iOS Android macOS Mobile Enrollment Options with Intune Updates from Ignite 2019

0
iOS iPadOS macOS Android Enrollment Options

Let’s check the Mobile device management options with Microsoft Endpoint Manager (MEM). Intune Enrollment options(iOS Android macOS Mobile Enrollment) are discussed in the Ignite 2019 sessions. More details about the Microsoft Ignite sessions are given below.

NOTE! – The following details are taken from What’s new in Microsoft Endpoint Manager, including Microsoft Intune and Configuration Manager (Part 1 of 2) Ignite session by Paul Mayfield, Terrell Cox, and Micro-Scott.

Ignite 2019 Coverage

  1. Microsoft Endpoint Management SCCM Intune Windows Updates (this post)
  2. Microsoft Endpoint Manager is the future of SCCM Intune MEMMI MEMCM
  3. iOS Android macOS Mobile Enrollment Options with Intune
  4. Basics of Windows Dynamic Update Explained Update Management
  5. WVD End User Experience Availability Updates
  6. MSIX Updates from Ignite Reliability Network Disk-space
  7. Microsoft Learning Certification Exams Updates
  8. On-Prem WVD Options Azure Quantum Qualys Scan Integration
  9. Intune Reporting Strategies Advanced Reporting

TL;DR

Android Enrollment Options

Android management options with Intune.

  • Flexible deployment scenarios
  • Zero-touch and Knox Mobile Enrollment
    • BYOD (Personally Owned)
      • Intune APP (App protection – MAM only scenario) – Corp Data and Apps
      • Android Enrollment (AE) Work Profile – Deploying Certs and WiFi Profiles
    • Company Owned
      • AE Dedicated (KIOS Devices)
      • AE Fully Managed (Knowledge Workers)
  • Management of OEM-specific features beyond the Android platform
  • Customizable end user experience with Microsoft Launcher
iOS Android macOS Mobile Enrollment
Android Enrollment Options – iOS Android macOS Mobile Enrollment

Intune Data Protection Policies

  • Comprehensive security and data protection
  • Configurable Enrollment
  • User Enrollment and Intune App Protection Policies (best use experience for office apps)
  • Smart card “derived” credentials give passwordless resource access (advanced scenarios)
Intune APP

Fully Managed Android Device

  • 11 apps provisioned
  • Factory reset is disabled
  • Android Device Policy – Native Management Client
  • Google Play Provisioned apps – Web applications as well
iOS Android macOS Mobile Enrollment
Fully Managed Android Device – iOS Android macOS Mobile Enrollment

Android OEM Configuration Options – Fully Managed

Android App – Associated App – Out of Box Cofiguration options OEMConfig

Out of Box Cofiguration options OEMConfig  - iOS Android macOS Mobile Enrollment
Out of Box Cofiguration options OEMConfig – iOS Android macOS Mobile Enrollment

Templates are Downloaded Automatically from Vendors

Android configuration Out of Box Options. These Templates are downloaded automatically from vendors.

knox - iOS Android macOS Mobile Enrollment
Android Management Templates – iOS Android macOS Mobile Enrollment

iOS and iPadOS Management

  • Multiple Deployment options
  • Best-in-class configurable enrollments
    • BYOD
      • Intune APP (App Protection Policies)
      • User Enrollment (Public Preview – Apple released with iOS 13)
    • Company Owned?
      • Device Enrollment (Classic MDM enrollment with Intune Company Portal)
      • Automated Device Enrollment (Apple DEP)
  • Device Configuration and Management
  • Current iOS management applies to iPadOS devices
iPadOS, iOS Android macOS Mobile Enrollment
iOS & iPadOS Management options – iOS Android macOS Mobile Enrollment

Settings iOS iPadOS Policies from MEM Intune Portal

Same set of policies for iOS and iPadOS. However, there are some changes in the Intune policy settings UI. See the options below:

  • All Enrollment Types
  • Device Enrollments and Automated Device Enrollments
  • Automated Device Enrollment

NOTE! – Policies can be configured – Groups based on Enrollment type

All Enrollment Types – These settings work for devices that were enrolled in Intune through device enrollment or user enrollment, and for devices enrolled using Apple School Manager or Apple Business Manager with automated device enrollment (formerly DEP). This includes all supervised devices.

Device enrollment and automated device enrollment – These settings work for devices that were enrolled in Intune through device enrollment, and for devices enrolled using Apple School Manager or Apple Business Manager with automated device enrollment (formerly DEP). This includes all supervised devices.

Automated device enrollment – These settings work for supervised devices, that were enrolled in Intune using Apple School Manager or Apple Business Manager with automated device enrollment (formerly DEP). This includes devices supervised through Apple Configurator.

Settings iOS iPadOS Policies from MEM Intune Portal - iOS Android macOS Mobile Enrollment
Settings iOS iPadOS Policies from MEM Intune Portal – iOS Android macOS Mobile Enrollment

macOS Devices Management with MEM Intune

  • App deployment, device configuration, certificates, VPN, WiFI
  • Protection with device wipe, encryption, Defender ATP
  • Limit access to compliant Macs
  • Complex management support available with Jamf

NOTE! – Two management options for macOS management – Intune & Jamf Management.

macOS management with MEM Intune + Jamf - iOS Android macOS Mobile Enrollment
macOS management with MEM Intune + Jamf – iOS Android macOS Mobile Enrollment

Deploy Script to macOS devices with Intune

Microsoft Endpoint Manager team is developing a solution to deploy scripts to macOS devices without using Jamf. This feature is demoed in the Ignite 2019 session (linked below).

NOTE! – The macOS script deployment option will be available next year (2020). I didn’t hear about any concrete timelines.

There will be two agents on macOS devices to enable this macOS scripting feature. This additional agent is almost similar to the framework of “Intune Management Extension for Windows devices.”

  • Intune Company portal
  • macOS Scripting Agent (macOS sidecar agent)
macOS Scripting Agent (macOS sidecar agent)
macOS Scripting Agent (macOS sidecar agent) – iOS Android macOS Mobile Enrollment

Office ProPlus Management with Intune

macOS and Windows office proplus management is already available. And Configure Office policies using Intune administrative templates!!

Office ProPlus Management with Intune
Office ProPlus Management with Intune – iOS Android macOS Mobile Enrollment

Session – iOS Android macOS Mobile Enrollment

Resources

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.