Let’s check the Mobile device management options with Microsoft Endpoint Manager (MEM). Intune Enrollment options(iOS Android macOS Mobile Enrollment) are discussed in the Ignite 2019 sessions. More details about the Microsoft Ignite sessions are given below.
NOTE! – The following details are taken from What’s new in Microsoft Endpoint Manager, including Microsoft Intune and Configuration Manager (Part 1 of 2) Ignite session by Paul Mayfield, Terrell Cox, and Micro-Scott.
Ignite 2019 Coverage
- Microsoft Endpoint Management SCCM Intune Windows Updates (this post)
- Microsoft Endpoint Manager is the future of SCCM Intune MEMMI MEMCM
- iOS Android macOS Mobile Enrollment Options with Intune
- Basics of Windows Dynamic Update Explained Update Management
- WVD End User Experience Availability Updates
- MSIX Updates from Ignite Reliability Network Disk-space
- Microsoft Learning Certification Exams Updates
- On-Prem WVD Options Azure Quantum Qualys Scan Integration
- Intune Reporting Strategies Advanced Reporting
Android Enrollment Options
Android management options with Intune.
- Flexible deployment scenarios
- Zero-touch and Knox Mobile Enrollment
- BYOD (Personally Owned)
- Intune APP (App protection – MAM only scenario) – Corp Data and Apps
- Android Enrollment (AE) Work Profile – Deploying Certs and WiFi Profiles
- Company Owned
- AE Dedicated (KIOS Devices)
- AE Fully Managed (Knowledge Workers)
- BYOD (Personally Owned)
- Management of OEM-specific features beyond the Android platform
- Customizable end user experience with Microsoft Launcher
Intune Data Protection Policies
- Comprehensive security and data protection
- Configurable Enrollment
- User Enrollment and Intune App Protection Policies (best use experience for office apps)
- Smart card “derived” credentials give passwordless resource access (advanced scenarios)
Fully Managed Android Device
- 11 apps provisioned
- Factory reset is disabled
- Android Device Policy – Native Management Client
- Google Play Provisioned apps – Web applications as well
Android OEM Configuration Options – Fully Managed
Android App – Associated App – Out of Box Cofiguration options OEMConfig
Templates are Downloaded Automatically from Vendors
Android configuration Out of Box Options. These Templates are downloaded automatically from vendors.
iOS and iPadOS Management
- Multiple Deployment options
- Best-in-class configurable enrollments
- Intune APP (App Protection Policies)
- User Enrollment (Public Preview – Apple released with iOS 13)
- Company Owned?
- Device Enrollment (Classic MDM enrollment with Intune Company Portal)
- Automated Device Enrollment (Apple DEP)
- Device Configuration and Management
- Current iOS management applies to iPadOS devices
Settings iOS iPadOS Policies from MEM Intune Portal
Same set of policies for iOS and iPadOS. However, there are some changes in the Intune policy settings UI. See the options below:
- All Enrollment Types
- Device Enrollments and Automated Device Enrollments
- Automated Device Enrollment
NOTE! – Policies can be configured – Groups based on Enrollment type
All Enrollment Types – These settings work for devices that were enrolled in Intune through device enrollment or user enrollment, and for devices enrolled using Apple School Manager or Apple Business Manager with automated device enrollment (formerly DEP). This includes all supervised devices.
Device enrollment and automated device enrollment – These settings work for devices that were enrolled in Intune through device enrollment, and for devices enrolled using Apple School Manager or Apple Business Manager with automated device enrollment (formerly DEP). This includes all supervised devices.
Automated device enrollment – These settings work for supervised devices, that were enrolled in Intune using Apple School Manager or Apple Business Manager with automated device enrollment (formerly DEP). This includes devices supervised through Apple Configurator.
macOS Devices Management with MEM Intune
- App deployment, device configuration, certificates, VPN, WiFI
- Protection with device wipe, encryption, Defender ATP
- Limit access to compliant Macs
- Complex management support available with Jamf
NOTE! – Two management options for macOS management – Intune & Jamf Management.
Deploy Script to macOS devices with Intune
Microsoft Endpoint Manager team is developing a solution to deploy scripts to macOS devices without using Jamf. This feature is demoed in the Ignite 2019 session (linked below).
NOTE! – The macOS script deployment option will be available next year (2020). I didn’t hear about any concrete timelines.
There will be two agents on macOS devices to enable this macOS scripting feature. This additional agent is almost similar to the framework of “Intune Management Extension for Windows devices.”
- Intune Company portal
- macOS Scripting Agent (macOS sidecar agent)
Office ProPlus Management with Intune
macOS and Windows office proplus management is already available. And Configure Office policies using Intune administrative templates!!
Session – iOS Android macOS Mobile Enrollment
- Ignite session What’s new in Microsoft Endpoint Manager, including Microsoft Intune and Configuration Manager (Part 1 of 2)
- Privacy gets a boost with support for Apple User Enrollment in Microsoft Endpoint Manager
- Intune Android Work SCEP Certificate Deployment Issue