Intune Suite: Not an Add-on but a part of your Microsoft 365 Suite
In December 2025, Microsoft announced a major change to the Intune Suite. The Microsoft Intune Suite will become part of the Microsoft 365 E3 and Microsoft 365 E5 licenses instead of remaining a standalone add-on. In previous blog posts, several powerful capabilities of the Intune Suite were described in the Blog Series: Intune Suite a hidden Gem?
This post highlights what are, in my opinion, the three most valuable features that will be included in the Microsoft 365 E5 license and are essential for supporting a modern workplace environment. It is not an in-depth review, but a brief overview of where these tools, based on personal and customer experience, can provide the most value.
Changes to Microsoft 365 E3 and Microsoft 365 E5 licenses
Following the announcement that Intune Suite capabilities will be included in Microsoft 365 E3 and Microsoft 365 E5 licenses, questions have arisen about which features are available in each plan.
The image below, created as part of the announcement, provides a detailed overview of what is included in each plan. A similar table is available in Microsoft’s official blog announcement; see the documentation below for a link to the Microsoft article.
Summary changes in the license plan.
- Microsoft 365 E3 includes: Intune Remote Help, Intune Advanced Analytics and Intune Plan 2.
- Microsoft 365 E5 includes everything in Microsoft 365 E3, plus Intune Endpoint Privilege Management, Microsoft Cloud PKI and Intune Enterprise App Management.
These capabilities make it possible to implement and support a modern work environment even more effectively. The following three features, in particular, can have a significant impact on the support and rollout of a modern environment. These features are briefly explained below.
1. Intune Remote Help
Supporting users and being able to remotely connect to their devices has always been a key responsibility for workplace administrators. There are many tools available that offer this capability. So where does Intune Remote Help stand out?
A major advantage of Intune Remote Help is that it is built directly into the Microsoft Intune console, allowing remote sessions to be initiated from the same interface. In the classic device view, the connection can be started via the three-dot menu (...), while in the new device view it is available under Tools and report to begin a remote assistance session.
Because it runs in the same console, it is possible to use the same Entra ID groups to define which users are allowed to initiate remote assistance. In addition, Conditional Access can be used to configure and enforce access controls for this service.
For guidance on activating Intune Remote Help and using it with Conditional Access, refer to the earlier blog posts on this topic, which are listed in the documentation section.
2. Intune Endpoint Privilege Management
Enrolling devices where users do not have local administrator rights is by far the best method for managing and securing those devices. Still, there are situations where users temporarily need elevated privileges. This is where Intune Endpoint Privilege Management comes in. With this feature, it is possible to control which actions can be performed with elevated rights.
I published an article about this feature several years ago when it was first introduced, and since then Intune Endpoint Privilege Management has seen major improvements. As mentioned before, this section only highlights the feature; for a more in-depth overview of its capabilities, refer to the official Microsoft documentation or the broader community.
Intune Endpoint Privilege Management essentially relies on two configuration policies. The Elevation settings policy is used to enable the feature, while the Elevation rules policy defines the conditions for granting just-in-time access to apps and files on Windows endpoints. Both policies are created in the Endpoint Privilege Management in the Endpoint Security node in Intune.
One of the functions that is added to Intune Privilege Management is de possibility to audit the use of local administrator rights. With the diagnostic data we can use the reports to transition from local administrator to standard user. Stay (in)tuned, I'm planning to write a blog about this report feature.
3. Intune Enterprise App Management
Beyond configuration, installing applications on managed devices is a core capability of Microsoft Intune. There are numerous options and third-party tools available to deploy and keep applications up to date. To simplify this, Microsoft Intune includes the Intune Enterprise App Management feature, which streamlines application deployment and maintenance. With Intune Enterprise App Management, applications can be installed and updated directly from the Enterprise Catalog.
Third-party vendors may offer more apps, but just like the Intune Remote Help feature, the key advantage of Intune Enterprise App Management is that it is built directly into Microsoft Intune. It also supports self-updating apps, which update on client devices according to the vendor’s own update process, while Intune reports the app version detected on each device. To update an app, the supersedence feature can be used in the same way as with a Win32 app.
In environments without highly complex applications, and where Microsoft 365 E5 licenses are already in use, Intune Enterprise Application Management can be an excellent choice. For more information, see the blog post on this feature, which is also referenced in the official documentation.
Recap
With Microsoft Intune Suite capabilities now included in the Microsoft 365 E3 and E5 plans, adopting these powerful features becomes much easier. This post highlighted key capabilities that help enable and support a modern workspace environment. Use Intune Remote Help to provide secure remote assistance. Implement Intune Endpoint Privilege Management to begin, or further advance, the move away from local administrator rights. For application control, Intune Enterprise Application Management can be an ideal solution for many organizations. When using a Microsoft 365 E3 or E5 license, it is worthwhile to explore these features as they become available.