Microsoft Intune isn’t your run-of-the-mill endpoint management solution that leaves you with more security questions than answers. Instead, it’s easy to grasp, super streamlined, and extremely relevant in the current work from home (WFH) environment.
In this article, we’re going to run through some of the best features of Microsoft Intune.
- Device Management
- Application Management
- Compliance and Conditional Access
- Intune Solves Business Problems
- Windows Update for Business
What is Microsoft Intune?
First, let’s define Intune for our readers who haven’t used (or heard of) it before.
Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). Intune is part of Microsoft’s Enterprise Mobility + Security (EMS) suite and enables users to be productive while keeping your organisation’s data protected. This applies no matter what device your employee is working from, and no matter where they’re working from.
Intune features a bunch of tools and cyber security benefits for MDM that’s advantageous for your business. Due to being a cloud-based tool, Intune serves your business regardless of where you are. Plus, it has the flexibility to grow with your business, so you’re always backed by Intune’s amazing features! Come and delve into some of these with us below (we’re sure these will absolutely influence your decision when trying to decide what you want and need out of an MDM tool.
Microsoft Intune Features
These are our favourite Microsoft Intune features (and guess what: they don’t require a technical IT qualification to understand!)
1. Device Management
With Intune, you manage devices using an approach that’s right for you. For organisation-owned devices, you may want full control over the devices, including settings, features, and security. Using this approach, devices and users of these devices “enrol” in Intune. Once enrolled, they receive your rules and settings through policies configured in Intune.
The scope of device management that Microsoft Intune features is huge. You can keep track of all of your employee’s devices, whether company-owned or BYOD, on Windows or Mac, ISO or Android. As an admin, you’ll be able to see the devices enrolled, as well as get an inventory of devices accessing organisation resources. There are a variety of simple ways that let you take charge of safeguarding your company’s (and clients’) assets and data, including:
2. Application Management
MAM in Intune protects organisation data at the application level, as opposed to the device level. This includes both custom apps and store apps. So, don’t worry, you can still use your favourite (and maybe fun) workplace apps. Similar to device management, you can use app management on organisation-owned devices and personal devices.
3. Compliance and Conditional Access
Intune integrates with Azure AD (identity and access management cloud solution) to enable a broad set of access control scenarios. For example, you can require mobile devices to be compliant with organisation standards defined in Intune before accessing network resources, such as email or SharePoint. Likewise, you can lock down services so they’re only available to a specific set of mobile apps. For example, you can lock down Exchange Online so it’s only accessed by Outlook or Outlook Mobile.
4. Intune Solves Common Business Problems
Intune will let you protect your on-premises email and data so it can be safely accessed by mobile devices. Think of the peace of mind! With email being one of the main entry points for hackers (we’ve all seen some sketchy spam emails find their way into our inboxes), safeguarding your Office 365 email and data so it can be safely accessed by mobile devices. If you already have a BYOD program available for your employees or offer corporate-owned phones or limited-use shared tablets for their work use, then Intune will serve you well. The scope of Intune security goes beyond mobiles and tablets; you can enable your employees to securely access Office 365 from an unmanaged public kiosk.
Autopilot is a powerful feature of Microsoft Intune that allows your business to pre-configure new Windows devices before they are delivered to end-users. You can ensure that devices are configured according to your security and compliance policies, and that end-users will get up and running quickly and easily.
How Does It Work?
When a device is enrolled in Autopilot, it is registered with Intune and associated with the business’s Azure Active Directory (ADD) tenant. From there, the business can pre-configure the device settings, policies, and applications that will be applied to the device when it is first turned on.
The Benefits Of Autopilot
Some benefits of Autopilot include:
- Streamlined deployment: By pre-configuring devices, businesses can simplify the deployment process and ensure devices are configured consistently and accurately.
- Improved security: With Autopilot, your business can apply security policies and settings to devices before they are delivered to end-users. This can minimise the risk of a security breach.
- Simplified user experience: End-users can get up and running without the need for complex configuration steps or IT assistance.
- Reduce costs: Pre-configuring devices allows you to save time and effort required to deploy new devices, which can help reduce overall costs.
6. Windows Update for Business
Another great feature of Intune is Windows Update for Business. This allows businesses to manage and control Windows updates on their devices. With Windows Update for Business, you can ensure that all your devices are kept up-to-date with the latest security and software patches, while maintaining control over the update process.
With Windows Update for Business you get:
- Improved security
- Reduced downtime
- More control over updates
- Simplified management
How Intune Helps You
Define Your Own App Protection Policies
App protection policies (APP) are rules you can put in place to ensure your business’s data remains safe or contained in a managed app.
In this circumstance, a policy usually simply refers to a rule that’s enforced when a user attempts a prohibited set of actions in their account, if they try to copy or move corporate data, or if they try to sign into company sites via a dangerous or insecure network. A managed app is an app with app-protection policies applied to it ― Intune can manage these.
Microsoft Intune allows you to create your own protection policies so you can control who has access to company data. It allows you to ensure that data stays protected by controlling how they use it within Office and other apps. You can define access based on users, location, device state, app sensitivity, and real-time risk.
