MS Intune vs Manage Engine
Posted by heet3727@reddit | sysadmin | View on Reddit | 40 comments
For those who have tried both or are working on either one, help me decide which is better in terms of
- features,
- user friendliness,
- ease in adoption,
- better documentation,
- pricing,
- some gotchas we need to keep in mind, etc.
Background-
We are an MSP with a 1000 assets mostly laptops with 100 odd customers and want to explore whether this would be useful in tracking hardware health telemetry, Remote Login, etc.
Lurcher1989@reddit
I've used both across my last 2 job for the last 8 years. More recently I migrated away from ManageEngine.
ManageEngine is great if you've got devices that are a bit of a mish mash. Can't be domain joined etc. Being able to administer all different types of machines on different domains is useful is certain scenarios.
That said it's a pain to manage and some features that worked today may not work tomorrow or after the next update. Usually if it's a fringe feature that would stop working.
If you're a full MS house and use M365 Intune is by far the best solution, though it's not without it's issues.
tin-naga@reddit
I was a big Intune advocate but eventually Endpoint Central grew on me. We previously only used it for server but has since enrolled all endpoints.
I advocated for this for Bitlocker/Filevault escrow, Geotracking (Windows and Mac), and endpoint privilege management. The last was very important because our cybersecurity insurance what’s to hear that no one has local admin rights. This combined with Self Service Portal has been a big initiative.
I’m switching over Intune policies and pushing MDM profiles now.
Intune is great if every user account is neatly in your tenant so you can fulfill some of the user based requirements such as the self service portal but ME has let us bypass this and gives a more insightful look at our endpoints.
ARJeepGuy123@reddit
We've used it for a long time, updates have really been the only pain point. No major complaints otherwise
DenseDepartment8317@reddit
Same experience here. It's cheap and feature rich but has its quirks. My only issue is that I cannot do things like limiting ms365 login to mDM controlled laptops with manage engine, that looks like in tune exclusive
ARJeepGuy123@reddit
We use desktop central (on prem, I don't think it costs a whole lot) alongside intune. We're slowly working on transitioning all of our AD GPOs over to intune, and we use desktop central more than anything for remote control/assistance as well as the occasional software or registry push that would be less simple or slower to do with intune
jackalsclaw@reddit
>AD GPOs over to intune
How is the MS tool for that?
ARJeepGuy123@reddit
I'm not sure, we implement intune about a year ago, since then we've been doing any policy pushes in intune but haven't started actively migrating GPOs yet. I think our goal is to ditch on prem AD and be cloud only by the end of 2027 so will be looking at that tool soon. Honestly though we have so many old/stale policies it'll probably be mostly a manual process
Arudinne@reddit
There are tools for it? I've just been doing in manually over time.
LostDrengr@reddit
I am in same setup as u/ARJeepGuy123 so at some point the transition to Intune where its possible to take on any third party tools to strip back before selecting again. ME is ok and there seems to be a lot of overlap when you factor in all the apps available. Not far along really as we flipped from Google to MS365 which had us rotating off services over the past six months to get streamlined. Not really a fan of MS but I will give it a chance before I judge them on their admin tools.
No_Guarantee_1880@reddit
If you come from Ivanti Endpoint Mgmt, everything else is a god blessing 🙏🏻
Tr1pline@reddit
Oh God, Ivanti.
Tr1pline@reddit
I'd say I'm an expert at Endpoint Central online and standalone server. While they are Indian, at least they are responsive within 24 or 48 hours. Microsoft, support takes way longer for human interaction. Support wise, you get what you pay for. For about 3k in Manage Engine, you can get 50 endpoints and it's buy for life. If you stop paying the maintenance fee, they will still answer your support tickets. You just can't upgrade the server, which is fine. Depending on your Microsoft licensing you might get Intune with it so you can try it out first.
Intune and Manage Engine are both feature rich. Depends on your requirements.
Manage Engine is a bit easier to maintain. Intune takes a learning curve since it's integrated with the rest of the Entra/Defender xdr stack. Manage Engine has mobile management but I've never used it before. Intune has MAM and MEM if you need to support mobile devices. They have isolated containerized environment via Intune for business work which helps protect company data.
Manage Engine has great 3rd party library upgrade support regarding software updates while you'll need to create config to push for non MS store 3rd party app updates to your clients. Manage Engine has a built in remote login tool. Microsoft also has remote support tool so it depends on what m365 service you use.
Microsoft has Ring updates for monthly patching. Set it and forget it. However, they don't let you mass deploy manually. Manage Engine can manual updates whenever you want.
Manage engine has better management of hardware health including bios updates. Manage Engine has more information on one page while Intune data is scattered throughout its site. However if you need a VDI environment then intune is a way to go.
heet3727@reddit (OP)
Which services in Manage Engine is better for hardware health including bios updates?
