A Closer Look at Microsoft Intune
Read time 5 mins
Microsoft Intune is the cloud centric rendition of Microsoft’s endpoint management services. Intune brings the existing products together in a single product family and under an (almost) single user interface called the ‘Intune admin centre’. This was previously known as the ‘Microsoft Endpoint Manager admin centre’.
Put simply, Microsoft Intune is a cloud-based unified endpoint management (UEM) platform. It makes the admin process easier for organisations by providing one place from which admins can protect data, manage end user access, and support end users.
Such functionality is especially useful for modern organisations as they’re often challenged with managing multiple devices and applications for onsite, hybrid, and remote workforces. They also have to manage multiple operating systems including Windows, Apple OS, Linux, and Android, all of which are supported by Intune,
Using Microsoft Intune, admins can ensure that users have secure access to all the applications and company data they need to complete their day-to-day work. It can also be used to manage access to applications on personal devices if adopting bring your own device (BYOD) policies.
The basic Intune service (Microsoft Intune Plan 1) is included in Microsoft 365 E3, E5, F1 and F3, Enterprise Mobility and Security E3 and E5, and Business Premium plan subscriptions. Key features include the below:
- Mobile application management (MAM) and mobile device management (MDM)
- Policy deployment for apps, security, device configuration, compliance-based access requirements, and so on
- Integration with threat defence software, e.g, Microsoft Defender for Endpoint and other third-party partner services
- Self-service features for users to reset passwords, install apps, etc.
- Endpoint analytics, e.g., device and app health scores and other data-driven suggestions to improve productivity and user experience (note: advanced endpoint analytics is included within the Microsoft Intune Suite plan)
- Support for devices through features such as maintenance windows, shared device mode, and specialty device management.
Organisations may also expand these core capabilities using the following Intune add-ons:
Microsoft Intune Plan 2
An add-on to Microsoft Intune Plan 1 with advanced endpoint management capabilities. Microsoft Intune Plan 2 is part of the Microsoft Intune Suite which adds a set of advanced endpoint management and security tools.
Microsoft Intune Suite
Includes Microsoft Intune Remote Help, Microsoft Intune Endpoint Privilege Management, Microsoft Tunnel for mobile app management, specialty device management, and select features for advanced endpoint analytics in Microsoft Intune. A Microsoft Intune Plan 1 subscription is required.
Device and mobile application management
As stated previously, Microsoft Intune can be used to manage and secure both company-owned and personal devices (BYOD). In these instances, organisations would enrol in either mobile device management (MDM) or mobile application management (MAP).
MDM and MAP can also be used together for apps that require extra security.
Mobile device management (full device management)
MDM, as it sounds, is the administration and management of mobile company devices throughout their complete lifecycle. This includes laptops, smartphones, and tablets. More than this, though, MDM is a methodology through which organisations provide, configure, and secure these devices.
As working remotely has become expected – even essential – for many organisations and users these days, MDM has become an integral part of most organisations’ IT strategy.
Intune facilitates MDM by first allowing organisations to enrol devices with zero touch provisioning. In other words, configuring custom terms and conditions for all devices that can be deployed remotely.
Once enrolled, security certificates, device feature settings, security policy settings and all mandatory apps, including things like email profiles and a VPN connection can be deployed.
Next, Intune is able to ensure that the device in question meets all security and compliance standards (e.g., organisations may choose to mandate multi-factor authentication for devices to access the network) and restrict access to corporate resources if these policies and mandates are not met.
Finally, Intune can be used to manage access to remote support and also to retire devices if they are lost, stolen, or simply at end of life. For example, Intune can remotely perform selective wipes or it can be used to revoke access to company resources.
Mobile application management (application focused management)
MAP is a useful tool, particularly for organisations with bring-your-own-device (BYOD) working models or for those organisations that wish to protect certain apps with additional layers of security.
Unlike MDM, which is device-centric, MAP is user-centric, meaning it configures applications and access to data within them based on the user’s access privileges and not on the device used to them.
MAM uses conditional access as well as app protection policies to protect applications and the data with them (e.g., users may be unable to copy/paste data or save data to personal storage devices). Additional, flexible security boundaries may also be set in place using MAM, e.g. requiring a PIN to access data.
Using MAM organisations can:
- Publish mobile apps to users
- Configure apps and automatically update apps
- View data reports that focus on app inventory and app usage
Integration with Microsoft apps
So, we can see then, how, using Microsoft Intune, organisations can protect data on any device, both enrolled and unenrolled by controlling the way users access and share information.
Additionally, the Microsoft Intune suite is deeply integrated with Microsoft Security and Microsoft 365. It can also be integrated with other third-party partner devices and apps to provide organisations with a powerful end point management and security suite, with all the benefits of Microsoft’s regular updates and AI/automation capabilities.
Microsoft apps Intune can integrate with include:
- Configuration Manager for on-premises endpoint management and Windows Server
- Windows Autopilot for modern OS deployment and provisioning
- Endpoint analytics for information about end user digital experiences
- Microsoft 365 for Office apps (Outlook, Teams, Sharepoint, OneDrive, and etc.)
- Microsoft Defender for Endpoint to prevent, detect, investigate, and respond to threats
- Windows Autopatch for automatic patching of Windows, Microsoft 365 apps, Microsoft Edge, and Microsoft Teams
Microsoft Intune is a comprehensive solution that unifies endpoint management and security and allows organisations to improve their overall security posture in a way that works for them.
As well as offering a number of optional add-on features already, Microsoft have committed to adding more advanced capabilities to Intune in the future. This means the suite continues to deliver far beyond just the essentials and caters to a wide range of business needs.
To find out more about how Microsoft Intune, or any of the Microsoft technology stack, might benefit your organisation, please get in touch with our Microsoft experts using the green ‘get in touch’ button on this page.