Remotely Managed Devices:
As a cloud-based tool, Microsoft Intune enables you to manage enrolled devices remotely, eliminating the need for on-premise management infrastructure. Consequently, the admin can manage all client devices from anywhere so long as they have an internet connection.
The Retire or Wipe actions allow you to remove devices from Intune. This is useful for devices your business no longer needs, repurposed devices, or devices that are missing or reported stolen. Users can also remotely issue a command to all devices enrolled in Intune from the Intune Company Portal.
Reports and System Logs:
Another underrated Microsoft Intune feature is its comprehensive reports and system logs. These allow you to view software inventories with great detail. This means that you can create reports that retrieve information on particular types of installed software on managed devices. These can drill down into specific detail and export as CSV or HTML formats. Easy as!
Audit logs in Microsoft Intune make up a record of activities that result in a change. All Create, Update (edit), Delete, Assign, and Remote actions will result in audit events that Intune admins can review for the majority of workloads. Intune will enable auditing for all customers by default and they can’t disable it.
Users can review audit logs if they have one of the following permissions:
Task Creation and Management:
You can create, manage, and execute tasks remotely on managed devices, such as enforcing policy updates, or device restarts. Furthermore, you can set up remote tasks that force client machines to update their policies or restart as soon as they’re back online. The admin console allows you to view if tasks are still queued, running, successful, or have failed. You can also select multiple devices for one task instead of handling each device individually.
Once you’ve signed into your admin account ― if you have G Suite ― it’s easy to open your Admin console from Gmail or any other app.
Deploy Software and Updates:
Push software packages and updates to managed devices through the Admin Console. You have the choice to silently push the update through, or make an install package available for download. Regardless, the install package is encrypted on the administrator’s machine and uploaded to the Cloud.
You can use Intune to define update rings that specify the time and manner Windows as a Service updates your Windows 10 devices. By using Intune and update rings, you can build an update strategy for your company that aligns with the needs of your business.
Centralised Control Portal:
Intune streamlines the device management process by allowing you to manage all devices from the Cloud with no infrastructure required. Connect Intune to the configuration manager to manage all devices (PC, Mac, Linux, UNIX servers and mobile devices) from a single management console.
You can either opt to be 100% cloud-based with Intune, or be co-managed with Configuration Manager and Intune. Business owners who choose the latter option do so for the flexibility of concurrently managing Windows 10 devices by using both Configuration Manager and Microsoft Intune. Therefore, they’re able to cloud-attach existing investment in Configuration Manager by adding new functionality.
Manage Office Mobile Apps:
Another easy element is that you can control Office 365 applications down to a detailed level. For example, you can restrict access to email, or OneDrive documents, if the user should log in from an unapproved device. Also enforce conditional access policies for apps like SharePoint, Exchange, and Skype.
Intune app-protection policies help secure work files on Intune-enrolled devices. You can also use app-protection policies on employee owned-devices that aren’t enrolled for Intune management. In this scenario, although your company doesn’t manage the device, it’s crucial to ensure you protect business files and resources from security threats.
Microsoft Malware Protection Engine:
Microsoft Intune features the same protection engine that comes with the highly regarded Microsoft Security Essentials (MSE) package. As a result, the Intune malware engine protects against viruses and spyware and utilises the same definitions and research used by MSE.
You can secure your business’s managed computers with Intune via Endpoint Protection. Endpoint Protection provides real-time protection from malware threats, updates malware definitions, and conducts automatic computer scanning. Tools that help you to manage and monitor malware attacks will also be at your disposal through Endpoint Protection.
Mobile Application Management:
Manage mobile apps that your employee’s may wish to use for their work functions or a business app you’ve created yourself. Create and enforce app protection policies to ensure organisational data remains safe and contained within a managed app. As a result, you can restrict users from copying or moving documents or files.
In order for IT admins to manage apps using MAM and app-protection policies, they must enrol a device with Intune MDM. IT administrators can also manage apps using MAM and app protection policies on devices not enrolled with Intune MDM (known as MAM without device enrolment, or MAM-WE). This means that devices enrolled with third-party EMM providers can still have apps managed via Intune.
View Hardware Configurations:
Intune enables you to view the basic hardware configuration of managed PCs, including software that’s been installed on the client system. Perform inventory scans to detect any unapproved, or unlicensed applications running on a device.
Third-party mobile threat defence (MTD) software has been integrated with the Intune unified endpoint management (UEM) platform by Microsoft. This has enabled detection of potential malware infections on an employee’s unenrolled device. This new Intune capability is particularly useful for businesses that allow BYOD policies, as you can block access to enterprise systems devices the MTD software flags.
It’s fair to say that Intune features a range of abilities to manage and secure your data. It is a vital tool in managing mobile devices in this BYOD culture. Above all, it gives you increased work mobility and flexibility, simultaneously protecting your business’s information. With the reduced burden on IT, low costs, and increased productivity, Intune shapes up to be a very powerful tool.
To discover what the above Microsoft Intune features can do for your business — give our team a call today.