Microsoft Intune isn’t your run-of-the-mill endpoint management solution that may leave you with more questions surrounding your security than answers. Instead, it’s easy to grasp (and even if you have any technical queries, we can help you out!), super streamlined, and extremely relevant in the current WFH (work from home) environment that Covid-19 has brought to the corporate world.

First, let’s define Intune for our readers who haven’t used (or heard of) it at all before. Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). Intune is included in Microsoft’s Enterprise Mobility + Security (EMS) suite and enables users to be productive while keeping your organisation data protected. This applies no matter what device your employee is working from and no matter where they’re working from, too.

Intune features a bunch of tools and cyber security benefits for mobile device management that’s advantageous for your business. Due to being a cloud-based tool, Intune serves your business regardless of where you are. Plus, it has the flexibility to grow with your business, so you’ll always be backed by Intune’s amazing features! Come and delve into some of these with us below (we are sure these will absolutely influence your decision when trying to decide what you want and need out of a mobile device management tool.

microsoft intune

Microsoft Intune Features

These are our favourite Microsoft Intune features (and guess what: they don’t require a technical IT qualification to understand!) 

Device Management

In Intune, you manage devices (MDM) using an approach that’s right for you. For organisation-owned devices, you may want full control over the devices, including settings, features, and security. In this approach, devices and users of these devices “enrol” in Intune. Once enrolled, they receive your rules and settings through policies configured in Intune.

The scope of device management that Microsoft Intune features is huge. You can keep track of all of your employee’s devices, whether company-owned or BYOD, on Windows or Mac, ISO or Android. As an admin, you’ll be able to see the devices enrolled, as well as get an inventory of devices accessing organisation resources. There are a variety of simple ways that let you take charge of safeguarding your company’s (and clients’) assets and data, including: 

Application Management

Mobile application management (MAM) in Intune is designed to protect organisation data at the application level, as opposed to the device level. This includes both custom apps and store apps. So, don’t worry, you can still use your favourite (and maybe fun!) workplace apps. Like device management, app management can be used on organisation-owned devices and personal devices.

Compliance and Conditional Access

Intune integrates with Azure AD (identity and access management cloud solution) to enable a broad set of access control scenarios. For example, you can require mobile devices to be compliant with organisation standards defined in Intune before accessing network resources, such as email or SharePoint. Likewise, you can lock down services so they’re only available to a specific set of mobile apps. For example, you can lock down Exchange Online so it’s only accessed by Outlook or Outlook Mobile.

Solve Common Business Problems Intune Solves

Intune will let you protect your on-premises email and data so it can be safely accessed by mobile devices. Think of the peace of mind! With email being one of the main entry points for hackers (we’ve all seen some sketchy spam emails find their way into our inboxes, whether at work or home), safeguarding your Office 365 email and data so it can be safely accessed by mobile devices. If you already have a BYOD program available for your employees or offer corporate-owned phones or limited-use shared tablets for their work use, then Inturn will serve you well. The scope of Intune security goes beyond mobiles and tablets; you can enable your employees to securely access Office 365 from an unmanaged public kiosk.

Intune will let you

Define Your Own App Protection Policies

App protection policies (APP) are rules you can put in place to ensure your business’s data remains safe or contained in a managed app.

In this circumstance, a policy usually simply refers to a rule that’s enforced when a user attempts a set of actions that are prohibited for their account, if they try to copy or move corporate data, or if they try to sign into company sites via a dangerous or insecure network. A managed app is an app with app-protection policies applied to it ― these can be managed by Intune.

Microsoft Intune allows you to create your own protection policies so you can control who has access to company data. It allows you to ensure that data stays protected by controlling how they use it within Office and other apps. You can define access based on users, location, device state, app sensitivity, and real-time risk.

Remotely Managed Devices:

As a cloud-based tool, Microsoft Intune enables you to manage enrolled devices remotely, eliminating the need for on-premise management infrastructure. Consequently, the admin can manage all client devices from anywhere so long as they have an internet connection.

The Retire or Wipe actions allow you to remove devices from Intune. This is useful for devices your business no longer needs, are being repurposed, or are missing or reported stolen. Users can also remotely issue a command to all devices that are enrolled in Intune from the Intune Company Portal.

Reports and System Logs:

Another underrated Microsoft Intune feature is its comprehensive reports and system logs. These allow you to view software inventories with great detail. This means that you can create reports that retrieve information on particular types of installed software on managed devices. These can drill down into specific detail and can be exported as CSV or HTML formats. Easy as!

