Let’s dive deep and understand What is Microsoft Intune? Microsoft Intune is a cloud-based endpoint management solution. It manages user access and simplifies app and device management across many devices, including mobile devices, desktop computers, and virtual endpoints.
If you come across the Microsoft Intune application on your mobile device, Windows device, or Mac device, your organization has implemented a comprehensive endpoint management solution. The Intune application indicates that your device is being managed and monitored by your organization’s IT department.
Within our Intune Design Decision video series, we have provided 13 videos that delve into various aspects of designing and implementing Microsoft Intune. One of these informative videos specifically focuses on explaining the fundamental concept and purpose of Microsoft Intune.
Microsoft Intune is a cloud-based solution that is built on native cloud architecture. Intune is part of Intune product family. Intune effectively performs Mobile Device Management (MDM) and Mobile Application Management (MAM) to ensure the security and integrity of organizational data.
Why is Microsoft Intune so special?
Microsoft Intune (Fully Cloud Architecture) is important in the growing need for organizations to effectively manage and secure their mobile devices, applications, and data in a rapidly evolving digital landscape. The following are the key reasons contributing to the significance of Microsoft Intune.
1. Intune supports all platforms, such as Windows, Linux, Android, macOS, iOS, etc.
2. Protect and control organizational data from any mobile device such as laptops, tabs, and smartphones.
3. Deploy applications on devices
4. Control the access remotely
5. Create policies and rules to manage data on the devices
Video – What is Microsoft Intune?
This video delves into the multifaceted world of Microsoft Intune, exploring its essence and value from various perspectives within an organization’s ecosystem. We aim to comprehensively understand this technical solution from different points, including the end user, admin, server infrastructure, and client perspectives.
Throughout the video, we discuss important topics such as Unified Endpoint Management (UEM), the core functionalities of Intune, and its integrations with other systems.
What is Microsoft Intune?
Microsoft Intune is a trusted and authorized SaaS solution to facilitate your access to various corporate resources. It is a gateway to securely connect to your corporate email, chat platforms like Microsoft Teams, and other essential business applications specific to your enterprise.
Having Microsoft Intune installed on your mobile device signifies that your organization is committed to providing you with seamless access to essential resources from your mobile device. This includes access to corporate email, communication platforms like Microsoft Teams, and even intranet applications; all made possible with the support of Microsoft Intune.
What is Intune from Admin Perspective?
Let’s understand What is Intune from Admin Perspective? Well, it’s a SaaS solution from Microsoft to manage and secure endpoint devices. There are server and client components in Intune. You have different types of client components depending on the device platform.
- MDM client component part of Operating System (Windows MDM stack, Android, iOS, etc)
- IME (Intune Management Extension) and Company Portal Application
For the server side of Intune is explained in the below section of this post as part of the Intune infrastructure and Intune admin portal.
What is Microsoft Intune End User Perspective?
End-Users The Microsoft Intune Company Portal app helps users search, browse and install apps made available to them by their company. Intune facilitates self-service capabilities through its Company Portal app, empowering end-users to install approved applications conveniently.
If you (the end-user) see the Intune Company Portal app running on your Intune-managed devices, you don’t need to get panic. The Company Portal app provides more secure access to your organization’s data. This is the client component of Microsoft Intune.
Microsoft Intune Capabilities Graphical Representation
Microsoft Intune offers a range of features that enhance self-service capabilities, support remote and hybrid workers, and provide seamless integration with various on-premises and cloud-based solutions.
