$22.00
/user/mo
Our price: $20.90
Microsoft 365 E3
$36.00
/user/mo
Our price: $34.20
Microsoft 365 E5
$57.00
/user/mo
Our price: $54.15
Microsoft 365 F3
$8.00
/user/mo
Our price: $7.60
Get a Quote — 5% DiscountCompare All Plans

Popular Plans

Our Services