You’ve decided. It’s time to give up legacy device management and switch to Microsoft Intune. Now, all you’ll need is the support of your executive stakeholders to get the project launched. No big deal, right?

You know Intune is the right call. You just need to convince your executives that it’s worth the headache. Below are several considerations that will help you make a compelling business case for Microsoft Intune.


Licenses: Intune is bundled with Microsoft 365

If you’ve already invested in Microsoft 365 licenses, congratulations, you are already paying for Microsoft Intune – it’s part of Microsoft Endpoint Manager, which is bundled into Microsoft 365 licenses. This makes for an easy business case. Any license expenditure on other device management technologies will be hard to justify once your company switches to Intune.


Going Zero Trust: Endpoint Security is Key

If you aren’t aware, the United States has mandated the adoption of Zero Trust Architecture for all federal departments. This is expected to cascade down to State and Local Governments and technology vendors like Microsoft are fully supporting this initiative to address the current wave of cybercrime. 

Even if you are not a US federal agency, it is clear that Zero Trust is the future of security design. Under Zero Trust, your perimeter changes from a castle-and-moat approach to one where Identity and Devices serve as the front line and every login attempt is based on a risk calculation.

This calculation happens in milliseconds because of the telemetry between the different layers of the security stack.  Therefore, the more you integrate your cloud infrastructure, the faster that calculation will happen and the more you can leverage AI and ML to improve the user experience.  However, if you rely on on-prem components, hybrid infrastructure and 3rd party products in your security stack…..it will be much more difficult to embrace Zero Trust.  

For the first time in history, you can provision, secure, manage and monitor all your endpoints centrally in one system using Microsoft Intune. This will accelerate the adoption of Zero Trust and facilitate better security.  Conversely, companies who do not embrace a Zero Trust architecture will be left behind with increased exposure to hacks and breaches.



Moving to Intune will have costs. It requires design and configuration, it must be implemented and tested, and finally, you need to migrate users and their devices. However, discovery & design, implementation, and even user migration can often cost less than a year of licenses for your legacy toolset! 

In most instances we’ve encountered, migrating to Intune will cost roughly the price of a year’s worth of individual device licenses with traditional vendors like Altiris, Manage Engine, JAMF, Workspace ONE (AirWatch) or MobileIron.  

Microsoft Intune uses per-user pricing by default (shared devices may require a device license). So, using the per-user pricing from VMWare for example, you can easily calculate: 

[Monthly Legacy License Cost] x 12 x [user count] = ______________ 

This will get you a rough estimate of the cost to migrate. Once migrated, the same number is your yearly savings in perpetuity – finance nerds can take this even further to calculate the present value using a perpetuity formula.  

Per User and Per Device Monthly Pricing - Workspace ONE (AirWatch)

Per User and Per Device Monthly Pricing – Workspace ONE (AirWatch)


Time is money: Save Time with Microsoft Intune  

Downtime is expensive. When you hire an employee, you’ll want them up and running as soon as possible – not waiting for your IT team as they get devices imaged and configured.  Many companies experience the pain of delayed employee starts due to technical device setup time. When employees are on the clock and unable to work, sizable financial implications are at stake when considering the loss of time at scale. 

Microsoft Intune, coupled with Windows Autopilot, Apple Business Manager and Android Enterprise, can eradicate this lag in productivity. By using these modern technologies, zero touch provisioning becomes possible for ALL your devices (desktops, laptops, tablets, and smartphones). This allows you to order and ship new devices directly to users and avoid the proverbial stack of boxes in the office waiting for IT.  

Users unbox their new device, sign-in with their work credentials and the device self-configures over-the-air from any internet connection. Microsoft Intune reduces provisioning time by 80% – 90%, saving precious time for your IT team. 

Further, Intune reduces application provisioning (45%) and testing time (70%), and increases uptime per Microsoft’s Total Economic Impact study

With Intune, your IT team will be freed to work on innovation and value creating projects, rather than keeping the lights on. 

[Number of Devices Provisioned / year] * [Fully Loaded Hourly Rate] * 2.5 + 

[App Management Hours / Year] * [Fully Loaded Hourly Rate] * 45% +  

[App Testing Hours / Year] * [Fully Loaded Hourly Rate] * 70% +  

[Hours of Downtime / Year] * [Fully Loaded Hourly Rate] * 20% = _______________ 




Improved Security: Beefing Up Security as a Cost-Mitigation Measure 

According to the Ponemon Institute’s 2020 “Cost of Data Breach Study,” the global average for a data breach is $3.83 million, but the average cost of a data breach in the United States has hit an all-time high of $8.64 million

For the first time in history, it is now possible to secure, manage and monitor all your endpoints from a single system – Microsoft Intune.  In the past you probably had one toolset for Windows (e.g., SCCM), a completely different toolset for iOS devices (e.g., AirWatch) and possibly different again for Macs (e.g., JAMF). 