|Self-Service and Company Portal||Intune facilitates self-service capabilities through its Company Portal app, empowering end-users to install approved applications conveniently.|
|Reporting and Data Insights||Intune offers robust reporting and data insights, providing administrators with detailed information on device compliance, security incidents, and user activity.|
|Remote and Hybrid Workers Support||Intune includes features specifically designed to support secure access to corporate resources for remote and hybrid workers, ensuring productivity while maintaining security measures.|
|Web-Based Admin Center||Intune provides a user-friendly Web-Based Admin Center, accessible through modern web browsers, offering a native console for simplified administrative tasks and centralized management.|
|Integration with On-Premises Solutions||Intune seamlessly integrates with various on-premises solutions, including Configuration Manager, Windows Autopilot, Microsoft Defender for Endpoint, Windows Autopatch, Endpoint Analytics, and Microsoft 365, expanding its capabilities and extending its reach.|
Microsoft Unified Endpoint Management Tools (UEM)
Let’s check what the Microsoft UEM solution is. Microsoft UEM solution is nothing, but Microsoft Intune, and Microsoft Intune is the internal cloud-based solution for device management, security, remote support, privilege management, and many other things.
Microsoft Intune supports various device platforms such as iOS, iPad OS, MacOS, Chrome OS, etc. If you look at the architecture of Intune infrastructure in the cloud, the global scale of the infrastructure is very complex. Still, from an admin perspective, it is simply because it’s a SaaS solution.
- Intune: Cloud-based Microsoft’s UEM solution for device management, Security, Remote support, Privilege management, etc.
- Endpoint diversity: Intune device management capabilities, including Windows, iOS/iPadOS, macOS, Chrome OS, and Linux endpoints.
- Simple Vs. Complex: Windows Client Agent, SaaS, Server Infra
Microsoft Intune Product Family
Let’s check how Microsoft provides Intune services and packages it under one product umbrella. Microsoft Intune serves as a comprehensive product umbrella, encompassing a range of solutions and services that cater to diverse aspects of device management, security, and productivity within organizations.
Read More on – What Is Microsoft Intune Product Family?
Microsoft Intune is a part of the Microsoft 365 solution, with different products. The Microsoft Intune product family includes the following.
- Microsoft Intune
- Microsoft Configuration Manager
- Microsoft Intune Suite of Advanced Solutions
- Microsoft Intune Remote Help
- Microsoft Tunnel for Mobile App Management
- Microsoft Intune Endpoint Privilege Management
Advanced Intune-Based Solutions
In addition to its core device management capabilities, Microsoft Intune offers advanced solutions that further enhance the functionality and security of organizations’ digital environments. These solutions include Remote Help, Tunnel for Mobile Management, Endpoint Privilege Management, Advanced Endpoint Analytics, and more.
Microsoft Intune Architecture 2015
In the architecture shared by Microsoft in 2015, the core structure consisted of NA (North America) Tenants, with 8 ASUs (Azure Service Unit) or tenant locations based on Service Fabric clusters. However, since then, significant advancements have been made, and as of 2023, the architecture has evolved to accommodate changes and expansion.
Intune ASU Architecture
Within the Intune ASU (Azure Service Unit) Architecture, the communication flow between clients and the backend infrastructure follows a well-defined path. Clients first interact with the Azure load balancer, which directs their requests to the Azure Service Fabrics ring.
The Intune ASU Architecture incorporates several key attributes contributing to its efficiency, scalability, and reliability. These attributes are fundamental to the architecture’s design and crucial in delivering a robust, high-performance solution. The Key Attributes are as follows.
- Stateful(Memory is Master)Architecture
- Inherently Scale-Out/Partitioned Data model
- Initial Ring Size(A7 50-70 MT,20-40 A4 FE)
- 5-way replicated for HA
- DR-Lazywritter to Azure Storage-(10 min RPO)
- Built on Azure Service Fabric
- Five fault domains,5 upgrade domains
- 3-6 TB memory per ring
- Static partitioning per service (1 to 64 ways)
- Full DR requires a deployment and re-hydration(up to4 hrs)
More Details on Inutune Scenarios
Let’s discuss the basics now. What is Intune Endpoint Manager? Microsoft Intune is a Software as a Service(SaaS) Mobile Device Management (MDM) and Mobile Application Management(MAM) solution. You don’t have to set up any on-prem or cloud servers for using Intune.
