Let’s discuss the basics now. What is Intune Endpoint Manager? Microsoft Intune is a Software as a Service(SaaS) Mobile Device Management (MDM) and Mobile Application Management(MAM) solution. You don’t have to setup any on-prem or cloud servers for using Intune.
Intune is part of the Microsoft Endpoint Manager solution. You can use Intune to control how an organization’s devices are used, including mobile phones, tablets, desktops, and laptops. Intune helps you to configure specific policies to control applications.
Mobile Device Management (MDM) is a wider term used to manage or administrate various devices. Rather, MDM also includes the administration of a wide range of new laptops, desktops, etc. For example, with Windows 10 all desktops, and laptops can be managed through the MDM channel.
What is Intune
Microsoft manages the Intune architecture. As a device management admin or architect, you don’t need to worry much about Intune server infra and replication of application content, etc. The following are the main functionalities of Microsoft Intune.
- Configure Devices
- Protect Data
- Manage Apps
How to Access Microsoft Intnue?
As I mentioned above, Intune is a Microsoft SaaS solution for device management. You can access the Microsoft Intune admin portal called Microsoft Endpoint Manager Admin Center.
- Launch endpoint.microsoft.com
You can try to watch Intune training videos to get more ideas about Intune. Also, you will get to know how to get a free Intune subscription. More details – 63 Episodes of Free Intune Training for Device Management Admins.
Manage Devices using Intune
You can manage devices with different approaches using Intune. You can manage the organization’s device using special policies. You can also use a different set of policies for BYO devices. All these options are available using the Devices node in the MEM admin center portal.
You can enroll Windows, iOS, Android devices to enroll using different methods. Intune Windows 11 enrollment manually or automatically.
Manage Policies using Intune
You can create and manage policies using Microsoft Intune. You can try to use any of the following policy categories to create policies in Intune.
- Settings Catalog
- Administrative Templates
- Device Restriction policies
- Custom policies
Deploy Scripts using Intune
You can deploy scripts using Intune. You can deploy PowerShell scripts to Windows devices. There are options to deploy scripts to macOS devices as well. The script helps to configure out-of-box configurations.
Windows Quality Updates and Features Updates using Intune
You can use Intune for the deployment of Windows quality and feature updates using Intune. The only dedicated quality update control currently available other than the existing update rings policy for Windows 10. It later is the ability to expedite quality updates for devices that fall behind a specified patch level. Additional controls will be available in the future.
While expediting software updates can help decrease the time to get to compliance when necessary, it has a larger impact on end-user productivity. The chances that they will experience a restart during business hours are significantly increased.
Enroll devices | Windows enrollment Policies using Intune
Learn about the seven different ways a Windows 10/11 PC can be enrolled into Intune by users or admins. There are 7 types of configurations in the Windows enrollment policies using Intune.
- Automatic Enrollment – Configure Windows devices to enroll when they join or register with Azure Active Directory.
- Windows Hello for Business – Replace passwords with strong two-factor authentication.
- CNAME Validation – Test company domain CNAME registration for Windows enrollment.
- Enrollment Status Page – Show app and profile installation statuses to users during device setup.
- Windows Autopilot Deployment Program – Deployment Profiles, Customize the Windows Autopilot provisioning experience. Manage Windows Autopilot devices.
- Intune Connector for Active Directory – Configure hybrid Azure AD joined devices
Application Deploying using Intune
You can use Intune to deploy applications to iOS, Android, Windows, and Mac devices. You can use Intune to deploy Microsoft Store, Google App Store, and Apple App Store. Also, you can Win32 application (IntuneWin) using Intune to Windows PCs.
Endpoint Security Policy Deployment using Intune
There are many options related to endpoint security policy deployments using Intune. Intune can be used to protect and secure devices from one place – Enable, configure, and deploy Microsoft Defender for Endpoint to help prevent security breaches and gain visibility into your organization’s security posture.
You can use Intune reports using this section. This helps to monitor the health and activity of your endpoints – Use Intune reporting to monitor endpoint compliance, health, and trends in your organization.
Anoop is Microsoft MVP! He is a Solution Architect on enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, Intune. He writes about technologies like ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.…