M365 Premium and AAD, which includes Intune and Defender for Endpoint, are the foundations of my stack. I'm attempting to keep my stack as 'lean' and 1st party as possible, and I'm avoiding using any additional 3rd party agents. I'm not sure how legal this is in MSP, but it's a route I'm considering.
One noteworthy area where Intune falls short is patching third-party applications, which is handled by third-party RMMs. According to my research, one popular way to get around this limitation is to use Intune in conjunction with a vendor called Patch My PC, which uses Intune to patch popular third-party apps.
http://call-bomber.co.in/
Hey
If you are indeed interested in finding out more about our product and how we integrate with Intune you can see more here - https://patchmypc.com/third-party-patch-management-for-sccm-and-intune
Additionally, you can see what our existing customers say about their experience with us here - https://patchmypc.com/customer-testimonials