Key Takeaways
- Microsoft Intune UEM – Secure, Scalable, and Cloud-First Design
- Design Driven by Six Strategic Pillars: Futuristic, Aligned with Organizational Priorities, Connectivity, Migration, Secured and Agile
- Intune supports cloud-only, hybrid, and coexistence models based on organizational size, compliance, and existing infrastructure.
- Architecture Planning: Uses existing tools, manages different devices, and connects easily with Microsoft 365, Entra ID, and security solutions.
- Intune UEM Architecture – Centralized Management Across Platforms
Microsoft Intune architecture is designed to deliver a cloud-native, scalable, and secure unified endpoint management (UEM) platform. This post explains the Intune architecture along with a sample architecture diagram, highlighting how various components work together to manage users, devices, apps, and data across platforms. With ongoing enhancements aligned to Zero Trust and modern workplace requirements, Intune continues to evolve as a core endpoint management solution.
When organizations implement Microsoft Intune as part of their endpoint management strategy, they can make architecture decisions that align with their unique requirements and infrastructure. These architecture decisions are tailored to suit the organization’s specific needs and may vary based on company size, industry, security policies, and existing IT infrastructure.
Intune design considerations are guided by six key pillars: Futuristic, Aligned with Organizational Priorities, Connectivity, Migration, Secured, and Agile. These pillars ensure that the architecture supports internet-based management, smooth migration from legacy tools, strong security using identity-driven controls, and the ability to adapt quickly to new platforms and business changes.
Intune architecture decisions are crucial for organizations, and they revolve around three key pillars: Existing Investments, Device Management, and Integration. These pillars serve as guiding principles when considering the design and implementation of Microsoft Intune.
Table of Contents
Table of Contents
What are the Types of Microsoft Intune Architecture?
The Microsoft Intune Architecture includes 3 types Microsoft Intune Internal Architecture, Microsoft Intune SaaS Architecture, and Integration Architecture.
What are the Pillars of Intune Architecture?
Intune service is based on 6 main pillars as per Microsoft. These Pillars are very critical for Microsoft and Intune service. The Intune pillars include Availability, Reliability, Performance, Scale, Security, and Agility. SCCM Intune Architecture Decision Making Tips Sample Diagram Configuration Manager ConfigMgr.
What is the New Intune Architecture Diagram, and How to Decode it?
Intune architecture is the SaaS solution. Microsoft released an Intune Architecture diagram a few years back. Now Microsoft released the latest Intune architecture diagram with Intune suit representation etc. We will look into the old and new diagrams and then try to decode the latest architecture diagram.
Video – What is Intune Architecture – Part 1
In this video, you can see how Microsoft builds Intune Infrastructure in the Azure cloud. The architecture of Intune is a well-structured and intricately designed framework that empowers organisations to manage and secure their devices, applications, and data.
- Free Intune Training 2025 for Device Management Admins
- Intune Design Decisions Free Training | Version 1 Starter Kit | Basic
- What is Microsoft Unified Endpoint Management UEM?
Video – Sample Architecture Diagram Explained
In this video, you can see Intune architecture and what the core components are, what the core services are, the additional services with additional licenses, what is included in the Intune product family, and what are the components outside of Microsoft and other vendors that can be integrated with Intune.
What is Microsoft Intune
Let’s see how the Intune service or Intune started within Microsoft. Initially, the Intune service ran on a physical machine hosted in a private data center. And it used a distributed service running on Azure for geographical reasons, etc. The Usage of Intune began to scale in 2015. It is a highly scalable, Globally Distributed Cloud Service.
- The public information from Microsoft is that they tried to analyse different vendors before redesigning Intune with Modern Azure Services, so they looked into competitors’ technology and tried to acquir them.
- Most of the device management solutions were based on the client-server model. Now Intune is based on a Cloud service model, even though it has a server and client part.
- Intune service scales to Billions of devices and apps
- To learn more about Microsoft Intune, click the What is Microsoft Intune?
What is Intune Architecture
This is the core part of Intune architecture, public information available from Microsoft. Intune Architecture is built based on Azure Service Fabric (ASF) Clusters. In 2023, 29 of these clusters will be around 3 regions. Intune architecture is used as a case study for many presentations within Microsoft itself.
- There are 2 types of Nodes: Front-end (FE) Stateless Nodes and Middle-tier (MT) Stateful Nodes.
Which are the Intune Tenant Locations
Azure scale units are Intune tenant locations. As per the public information available, the Microsoft clusters are based on Azure Service Fabric (ASF). The window below helps you show details such as Azure scale unit, Storage name, CDN, etc.
