Intune Suite features coming to Microsoft 365 in 2026 and why this matters.
When Microsoft introduced Microsoft 365 E5, it was clear what it was intended to do. Consolidate customers vendor eco-system. This was clear by the investments in areas that clearly step on competitors toes, for example, Microsoft 365 E5 comes with:
- eDiscovery Premium: Providing enhanced compliance tooling
- Microsoft Purview Audit (Premium): Delivering long-term audit retention
- Entra ID Plan 2: Provides strong conditional access, identity protection, Privilege Identity Management, and risk-based controls
- Defender for Endpoint Plan 2: Delivering Endpoint Detection and Response (EDR), Threat and Vulnerability Management (TVM), automated investigation, and advanced hunting.
Microsoft 365 E5 was the gold standard for Microsoft productivity and security. Then, in 2023 (following preview in late 2022), Microsoft released Intune Suite, an add-on that added significant capability to device management. Features included:
- Intune Remote Help
- Microsoft Intune Endpoint Privilege Management
- Microsoft Intune Advanced Analytics
- Microsoft Intune Enterprise Application Management
- Microsoft Cloud PKI
- Microsoft Intune Tunnel for Mobile Application Management (MAM)
- Firmware-Over-The-Air (FOTA) Updates
This came at a price of $10 per user per month. This has resulted in not much market take up despite it being a very strong bundle. If you have 1,000 users, an extra $10,000 a month is a big ask, that needs a visible, fairly immediate return. The vendors you would look to displace as part of this investment would take time, and would struggle to see the return over a reasonable time frame. Crucially, there are multiple capabilities in play here that would require significant planning and rollout.
All change in 2026
In December of this year, 2025, that all changed. With Remote Help, Advanced Analytics, and Intune Plan 2 coming to Microsoft 365 E3 and Endpoint Privilege Management, Enterprise App Management, and Cloud PKI coming to Microsoft 365 E5. Firstly, I know this comes with a price rise of $3 per user, per month (coming into effect on 1st July 2026) for Microsoft 365 E5 customers, with other Microsoft 365 SKUs also seeing a price increase, and there is a lot of discussion around that specific news, however, in this post, I want to focus on the features that are coming as part of this increase, the value that can be realised, by support teams, and end users.
Benefits
A key benefit to these features coming to the base Microsoft 365 E5 SKU is they are there for you whether you choose to leverage them or not. The conversation with finance teams is very different, your explaining a vendor price rise, not asking for additional spend for new features. You can look to support the finance woes by looking at whether there is scope for vendor consolidation. I want to stress that in all of these features, Microsoft’s offering is not necessarily the best.
There may well be better solutions on the market, but it’s worth asking the question if your the included capability is “good enough”. In some cases, it isn’t, in a lot of cases it is. An example, although not related to these capabilities, is where I was recently engaged with a client looking at vendor consolidation options. Mail hygiene came up in discussion where they were using Mimecast. Through discussion, it was clear there were capabilities they were using that could not be realised with Microsoft Defender for Office 365 Plan 2. Equally, they were using a third party endpoint protection platform, whereby they we’re only scratching the surface of the capabilities, and are now looking to pilot Defender for Endpoint Plan two.
Some of the capabilities will not result in vendor displacement, but may be an opportunity to decommission infrastructure on premises, or IaaS that you have sitting in Azure. This post will run through some of the capabilities of each service that’s coming to Intune as part of Microsoft 365 E5, what the service is, how this might offer a benefit to your organisation, what services you might already be using that could be displaced, and what user and/or security benefits this brings.
Capabilities
Intune Remote Help
What it is.
Intune Remote Help is a cloud-based remote support solution that enables IT helpdesk staff to securely connect to a user’s device to provide real-time assistance. It integrates with Intune’s management plane and uses enterprise-grade security controls.
Organisational benefit.
