Forum Discussion
[Day 2] Mission Intune : When Migration Becomes a Mission (Almost) Impossible
Good Morning Everyone đľď¸
Deep within the digital infrastructure, a high-stakes mission is being prepped. Five mobility experts have been deployed to solve a massive puzzle: migrating tens of thousands of smartphones to Microsoft Intune.
The Goal: Ensure a fluid, secure, and uninterrupted transition for thousands of users.
The Battlefront: A complex landscape filled with legacy policies, mixed configurations, and strict deadlines.
Itâs a race against the clock where one wrong move could start a domino effect. From scripts to security protocolsânothing is left to chance.
Failure is not an option.
Following Broadcomâs acquisition of VMware in 2023, the Workspace ONE product is now owned by Omnissa. Broadcomâs commercial strategy, which has influenced its spin-off companies, had become highly aggressive toward all customers. Consequently, we have decided to migrate the management of our Android and iOS tertiary fleet to Microsoft Intune..
While we are familiar with Intune, several limitations should be noted:
- Reporting: Intune offers basic reporting through Microsoft Endpoint Manager and Power BI integration, but lacks the advanced, customizable dashboards available in Workspace ONE.
- Deployment Performance: Application and configuration deployments can be slow, with status updates often delayed due to Intuneâs reliance on periodic device check-ins rather than real-time communication.
- iOS Management: Intune provides full functionality only for devices enrolled via Apple Business Manager (ABM). Non-ABM devices have restricted supervision capabilities, limiting advanced configuration and app deployment.
- Error Handling: Intune does not display granular error codes in its console. Troubleshooting often requires log collection from the device or use of Microsoft Support tools, increasing diagnostic complexity.
- Conditional Access & Compliance: Intune integrates tightly with Azure AD for conditional access policies, which is a strength, but requires additional configuration and licensing for advanced scenarios.
- App Protection Policies: Strong for Microsoft 365 apps, but less flexible for third-party apps compared to Workspace ONE.
Migration Strategy Overview
The project aims to migrate the entire mobile fleetâa few tens of thousands Android and some iOs devicesâbetween September 2023 and December 2024. Cybersecurity requirements mandate a shift from COBO (with personal Google accounts allowed) to COPE, reinforcing corporate control and reducing exposure to security risks.
Key Challenges
- Technical Constraints: Devices incompatible with Android 13 require hardware replacement. For most employees, migration involves full device reset and Intune re-enrollmentâa complex, time-consuming process.
- Security Limitations: Backup tools cannot be authorized, increasing the risk of data loss and user errors. A recurring issue is failure to remove Microsoft Authenticator configurations, creating significant support overhead.
- Performance Impact: The Samsung Galaxy A32, previously adequate under COBO, performs poorly under COPE, affecting user experience.
Status and Strategic Decision
By June 2024, progress is far below target. To mitigate operational disruption and support overload, the strategy shifts: forced migrations are discontinued. Migration now occurs only during:
- Hardware replacement (obsolescence, failure, or breakage)
- Voluntary device reset
This approach prioritizes stability and resource optimization while maintaining compliance with security standards.
Weâve been with Intune for almost two years, we make do with it and we are hardly surprised anymore when something doesnât work.
If you have any questions, don't hesitate to reach out via the comments below
Kris
17 Replies
Nice article and again a statement which we see here so often: Intune is not a real "goto" solution but more like a "have to" solution when forced by procurement as it's cheaper than other solutions (which also work way better from my experience and what i read here from others).
I'm not a fan of calling any product bad but Intune really made it through a lot of hands with same opinions. Never heard of someone telling "Intune is nice" or so.
I love this. Intune is not a "go to" it is a "have to". I've made it a personal mission to put as much content out as possible to warn others of the perils of Intune and am glad to hear similar horror stories being shared.
Thank you mattdermodyâ
Thank you Moombasâ
What a great post Krisâ - it's so insightful and I like the humour with which this was written đ
It's interesting to hear you share this opinion Moombasâ!
Thank you so much Emilie_Bâ
Nice article!
The last part made me a bit sad, "we make do with Intune". It doesn't seem like Intune is a good fit for you, and you shouldnt have to be forced to migrate to Intune. But its a reality I hear way to often.
Moombasâ is right, its a have to solution. It works for the average company with just basic management, but anything more than that is just not going to work very well.
Great article, funny and interesting.
I keep as far away from Intune as possible, but slightly surprised Google published this, hopefully a wakeup call to Microsoft.
Thank you davidguillâ And i could say even more đ
Hey davidguillâ,
I hope you are doing well.