Azure AMSU or Intune Tenant Locations
This is the 2023 Azure AMSU or tenant locations based on Azure service fabric clusters. There are 14 AMSU tenant locations, as service fabric clusters are available for America. The screenshot below helps you show the Azure AMSU or tenant locations based on Azure service fabric clusters.
- For Europe, you can see 10 AMSU are available
- And in Asia, there are 5 AMSU available
- Microsoft documentation shows the increasing number of AMSUs in different regions.
| Numbers | US | EU | AP |
|---|---|---|---|
| 1 | AMSUA0601 | AMSUB0101 | AMSUC0101 |
| 2 | AMSUA0602 | AMSUB0102 | AMSUC0201 |
| 3 | AMSUA0101 | AMSUB0201 | AMSUC0301 |
| 4 | AMSUA0102 | AMSUB0202 | AMSUC0501 |
| 5 | AMSUA0201 | AMSUB0301 | AMSUC0101 |
| 6 | AMSUA0202 | AMSUB0302 | |
| 7 | AMSUA0401 | AMSUB0501 | |
| 8 | AMSUA0402 | AMSUB0502 | |
| 9 | AMSUA0501 | AMSUB0601 | |
| 10 | AMSUA0502 | AMSUB0701 | |
| 11 | AMSUA0701 | ||
| 12 | AMSUA0702 | ||
| 13 | AMSUA0801 | ||
| 14 | AMSUA0901 |
Intune Architecture was Shared by Microsoft in 2015
This is the 2015 Architecture shared by Microsoft. There is nothing changed in the core architecture. NA Tenants that is America. Only 8 ASUs or tenant locations based on service fabric clusters, but now in 2023, it is 14. If you locate EU ASUs, it is 6 ASUs or tenant locations, but it is now 2023; it is 10. AP ASUs are 4, but in 2023 it is 5.
Intune ASU Architecture – Drilldown Service Fabric-Based Services
This Intune ASU architecture diagram is based on the data from 2015. In the Intune ASU Architecture, you can see that the Clients are communicated with the Azure load balancer; then it goes to the Azure Service Fabric ring. It includes the Front End Machines (FE), the templates used at the time are Azure A4, and the middle Tier Machines (MT), the templates used at the time are Azure A7. The Key Attributes are as follows.
- Stateful(Memory is Master)Architecture
- Inherently Scale-Out/Partitioned Data model
- Initial Ring Size(A7 50-70 MT,20-40 A4 FE)
- 5-way replicated for HA
- DR-Lazywritter to Azure Storage-(10 min RPO)
- Built on Azure Service Fabric
- 5 fault domains,5 upgrade domains
- 3-6 TB memory per ring
- Static partitioning per service (1 to 64 ways)
- Full DR requires a deployment and re-hydration(up to4 hrs)
| Stateless Service process | Stateful service process |
|---|---|
| 80 Types | 40 types |
| 2000 plus service instances | 2000 plus service instances |
| Components: Stateless Microservice | Components: Stateful Microservice |
| Intune Service Stack | Intune Service Stack |
| Service Fabric | Service Fabric |
High-Level Intune Architecture Integrated View with SCCM
This architecture is about Integration. Here, you can see Intune is integrated with SCCM, and you can also see the Azure cloud and Azure AD integration. Third-party Integration is also available.
High-Level Intune Architecture SaaS View
This is the High-level Intune SaaS view, and it is the client perspective from an organisational perspective. You can manage mobile devices, tablets, phones, PSs, Windows, and Mac OS devices here. You can manage all those devices with this SAS architecture, which you can see over here in this diagram.
Download Sample Architecture Diagram Explained
This is the latest architecture diagram that microsoft released. This diagram is called the Microsoft Intune Product family, and the Biggest box inside this architecture diagram is the Microsoft Intune service, which is the core of the Intune product family.
The Microsoft Entra ID is also there in this main box. The left side of the diagram shows the Intune suite, which includes many new services. Intune suite, Windows Autopilot, Endpoint analytics, Intune Data Warehouse, and Log Analytics are part of Intune product family. The following diagram is explained in the video Intune Architecture Decoded | Clear understanding of Intune High Level Architecture – YouTube.
Resources
High-level architecture for Microsoft Intune | Microsoft Learn
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Vidya. M. A – Experienced Intune Consultant and Technical Content Creator with 5+ years of hands-on experience in Microsoft Intune and community-driven technical blogging. Proven expertise in designing, deploying, and validating Intune policies, along with creating clear, step-by-step technical content for IT professionals. Recognised for contributing high-quality technical content, improving security compliance, and supporting community growth through consistent knowledge sharing.