Microsoft Intune

Introduction Microsoft Intune

Introduction

Microsoft Intune is a cloud service that provides mobile device management, mobile application management, and PC management capabilities. Intune’s mobile productivity management capabilities help organizations provide their employees access to corporate data, applications, and resources, while helping to protect their corporate information.

Intune supports Windows, Windows Mobile, iOS, Android, and macOS devices and provides several options for protecting corporate data on these devices. Intune has two deployment modes: “standalone”, as a fully cloud-based service which requires no on-premises infrastructure, and “hybrid”, working with on-premises System Center Configuration Manager. The Intune primary subscription includes usage rights to Configuration Manager, which allows organizations to manage PCs and mobile devices

Mobile Device Management (MDM)

Intune can manage both company-owned devices as well as end users’ personal devices, popularly known as “bring your own device” (BYOD). MDM allows corporate IT to control the following aspects of a device through the Intune web-based administration console: management, inventory, app deployment, provisioning, and retirement. With MDM scenarios, end users can enroll and remove their devices, install company apps, get quick access to company resources via email, WiFi, and VPN profiles, and contact their IT department or helpdesk by using an app called Intune Company Portal.

Mobile Device Management (MDM)
Mobile Application Management (MAM)

Mobile Application Management (MAM)

Intune has the ability to set app restriction policies at the app level for use with or without MDM device enrollment. Intune’s MAM capabilities enable IT to help protect corporate data with the policies that restrict data leakage such as “Cut/Copy/Paste/Save As”, provide encryption at rest, enforce application access and compliance, and remove corporate data at the application level.

Conditional Access

Intune allows IT to manage access to corporate data with its conditional access capabilities which ensure that only managed and compliant devices are able to access corporate email and files – all without requiring on-premises infrastructure. If the device is not managed by Intune or compliant with IT policies (such as password strength, encryption, OS version), the access is blocked. Additional checks such as group membership, location, and risk profile can be done at the user level with Azure AD Identity Protection that can further ensure that only authorized users can access work email, files, and SaaS apps.

Conditional Access
PC Management

PC Management

Intune also manages computers running supported operating systems using the Intune agent or via MDM. The hardware and software requirements to run the computer client are minimal—any system capable of running Windows Vista or later is supported. The client software can also be easily installed on either domain-joined computers (in any domain) or non-domain-joined computers. In addition, Intune works with System Center Configuration Manager to support more advanced PC and server management scenarios.