Intune is part of the Microsoft Endpoint Manager solution. You can use Intune to control how an organization’s devices are used, including mobile phones, tablets, desktops, and laptops. Intune helps you to configure specific policies to control applications.
Mobile Device Management (MDM) is a wider term used to manage or administrate various devices. Rather, MDM also includes the administration of a wide range of new laptops, desktops, etc. For example, with Windows 10, all desktops and laptops can be managed through the MDM channel.
Microsoft manages the Intune architecture. As a device management admin or architect, you don’t need to worry much about Intune server infra and replication of application content, etc. The following are the main functionalities of Microsoft Intune.
- Configure Devices
- Protect Data
- Manage Apps
How to Access Microsoft Intnue?
As I mentioned above, Intune is a Microsoft SaaS solution for device management. You can access the Microsoft Intune admin portal called Microsoft Endpoint Manager Admin Center.
- Launch endpoint.microsoft.com
You can try to watch Intune training videos to get more ideas about Intune. Also, you will get to know how to get a free Intune subscription. More details – 63 Episodes of Free Intune Training for Device Management Admins.
Manage Devices using Intune
You can manage devices with different approaches using Intune. You can manage the organization’s device using special policies. You can also use a different set of policies for BYO devices. All these options are available using the Devices node in the MEM admin center portal.
You can enroll Windows, iOS, and Android devices to enroll using different methods. Intune Windows 11 enrollment manually or automatically.
Manage Policies using Intune
You can create and manage policies using Microsoft Intune. You can try to use any of the following policy categories to create policies in Intune.
- Settings Catalog
- Administrative Templates
- Device Restriction policies
- Custom policies
Deploy Scripts using Intune
You can deploy scripts using Intune. You can deploy PowerShell scripts to Windows devices. There are options to deploy scripts to macOS devices as well. The script helps to configure out-of-box configurations.
Windows Quality Updates and Features Updates using Intune
You can use Intune for the deployment of Windows quality and feature updates using Intune. The only dedicated quality update control currently available other than the existing update rings policy for Windows 10. It later is the ability to expedite quality updates for devices that fall behind a specified patch level. Additional controls will be available in the future.
While expediting software updates can help decrease the time to get to compliance when necessary, it has a larger impact on end-user productivity. The chances that they will experience a restart during business hours are significantly increased.
Enroll devices | Windows enrollment Policies using Intune
Learn about the seven different ways a Windows 10/11 PC can be enrolled into Intune by users or admins. There are 7 types of configurations in the Windows enrollment policies using Intune.
- Automatic Enrollment – Configure Windows devices to enroll when they join or register with Azure Active Directory.
- Windows Hello for Business – Replace passwords with strong two-factor authentication.
- CNAME Validation – Test company domain CNAME registration for Windows enrollment.
- Enrollment Status Page – Show app and profile installation statuses to users during device setup.
- Windows Autopilot Deployment Program – Deployment Profiles, Customize the Windows Autopilot provisioning experience. Manage Windows Autopilot devices.
- Intune Connector for Active Directory – Configure hybrid Azure AD joined devices
Application Deploying using Intune
You can use Intune to deploy applications to iOS, Android, Windows, and Mac devices. You can use Intune to deploy Microsoft Store, Google App Store, and Apple App Store. Also, you can Win32 application (IntuneWin) using Intune to Windows PCs.
Endpoint Security Policy Deployment using Intune
There are many options related to endpoint security policy deployments using Intune. Intune can be used to protect and secure devices from one place – Enable, configure, and deploy Microsoft Defender for Endpoint to help prevent security breaches and gain visibility into your organization’s security posture.
You can use Intune reports using this section. This helps to monitor the health and activity of your endpoints – Use Intune reporting to monitor endpoint compliance, health, and trends in your organization.
About Author – Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.