men work in office on multiple devices enabled by Intune

 

Intune is a cloud-based, Azure AD-powered endpoint management software, from Microsoft that helps businesses manage and secure their users’ devices and applications. In 2023, the program is growing in importance as the hub for modern IT management and is a clear leader in the Gartner Magic Quadrant for Unified Endpoint Management tools.

This tool, when used effectively, can provide multiple benefits for your team. It can help save money, enhance security, and create a positive employee experience for hybrid work. Intune allows administrators to manage endpoint devices and applications from a single console, regardless of whether they are company-owned or personally-owned (BYO) devices.

 

Intune’s capabilities and features

Microsoft Intune provides a range of features, including:

  1. MOBILE DEVICE MANAGEMENT (MDM)

     The feature allows administrators to manage mobile devices, such as smartphones and tablets, by enforcing policies such as passcode requirements and the process of remote wiping of devices in case of loss or theft.
    Inforgraphic displaying the unique components of Microsoft Intune

  2. MOBILE APPLICATION MANAGEMENT (MAM):

    This allows administrators to manage applications on mobile devices, such as enforcing data protection policies and controlling access to corporate data.

  3.   PC MANAGEMENT:

    Allows administrators to manage PCs, including those running Windows, macOS, and Linux, by enforcing policies such as software updates and security configurations.

  4. CONDITIONAL ACCESS:

    Conditional Access Policies allow administrators to control access to corporate resources based on specific conditions, such as device compliance and user identity.

     

An advantage of Intune is that it natively integrates with other Microsoft services, such as Azure Active Directory, to provide a comprehensive solution for managing and securing devices and applications in a company.

 

How Intune Works

Intune helps businesses manage and secure mobile devices and apps. To achieve a good balance of security and user experience, it’s important to understand how the tool works.

There are five fundamental components that allow IT teams to leverage the power of Intune.

 

  1. ENROLLMENT

    Intune provides several methods for enrolling devices in the service. Depending on the business’s requirements, devices can be enrolled using an enrollment URL, Apple’s Device Enrollment Program (DEP), or Google’s Android Enterprise.

  2. POLICIES AND CONFIGURATION:

    Once devices are enrolled, administrators can configure policies and settings to manage the devices. For example, they can enforce device-level security policies such as PIN codes, or require that specific applications be installed on the device.

  3. APP MANAGEMENT

    Intune allows administrators to manage the applications installed on devices. They can deploy, update, or remove applications remotely, and can also configure app-level policies such as data-sharing restrictions.

    With the launch of the new Microsoft Store Apps Intune integration, administrators are able to harness a streamlined and efficient app management experience.

  4. CONDITIONAL ACCESS

    With Intune, administrators can set up conditional access policies that determine whether a user can access company resources based on factors such as device compliance, user location, or network connection.

  5. REPORTING AND ANALYTICS

    Intune provides reporting and analytics features that allow administrators to monitor device and application usage, as well as identify potential security risks.

 

The Benefits of Using Intune

As a leader in Gartner’s Magic Quadrant for Unified Endpoint Management tools, Intune offers a number of benefits in addition to the aforementioned application management abilities, conditional access, and reporting and analytics.

  •  CLOUD-BASED

    Intune is a cloud-based service management platform, which means that there is no need for on-premises infrastructure or hardware. This makes it easy to deploy and manage and provides groups with the flexibility to scale as needed.

  • MULTI-PLATFORM SUPPORT

    Intune supports a wide range of platforms, including Windows, iOS, Android, and macOS. This allows groups to manage all of their devices from a single platform.

  • SECURITY AND COMPLIANCE

    Intune provides a wide range of security and compliance features, such as device encryption, data protection policies, and remote wipe capabilities. This helps businesses to keep their data secure and comply with important industry regulations such as GDPR and HIPAA.

Commonly Asked Questions About Intune:

 

What is the Intune Company Portal?

The Intune Company Portal is a mobile app that allows users to access corporate resources and services from their personal (BYO) or company-owned mobile devices. It is commonly used in conjunction with Microsoft Intune and provides a central location where users can access company apps, data, and other resources that have been made available to them by their company. Users can also view their device compliance status and take necessary actions to ensure their device is compliant with their business’s security policies.

 

The Intune Company Portal app helps businesses maintain control over their data and resources while enabling employees to work from anywhere, on any device, securely. It is available for download on various mobile platforms, including iOS, Android, and Windows. Once downloaded, users can sign in with their corporate credentials and access company resources securely.