Tr1pline@reddit
The notification settings are pre-confgiured and easier to setup. For instance, reaching max drive space detection in Manage Engine email is a check box. You can do that in Intune as well and it may be more customizable since they use tables from Azure logs, but that requires creating a KQL query and then creating a notification config in a different Microsoft portal.
Manage Engine has a free trial so you can test it out yourself. The online server is easy to manage, the offline server will be a learning curve and a lot of Q+A with support depending on what you're trying to do.
Hardware scans- you can do an hardware scan which takes 1/2hr max with Manage Engine. Intune does company portal sync which can be just as fast, but can also take a lot longer (hours).
I'm not going to speak on behalf of BIOS update for Intune as I've never ran it. However, Manage Engine treats BIOS update like any other application updates. Either it's available or its not.
mat-ferland@reddit
For 100 customers, I’d avoid choosing one tool to do everything. Intune is the policy and compliance lane; remote control, hardware telemetry, and patch weirdness may still need a second tool, but make sure tenant separation and reporting are boring before you commit.
heet3727@reddit (OP)
Which tool do you recommend for remote control, hardware telemetry
KingSummo@reddit
N-Able (N-Sight or N-Central)
Why would Intune even be a selection here? Sounds like you are after a RMM, not an MDM.
Interesting question to ask as an MSP
bdam55@reddit
Agreed; as an MSP Intune vs ME is a false dichotomy. There's RMMs out there focused on the MSP market; go look at those.
WorriedSmile@reddit
ManageEngine Desktop Central is like a budget Intune. It does deploy & patch 3rd party software better though.
brokenpipe@reddit
I can’t speak to MS Intube but Manage Engine was categorically one of the worst pieces of software I’ve ever had to use as an administrator.
plump-lamp@reddit
You do know they're an Indian based company right? So obviously the entire support team is... Indian.
Endpoint central is miles ahead of n-able
brokenpipe@reddit
Sure but many other vendors have Indian support as well and I can assure you are much better.
plump-lamp@reddit
Certainly not Microsoft and Intune lol.
And no. As someone who has several suites of manageengine tools, their support is actually not bad when compared to the industry. They have live instant chat for most products, email support, and call center support where you get right through. After the first tier they get your issue figured out pretty quick of its an actual issue and not a misconfigured one
WorriedSmile@reddit
ManageEngine support is definitely not bad. Have contacted them 5-7 times over the past 14 years for support. Will require the occasional hotfix if their updates created a new issue but they are quite knowledgeable about their products and responds quite promptly.
Reds0607@reddit
Managed ME for 7000 endpoints, one of the worst nightmares of my career
wangston_huge@reddit
This was my experience running manage engine in my lab maybe 4 years ago. You'd upgrade the server and it would just die, and the log files were meaningless.
Big_H77@reddit
Same experience… Once we made the switch to Defender EDR from Symantec, took the firm full bore into Intune and haven’t looked back since.
FatBook-Air@reddit
There are better products than Intune, but ManageEngine is not one. ManageEngine is seriously among the worst products I have ever the displeasure of using. It is unintuitive, it is buggy, and it is not secure.
kevvie13@reddit
I have both. Turns out i used intune more. I only use ME if i cant get intunenwork properly for certain policy or customization. Their config template is trash.
achristian103@reddit
Intune, by a country mile.
ManageEngine is slop.
reformedbadass@reddit
Intune + PMP
pantherghast@reddit
I’ve worked with both. I will never use a product from Manage Engine ever again.
Kojo789@reddit
Check out Action1
NoDistrict1529@reddit
stay far away from any ME product.
kiwi_cam@reddit
Manage Engine have a whole suite of products, I assume you’re referring to MDM Plus?
heet3727@reddit (OP)
EndPoint Central MSP
mousladbcom@reddit
ran into this exact decision about two years ago managing a mid-size MSP environment and honestly the licensing complexity on the ManageEngine side caught us off guard more, than anything else, what looks like a clean per-device price ends up pulling you toward add-ons pretty fast once you need the full remote control and patching story together. Intune was smoother for us purely because we were already neck-deep in M365 and, Entra.
NeezDuts900@reddit
Manage Engine products have been some of the worst unintuitive pieces of shit I've had the misfortune to use. There's a reason why they're the cheapest most of the time.
plump-lamp@reddit
Love endpoint central. More features than Intune by a mile but it depends on what you need. If just basic app deployments and msft patching? Intune is fine. Endpoint central for more advanced deployments, flexibility, better support, more features. If you're already paying for Intune start there and see if it meets the needs
cwk9@reddit
You may want to look at additional options. Intune has its quirks but it can be a good fit if you're already in Azure and 365. Manage Engine products tends to look good on price and features but the product quality is generally low. "You get what you pay for".