Just to come back to you here, even though it is part of the festival - this piece was written entirely by Kris, so these thoughts are entirely his own.
But in general, to add my own thoughts here, I want to encourage our community here to be a place where we can have constructive conversations and share different experiences and ideas. Some things that might not be working for one person, could be working for another, so hopefully we can help each other, learn from each other and make sure that everyone is having the best experiences using Android devices at work and the wider ecosystem.
(Open for more ideas on how we can do more of this in the community).
Thanks so much,
Lizzie
Thank you, Krisâ , for taking the time to be part of the festival and sharing your experience with migrating to a new EMM. Migrating anything can be stressful, and I am sure this topic is of interest to many community members here.
I am sorry to hear your deployment has not been as straightforward as expected - there is some very useful feedback here. I know there are a few community members who are also using Intune, so I wonder if anyone reading this could offer any constructive tips or advice on any of the areas highlighted here that could help? Perhaps we can get a good conversation going around this?
Thanks again,
Lizzie
Thank You Lizzieâ and Emilie_Bâ
This article is a great opportunity to share our experience and to have feedback.
Kris
I've been a little less active in the community lately. This is partly because we are also looking into using Intune. What can Intune do, how can you continue to connect on-premises services effectively, what would migration look like? So I can really relate to the article.
At events, I often ask other admins which UEM they use and how satisfied they are with it. Personally, as Moombas wrote, I have mostly heard that Intune was a âhave toâ decision, because it's "free" in E3/E5. Accordingly, I was mentally prepared to be disappointed by the tests. And oh boy, I noticed problems that I hadn't expected at all. The problems do not necessarily apply to all customers. The higher the overall integration into the Microsoft ecosystem and the less complex other requirements are, the easier an Intune migration might be.
For an overview of the market, you can certainly look at opinions from market researchers on the subject of UEM (e.g., Gartner or IDC). At first glance, you get the impression that this is a market leader with comprehensive functionality (compared to other companies). However, this result does not reveal that this is not the case and that much of it has to be - if even possible - built in-house using the GraphAPI.
Migration can be really difficult to calculate. Which features do you really want to keep, and what do you need to develop or buy in advance to do so? Is the configured RBAC model functioning as intended? How might processes need to be changed? How do you deal with the mandatory factory reset for corporate-owned devices? Even if Android Enterprise offers simplified UEM migration like iOS26, such a migration is not something that can be done just like that.
While reading, I thought to myself, âSeptember 2023 to December 2024â won't be enough time to migrate tens of thousands of devices. It's not really something to be happy about if you're right. Because we know what it's like to have to correct overly ambitious decisions.
Hey Alex_Mucâ,
yeah sad to read you need to do this investigation.
We had a look into it some years ago as well but just one point, maybe two were no-go's for us and we stopped further investigation:
- Moving from changes being applied from seconds to hours (speaking for single devices, ofc. entire fleet is something different) is nothing you want to work with (in our opinion).
- Having no integrated remote control but to buy external software for that (+Handling of it via Intune then,...) was also a bad thing and can already be quite expensive.
- And it's then again a seperate system you need to switch to, making it also just looking at this single function, less user friendly.
Yeah, i can see the cost reason but what many companies (or their responsibles) do not consider when looking at the pure numbers:
- How much does the additional software cost (might increase if you find more functionalities missing which must be replaced, if even possible, by external software)?
- How much more you need to pay for additional working hours to implement these "workarounds"?
- How much you need to pay for troubleshooting (more working hours) to this then way more complex construction?
- How much more time does it take for employees to work with this "solution"?
- How many functions do you miss which could safe time/money because of this "solution"
- ...
That's just my top 5 and i really don't want to blame a single product as this goes for all and why it makes it so important to look into alternatives before migrating (or someone just decides because of âŹâŹ in the eyes). And what you just tell can be really pain to nearly impossible to dig out before.
You might be true that if you are working extremely close in the MS ecosystem and as less as possible anything from outside, that a Migration then maybe makes sense. But my 2 points from top are for me so heavy weighted (not even considering functionalities missing,...) that especially Intune is never an option for me unless they change that.
I'm open minded to investigate to other MDM/EMM than we have now and (in my opinion) i have a critical but fact based view and now exactly what we use our system for and this needs to be represented by 99% from the new system (including promised later updates of the software vendor to implement relevant functionalities not too far away, excluding nice to have features).
Moombasâ so true ! but when the decision becomes purely financial (for the wrong reasons)
Thank you Alex_Mucâ , you are still relevant as ever. I remember you told me about Intune when we met in London
