Microsoft Intune E3 and E5 Add Advanced Capabilities
Summary
Microsoft has begun including advanced Intune Suite capabilities in Microsoft 365 E5, with select features now available in Microsoft 365 E3 as of July 1, 2026. The change expands access to tools such as Endpoint Privilege Management, Remote Help, Cloud PKI, Advanced Analytics, and mobile management features, giving IT teams stronger endpoint security and more streamlined operations.
Introduction
Microsoft has officially turned on the packaging changes announced in late 2025: advanced Microsoft Intune capabilities are now included in Microsoft 365 E5, with selected capabilities also included in Microsoft 365 E3. For IT administrators, this matters because features that previously required separate planning may now be available through existing licensing, improving endpoint security, support, and management.
What’s new in Microsoft 365 E3 and E5
As of July 1, 2026:
- Microsoft 365 E5 now includes advanced Intune Suite capabilities.
- Microsoft 365 E3 now includes select advanced Intune capabilities.
- The change broadens access to tools designed for Zero Trust, endpoint visibility, and modern device operations.
Highlighted capabilities in the announcement include:
- Endpoint Privilege Management (EPM) to reduce standing local admin rights
- Remote Help for secure, auditable remote support
- Microsoft Cloud PKI for cloud-based certificate lifecycle management
- Advanced Analytics, including near real-time device query and Multi-Device Query
- Advanced mobile management from Intune Plan 2
- Microsoft Tunnel for MAM for secure app access on unenrolled BYOD devices
- Enterprise Application Management (EAM) to simplify app deployment and updates
Why this matters for IT admins
This update strengthens Intune’s role as a unified endpoint management platform that connects identity, security, compliance, and device operations.
For administrators, the biggest benefits are:
- Better security posture through least-privilege access and certificate-based authentication
- Faster troubleshooting with richer analytics and remote support tools
- Improved mobile and BYOD support without forcing full device enrollment in every scenario
- Reduced operational overhead through automated app and certificate management
Organizations managing distributed users, frontline devices, Cloud PCs, and mobile endpoints should see the most immediate value.
Practical next steps
IT teams should review licensing and feature availability first, especially for Microsoft 365 E3 tenants where only select capabilities are included.
Recommended actions:
- Audit current Intune add-ons to identify overlap with newly included capabilities.
- Review licensing assignments for E3 and E5 users and admins.
- Prioritize quick wins such as Remote Help, EPM, or Advanced Analytics.
- Evaluate BYOD and certificate strategies using Tunnel for MAM and Cloud PKI.
- Update endpoint management roadmaps to reflect newly bundled features.
Bottom line
Microsoft is making advanced Intune functionality more accessible through Microsoft 365 E3 and E5, which could lower adoption barriers for several high-value endpoint management features. For IT teams, this is a good time to reassess licensing, reduce standalone dependencies, and expand Zero Trust-aligned endpoint controls.
Need help with Intune?
Our experts can help you implement and optimize your Microsoft solutions.
Talk to an ExpertStay updated on Microsoft technologies