Audit logs in Microscoft Intune make up a record of activities that result in a change. All Create, Update (edit), Delete, Assign, and Remote actions will result in audit events that Intune admins can review for the majority of workloads. Auditing is enabled for all customers by default and can’t be disabled.

Users can review audit logs if they have one of the following permissions:

Task Creation and Management:

You can create, manage, and execute tasks remotely on managed devices, such as enforcing policy updates, or device restarts. Furthermore, you can set up these remote tasks that force client machines to update their policies or restart as soon as they’re back online. The admin console allows you to view if tasks are still queued, running, successful, or have failed. You can also select multiple devices for one task instead of handling each device individually.

Once you’ve signed into your admin account ― if you have G Suite ― it’s easy to open your Admin console from Gmail or any other app.

intune admin console

Deploy Software and Updates:

Push software packages and updates to managed devices through the Admin Console. You have the choice to silently push the update through, or make an install package available for download. Regardless, the install package is encrypted on the administrator’s machine and uploaded to the Cloud.

You can use Intune to define update rings that specify the time and manner Windows as a Service updates your Windows 10 devices. By using Intune and update rings, you can build an update strategy for your company that aligns with the needs of your business.

Centralised Control Portal:

Intune streamlines the device management process by allowing you to manage all devices from the Cloud with no infrastructure required. Connect Intune to the configuration manager to manage all devices (PC, Mac, Linux, UNIX servers and mobile devices) from a single management console.

You can either opt to be 100% cloud-based with Intune, or be co-managed with Configuration Manager and Intune. Business owners who choose the latter option do so for the flexibility of concurrently managing Windows 10 devices by using both Configuration Manager and Microsoft Intune. Therefore, they’re able to cloud-attach existing investment in Configuration Manager by adding new functionality.

Manage Office Mobile Apps:

Another easy element is that you can control Office 365 applications down to a detailed level. For example, you can restrict access to email, or OneDrive documents, if the user should log in from an unapproved device. Also enforce conditional access policies for apps like SharePoint, Exchange, and Skype.

Intune app-protection policies help secure work files on Intune-enrolled devices. You can also use app-protection policies on employee owned-devices that aren’t enrolled for Intune management. In this scenario, although your company doesn’t manage the device, it’s crucial to still ensure business files and resources are protected from security threats.

Microsoft Malware Protection Engine:

Microsoft Intune features the same protection engine that comes with the highly regarded Microsoft Security Essentials (MSE) package. As a result, the Intune malware engine protects against viruses and spyware and utilises the same definitions and research used by MSE.

You can secure your business’s managed computers with Intune via Endpoint Protection. Endpoint Protection provides real-time protection from malware threats, updates malware definitions, and conducts automatic computer scanning. Tools that help you to manage and monitor malware attacks will also be at your disposal through Endpoint Protection.

Mobile Application Management:

Manage mobile apps that your employee’s may wish to use for their work functions or a business app you’ve created yourself. Create and enforce app protection policies to ensure organisational data remains safe and contained within a managed app. As a result, you can restrict users from copying or moving documents or files.

In order for IT admins to manage apps using MAM and app-protection policies, a device must be enrolled with Intune mobile device management (MDM).  IT administrators can also manage apps using MAM and app protection policies on devices not enrolled with Intune MDM (this is called MAM without device enrollment, or MAM-WE). This means that devices enrolled with third-party EMM providers can still have apps managed via Intune.

View Hardware Configurations:

Intune enables you to view the basic hardware configuration of managed PCs, including software that’s been installed on the client system. Perform inventory scans to detect any unapproved, or unlicensed applications running on a device.

Third-party mobile threat defence (MTD) software has been integrated with the Intune unified endpoint management (UEM) platform by Microsoft. This has enabled detection of potential malware infections on an employee’s unenrolled device. This new Intune capability is particularly useful for businesses that allow BYOD policies, as access to enterprise systems can be blocked on devices the MTD software flags.

It fair to say that Intune features a range of abilities to manage and secure your data. It is a vital tool in managing mobile devices in this BYOD culture. Above all, it gives you increased work mobility and flexibility, simultaneously protecting your business’s information. With the reduced burden on IT, low costs, and increased productivity, Intune shapes up to be a very powerful tool. See for yourself and discover what the above (and more!) Microsoft Intune features can do for your business — give our team a call today.