For organisations with distributed workforces, this capability removes barriers to effective support. Helpdesk teams can troubleshoot and resolve issues anywhere, reducing downtime and travel costs, and improving user satisfaction. Organisations that have previously relied upon quick assist will also see a significant benefit, as they will now be able to handle user administration elevation where a support engineer needs to run a process in the administrator context (where the device is managed by Intune and appropriate RBAC has been configured).
Possible displacement.
Standalone remote support products such as TeamViewer, or LogMeIn Rescue. Given the native Intune integration, you avoid the licensing and complexity overhead associated with third-party tools.
User and security benefit.
Users will experience improved support from their support team, with a more feature rich interface to support them. From a security perspective, sessions are audited and governed by Entra ID role-based controls, reducing the risk associated with broad remote access privileges. Coupled with Advanced Analytics that will also be coming to Microsoft 365 E5, support personnel will also have a good insight into the health of the users device, reducing the troubleshooting time needed in a remote support session.
Endpoint Privilege Management (EPM)
What it is.
There are applications used in various verticals that must run in an administrator context. This has always been a tough balance for operations teams who try and balance usability with security needs. Endpoint Privilege Management mitigates this by enabling controlled elevation of privileges for standard users, in alignment with a Zero Trust least-privilege model. Rather than granting local administrator rights broadly, policies allow specific elevated actions as approved.
Organisational benefit.
EPM significantly reduces risk exposure by eliminating unnecessary administrative permissions on endpoints. This contributes to a reduced attack surface and supports compliance frameworks emphasising least-privilege access.
Possible displacement.
Third-party privilege management solutions (e.g. BeyondTrust, CyberArk Endpoint Privilege Manager) could be rationalised where basic elevation policies suffice within Microsoft’s ecosystem.
User and security benefit.
Users are empowered to perform necessary tasks without full admin rights, improving productivity while enhancing security. Detailed audit logs of privilege elevation activity also aid compliance reporting and incident investigation.
Advanced Analytics
What it is.
The first part of any remote support session is gathering information about an endpoint. Instead of starting cold, Advanced Analytics gives you proactive signals and trends so you know where to look first. With advanced analytics we can mitigate a lot this effort. You will get a lot more telemetry sent to Intune, allowing you to get a clearer picture of what you’re dealing with. Intune Advanced Analytics provides enriched telemetry and actionable insights into the health, performance and experience of managed devices. It helps IT teams anticipate and remediate issues before they materially impact users.
Organisational benefit.
With predictive insights, organisations can reduce reactive firefighting. IT can monitor trends such as device performance or compliance drift, allowing proactive intervention and better SLA achievement.
Possible displacement.
Standalone analytics or endpoint experience monitoring tools could see reduced utilisation, particularly where they overlap with Intune’s built-in dashboards and insights.
User and security benefit.
End users benefit from higher reliability and responsiveness of devices. As an example, support teams can remotely see the health of an endpoints battery. When it’s observed the battery is in a degraded state, a replacement or repair can be facilitated, often before the user notices any real impact to productivity. From a security standpoint, early detection of deviation from compliance or baseline behaviour can prompt corrective actions and reduce exposure.
Enterprise Application Management
What it is.
Third party application management is a headache for every support team, and over recent years has become a key area of focus with Cyber Essentials Plus requiring any CVE above 7 to be remediated within 14 days from the release of a patch. Enterprise Application Management has helped this by introducing a curated enterprise app catalogue and simplified deployment workflows for Win32 and other applications. It automates many settings that would previously require manual packaging. For example, we’ve all managed Adobe Reader, and know that the constant remediation is some what of a laborious pain. Enterprise Application Management significantly mitigates (although doesn’t remove) the amount of packaging needed.
Organisational benefit.
For organisations managing large fleets with diverse application estates, this feature can expedite deployment pipelines, standardise app delivery, and reduce packaging overhead.
Possible displacement.
Traditional software distribution platforms such as SCCM workflows, or third-party app management suites, may be rationalised where Intune’s catalogue and automation suffice. Other third party application management suites will be more feature rich, and possibly support a broader portfolio of applications. Personally, I’m a big fan of Robopack, which offers useful customisations and the ability to upload custom applications.