Now you can have a consistent set of security policies, device management practices and compliance rules across all devices.  Take that further with a common naming convention, a unified app store and integration with OneDrive…….and you can quickly see how your security posture improves with Intune. 





Improved Privacy: A BYOD Solution Your Users Will Love 

70% of people use personal smartphones at work. Yet, 60% of personal (BYO) devices are not secured. If your company falls into this category, then securing data on personal devices is paramount to good security. 

Without security for personal smartphones, your company is at risk of a breach. Industries suffer mobile breaches regularly. Here’s some data from the 2020 Verizon Mobile Security Index Report.



Intune has a very elegant solution for BYOD.  You are probably aware that before Intune, many companies attempted to manage their employees’ personal devices with tools like VMware AirWatch.  This always received a lot of push-back and generated friction between IT and the end-users. 

Intune protects data in work-related apps like Outlook and Teams, without managing employees’ devices.  This capability is called “App Protection Policies” and it leads to a completely different conversation between IT and the users. IT is now able to assure users of their personal privacy while keeping work data secure in work applications. 

While there is no bottom-line savings with this business case, if your company has already purchased Microsoft 365 licenses then your only cost is implementing a balanced BYOD program


Windows 365: Can Be Managed Only Via Microsoft Intune 

You may have heard of Windows 365, Microsoft’s new virtualized version of Windows 11. Windows 365 can only be managed via Microsoft Intune. There is no way to manage this virtualized system via Configuration Manager (SCCM) or another legacy, image-based technology. 

If you want to take advantage of Windows 365, you must have Intune. 


Reduce Complexity: Drop legacy Windows Device Management 

Legacy Windows management is expensive for three reasons. First, legacy management requires the creation of a “golden image,” which must be maintained and updated continuously. For large companies, often an entire team exists just to keep this image maintained. 

Second, legacy management requires manual patch approval. Windows Server Update Service (WSUS) is a legacy technology that forces IT teams to review and approve patches for their company. This worked fine 20 years ago when patches were infrequent, but now operating system updates occur at a fast pace.  

Third, legacy management requires on-premise servers. Configuration Manager and WSUS are both legacy technologies that require on premise servers and were designed for machines that never leave the building. That just isn’t how work is done. Server maintenance is expensive.  

The exact costs for each of these three items will vary by company. Find and calculate the cost for each of these three things and use them to make the case for Intune.  

[Hours dedicated to image maintenance] * [Fully Loaded Hourly Rate] + 

[Hours spent on patch management] * [Fully Loaded Hourly Rate] + 

[Hours spent on server maintenance] * [Fully Loaded Hourly Rate] + 

[Cost of server hardware + utilities] = ____________ 

Microsoft Intune does not use an image. It uses profiles, and greatly reduces the amount of work required to manage a fleet of devices. Further, you can use Windows Updates for Business to drive operating system updates without the expensive overhead. Finally, Intune is a cloud-based system and requires no on-premise servers – it’s designed for hybrid and remote work. 



When getting ready to present your business case to your executive committee, CFO, or other stakeholders, you’ll want to have a few quantitative metrics on hand, but don’t forget the qualitative factors as well. Here are some pieces of information that will prove helpful in preparing your appeal for Intune: 

  • Migration costs:  Consider that most migrations require a partner, so you’ll want to reach out to potential partners for estimates before presenting.  

  • A scope of time: Your selected partner should be able to give you an estimate of time and resources your IT team will need to free up to rollout Intune. Be sure to factor the hours and cost of allocating team members specifically to this project.   

  • Tally of cost for current device licenses: Calculate the total amount of devices you’re currently using with your legacy MDM – then aggregate the cost you are paying for those device licenses annually. 

  • Timeline of Savings: Total up your front-end costs and create a timeline that showcases when and where your company will begin to see significant savings. Often, you’ll begin to see a substantial ROI after year one of rolling out Intune.  

  • User Impact: the elegance of the Intune solution is very appealing to execs who have witnessed failed BYOD programs in the past.  They will appreciate how Intune will empower employees without encroaching on their privacy. 

Getting your executive stakeholders on board by presenting a compelling business case will alleviate doubts from potential detractors as your team moves forward. It can also energize your team as they prepare for the project. Make sure you have your ducks in a row before presenting, then celebrate your win when your group begins to financially benefit by moving past your legacy toolset. 

We’ll see you on the other side. 


Contact us to learn more!