Intune has grown enormously. What was once a fairly simple MDM platform is now the centrepiece of Microsoft's endpoint management story — handling everything from Windows autopilot enrolments to iOS app policies and Linux device compliance.
Here are five things I wish I had known earlier.
1. Use Assignment Filters everywhere
Assignment Filters let you target policies at subsets of devices without creating additional groups. Filter by device model, OS version, manufacturer — any property exposed by the device. Once you start using them you'll wonder how you managed without them.
2. Remediation Scripts beat Compliance Scripts for proactive fixes
Compliance scripts tell you a device is non-compliant. Remediation scripts actually fix the problem. Use them together: detection script finds the issue, remediation script resolves it automatically. Perfect for registry settings, service states, and software configurations.
3. Scope Tags are not optional at scale
If you have multiple teams or customers, Scope Tags are the only way to prevent accidental policy cross-contamination. Set them up early — retrofitting them onto hundreds of existing policies is painful.
4. Monitor the Service Health dashboard weekly
Intune service incidents are posted to the Microsoft 365 admin centre under Service Health. Many "my policies aren't applying" issues are actually Intune service incidents. Check there before you start troubleshooting devices.
5. Use Endpoint Analytics to find your slowest devices
Endpoint Analytics gives you boot time, app reliability scores and restart frequency per device. Sort by worst performers and you'll quickly find the machines that need hardware attention — not more GPO tweaks.