User and security benefit.
Users receive approved applications faster and more consistently. Security posture improves by maintaining up-to-date application versions and reducing the window of exposure to vulnerabilities.
Microsoft Cloud PKI
What it is.
This is my favourite addition to Microsoft 365 E5! Cloud PKI is a cloud-native public key infrastructure service that automates certificate issuance, renewal and revocation across Intune-managed devices, eliminating the need for on-premises certificate authorities and connectors, and this is a complex, often fragile beast, that is an art in it self to keep healthy. Certificates come in extremely useful when you’re managing enterprise grade wireless or 802.1x
Organisational benefit.
It dramatically simplifies deployment of certificates for VPN, Wi-Fi, email and device authentication. Organisations can retire complex, costly on-premises PKI servers and connectors. In many cases, Active Directory CS and and all the required integrations are stood up exclusively for, or left purely to support issuing certificates to users and endpoints. A modern approach to certificates has been long overdue. The key barrier I’ve seen to adoption of Cloud PKI, has been cost, with the alternative often being human effort and a few Windows Server VMs.
Possible displacement.
Traditional enterprise PKI solutions, including Microsoft AD CS and various certificate provisioning connectors, become redundant for managed devices. Cloud PKI can be employed instead for most common use cases. In my case, this will enable me to remove:
- Issuing Certificate Authority
- NDES
- Certificate Connector
Not only are these components I don’t have to manage anymore. They’re security risks I’ve, to an extent, transferred to an ISV. I don’t want to overstate the benefit here, this is only for Intune managed devices, with limited and specific certificate needs. There will still be Certificate Authority needs for other services and systems.
User and security benefit.
Users benefit from seamless certificate-based authentication experiences (including Wi-Fi and VPN). Security benefits through reduced infrastructure attack surface and consistent certificate lifecycle management.
Microsoft Tunnel for Mobile Application Management (MAM)
What it is.
This is a secure, app-level VPN solution for mobile devices that provides controlled access to corporate resources for unmanaged devices through MAM policies. It extends the Microsoft Tunnel Gateway, so you’ll still run and maintain the Tunnel infrastructure.
Organisational benefit.
It allows organisations to grant secure access to line-of-business resources without full device enrolment, reducing friction and broadening BYOD enablement.
Possible displacement.
Third-party VPN clients and MAM-specific gateway solutions may be replaced where the use case fits within Intune’s capabilities.
User and security benefit.
Users experience secure access to corporate data without the complexity of full device management. Security is maintained with conditional access signals and app-centric controls.
Firmware-Over-The-Air (FOTA) Updates and Managing Specialty Devices
What it is.
FOTA is only really going to of value in limited and specific verticals, for example retail, where hand scanners are often adopted for front of house guest services, or in warehouse scenarios. Crucially, this is going to rely on specific specific OEMs and device classes to realise this value. FOTA enables remote updating of device firmware on supported endpoints, while Intune’s extended management covers specialty devices such as AR/VR headsets or dedicated hardware.
Organisational benefit.
This reduces operational overhead for maintaining up-to-date firmware across diverse hardware estates, ensuring patch levels and device health are maintained without manual intervention.
Possible displacement.
Dedicated firmware-update platforms or device-vendor specific management consoles may become less critical where Intune can manage these updates, reducing the interfaces support teams need to engage with.
User and security benefit.
Keeping firmware current improves stability and security by reducing vulnerabilities at the hardware layer. For specialty devices, centralised management enhances consistency and reduces bespoke support fragmentation.
Summary
Although there are incoming price increases coming to Microsoft 365 SKUs in 2026. There are also a lot of benefits coming with it. Some of these capabilities will be new, bringing a mix of end-user, administration, and security benefits, some will be an opportunity to review your vendor eco-system, and others will be an opportunity to replace infrastructure.