 

How do I Enroll a Device in Intune?

A very typical question we hear from new Intune users is simply how to enroll devices into Intune. The process is fairly straightforward and can be achieved by following these general steps.

  1. Go to the Endpoint Manager admin center and create a new device enrollment profile. This profile will determine the settings and policies that will be applied to the enrolled devices.

     

  2. Configure the device enrollment settings for your business. Some things you’ll want to set include authentication methods and enrollment restrictions.

     

  3. Choose the enrollment method you want to use. Intune supports various enrollment methods, including:

  • User-driven enrollment: This allows users to enroll their devices using the Intune Company Portal app.

  • Automated enrollment: This allows devices to be enrolled automatically, for example during the device setup process or using a device management solution.

  • Enrollment via Apple Business Manager or Apple School Manager: This method allows iOS devices to be enrolled using Apple’s device management programs.

     

    4. Once you have chosen your enrollment method, follow the instructions to enroll your device. The exact steps will depend on the enrollment method you chose, but you’ll typically need to enter your credentials and follow the prompts to complete the enrollment process.

After the device is enrolled in Intune, it will be managed and secured according to the settings and policies you configured in the device enrollment profile.

 

How do I Deploy Win32 Applications with Microsoft Intune?

First, you’ll want to prepare your application for deployment. First, you’ll need to package your Win32 application into an Intune-compatible format. Microsoft recommends using the Microsoft Win32 Content Prep Tool to convert your application into a format that Intune can handle.

Next, upload the application to Intune. Once your application is prepared, you can upload it to the Intune portal using the Intune Win32 App Packaging Tool. This tool will create an Intune package for your application that can be deployed to devices.

Create an app deployment policy: In the Intune portal, create a new app deployment policy that specifies the settings and configurations for deploying the Win32 application to devices. You’ll need to specify the target devices, the installation command line, and any additional configurations for the application.

Once you’ve created the app deployment policy, you’ll need to assign it to a group of devices or users that will receive the application. You can specify the group based on device properties, user properties, or a combination of both.

Finally, you’ll need to monitor and troubleshoot the deployment. After you’ve assigned the app deployment policy, you can monitor the deployment status in the Intune portal. You can also troubleshoot any issues that may arise during the deployment process.

 

How Does Intune Autopilot Work?

Intune Autopilot is a cloud-based deployment technology that streamlines the process of setting up new Windows devices in a business. It is designed to make a device’s lifecycle easier from deployment to retirement. It streamlines device management for end users and IT teams alike by automating the image deployment of new machines.

 

Here’s how Intune Autopilot works:

Pre-register devices:
Before deploying a new Windows device with Autopilot, the device needs to be pre-registered with the Autopilot deployment service. This can be done by uploading the device’s hardware ID to the service using a CSV file or via the Microsoft Store for Business.

 

Configure Autopilot profiles:
Once the devices are registered, Autopilot profiles need to be configured in the Microsoft Endpoint Manager admin center. Autopilot profiles are sets of configuration policies that are applied to devices during the deployment process.

 

Ship devices to end-users:
After devices are registered and Autopilot profiles are configured, they can be shipped directly to end-users without any manual setup required.

 

Devices connect to Intune:
When a new device is turned on for the first time, it connects to the Intune service and downloads the Autopilot profile assigned to it.

 

Automatic configuration:
The Autopilot profile configures the device automatically, applying settings and policies defined by the administrator. This includes joining the device to Azure Active Directory (AAD), installing apps, and configuring device settings.

 

Deployment status:
The deployment status can be monitored in the Microsoft Endpoint Manager admin center, allowing administrators to track the progress of device deployments and troubleshoot any issues that may arise.

 

Conclusion

To sum things up, Intune is a truly powerful tool for Unified Endpoint Management. And it is getting better. With innovative updates in 2023 for security and employee experience, the tool continues to progress in an upward trajectory.

Should you be considering a move to Intune, feel free to reach out to our team with questions. Our group is highly experienced with Intune and always eager to lend a helping hand.

 

Contact us to learn more about Intune

 

MILTON CATO

Milton is a Modern Work and Security Engineer in New York City. He works with clients in the Microsoft 365 space elevating and optimizing Endpoint Solutions for scaled and sustained growth. Milton is a self proclaimed foodie and avid concert-goer. Prior to joining Mobile Mentor, Milton has spent almost 10 years in the IT space growing his skillset and the companies he worked for. With an eye for automation and a “people first” mindset, Milton is an invaluable asset to any project he touches.