Do you use Microsoft Intune?

Last updated by Brady Stroud [SSW] 10 days ago.See history

Intune is a feature that focuses on mobile device management (MDM) and mobile application management (MAM). You control how your organization’s devices are used, including mobile phones, tablets, and laptops. You can also configure specific policies to control applications.

Intune is a part of Microsoft's Enterprise Mobility + Security (EMS) suite. It integrates with Azure Active Directory to control who has access and what they can access.

With Intune, you can:

  • Choose to be 100% cloud with Intune, or be co-managed with Configuration Manager and Intune
  • Set rules and configure settings on personal and organization-owned devices to access data and networks
  • Deploy and authenticate apps on devices - on-premises and mobile
  • Protect your company information by controlling the way users access and share information
  • Be sure devices and apps are compliant with your security requirements

Managing Devices

When Intune is connected to Azure AD its automatic enrollment lets users enroll their Windows devices in Intune. To enroll, users add their work account to their personally owned devices or join corporate-owned devices to Azure Active Directory.

If you are using Conditional Access for MFA, you will need to add an exception for the Microsoft Intune Enrollment app for hybrid-joined devices to be able to enroll.

intune aad
Figure: Intune connected to AAD

devices intunes
Figure: Devices managed by Intune

  • We can get reports on device compliance at any time.

bad example compliance
Bad example - Errors in compliance check

good example compliance
Good example - Compliant device

There are many other MDM solutions out there, but Intune is best if you're mostly managing Windows devices (and some iOS/Android as well). JAMF is a great option if you're only using iOS/MacOS devices.

diagram5
Figure: Jamf architecture to monitor IOS devices

We open source. Powered by GitHub