Microsoft Intune isn’t your run-of-the-mill endpoint management solution that leaves you with more security questions than answers. Instead, it’s easy to grasp, super streamlined, and extremely relevant in the current work from home (WFH) environment.

In this article, we’re going to run through some of the best features of Microsoft Intune.

What is Microsoft Intune?

First, let’s define Intune for our readers who haven’t used (or heard of) it before.

Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). Intune is part of Microsoft’s Enterprise Mobility + Security (EMS) suite and enables users to be productive while keeping your organisation’s data protected. This applies no matter what device your employee is working from, and no matter where they’re working from.

Intune features a bunch of tools and cyber security benefits for MDM that are advantageous for your business. Due to being a cloud-based tool, Intune serves your business regardless of where you are. Plus, it has the flexibility to grow with your business, so you’re always backed by Intune’s amazing features! Come and delve into some of these with us below (we’re sure these will absolutely influence your decision when trying to decide what you want and need out of an MDM tool.

microsoft intune

Microsoft Intune Features

1. Device Management

With Intune, you manage devices using an approach that’s right for you. For organisation-owned devices, you may want full control over the devices, including settings, features, and security. Using this approach, devices and users of these devices “enrol” in Intune. Once enrolled, they receive your rules and settings through policies configured in Intune.

The scope of device management that Microsoft Intune features is huge. You can keep track of all of your employee’s devices, whether company-owned or BYOD, on Windows or Mac, ISO or Android. As an admin, you’ll be able to see the devices enrolled, as well as get an inventory of devices accessing organisation resources. There are a variety of simple ways that let you take charge of safeguarding your company’s (and clients’) assets and data, including:

2. Application Management

MAM in Intune protects your business data at the application level, as opposed to the device level. This includes both custom apps and store apps. So, don’t worry, you can still use your favourite workplace apps. Similar to device management, you can use app management on organisation-owned devices and personal devices.

3. Compliance and Conditional Access

Intune integrates with Azure AD (identity and access management cloud solution) to enable a broad set of access control scenarios. For example, you can require mobile devices to be compliant with organisation standards defined in Intune before accessing network resources, such as email or SharePoint. Likewise, you can lock down services so they’re only available to a specific set of mobile apps. For example, you can lock down Exchange Online so it’s only accessed by Outlook or Outlook Mobile.

4. Intune Solves Common Business Problems

Intune will let you protect your on-premises email and data so it can be safely accessed by mobile devices. Think of the peace of mind! With email being one of the main entry points for hackers (we’ve all seen some sketchy spam emails find their way into our inboxes), safeguarding your Office 365 email and data so it can be safely accessed by mobile devices. If you already have a BYOD program available for your employees or offer corporate-owned phones or limited-use shared tablets for their work use, then Intune will serve you well. The scope of Intune security goes beyond mobiles and tablets; you can enable your employees to securely access Office 365 from an unmanaged public kiosk.

5. Autopilot

Autopilot is a powerful feature of Microsoft Intune that allows your business to pre-configure new Windows devices before they are delivered to end-users. You can ensure that devices are configured according to your security and compliance policies, and that end-users will get up and running quickly and easily.

How Does It Work?

When a device is enrolled in Autopilot, it is registered with Intune and associated with the business’s Azure Active Directory (ADD) tenant. From there, the business can pre-configure the device settings, policies, and applications that will be applied to the device when it is first turned on.

The Benefits Of Autopilot

Some benefits of Autopilot include:

  • Streamlined deployment: By pre-configuring devices, businesses can simplify the deployment process and ensure devices are configured consistently and accurately.
  • Improved security: With Autopilot, your business can apply security policies and settings to devices before they are delivered to end-users. This can minimise the risk of a security breach.
  • Simplified user experience: End-users can get up and running without the need for complex configuration steps or IT assistance.
  • Reduce costs: Pre-configuring devices allows you to save time and effort when deploying new devices, which can help reduce overall costs.

6. Windows Update for Business

Another great feature of Intune is Windows Update for Business. This allows businesses to manage and control Windows updates on their devices. With Windows Update for Business, you can ensure that all your devices are kept up-to-date with the latest security and software patches, while maintaining control over the update process.

With Windows Update for Business you get:

  • Improved security
  • Reduced downtime
  • More control over updates
  • Simplified management

7. Self Service Capabilities

Microsoft Intune empowers users with self-service options that streamline day-to-day device management. This feature allows employees to independently install pre-approved software and applications from a self-service portal. It’s a straightforward process that not only accelerates deployment but also reduces the demand on IT support teams.

Additionally, users can carry out basic troubleshooting tasks, such as resetting passwords or updating device settings, without needing to contact IT.

This autonomy enhances productivity by minimising downtime but also fosters a sense of empowerment among users. They can resolve simple issues quickly, without too much effect on their workflow.

From an administrative perspective, Intune’s self-service portal can be customised to align with company policies. Administrators can control which applications are available for self-installation and set parameters that define who can access certain tools. This level of control ensures that self-service capabilities contribute to your organisation’s security and compliance standards.

In essence, Intune’s self service capabilities offer a win-win solution – your users are empowered to take on more which unburdens your IT staff – leading to a more efficient and proactive workplace.

8. Security Baselines

Security baselines is a powerful tool for ensuring that devices across your organisation adhere to a strong, unified security standard.

Intune provides predefined, security settings, known as baselines, which are developed based on best practices recommended by Microsoft Security experts. These settings are intended to provide you with protection against common threats and vulnerabilities.

Implementing these baselines can drastically simplify the process of securing your devices, especially if your business has limited IT resources.

Instead of manually configuring each device, admins can deploy these baselines across all applicable devices with just a few clicks.

This ensures consistency in security policies and reduces the possibility of human error during configuration.

Intune’s baselines are also regularly updated to respond to the constantly evolving threat landscape, so you know your device configurations are always aligned with the latest security recommendations.

This can help you enhance your overall security posture and ensure all your devices are compliant with optimal security standards.

9. Remote Actions

Microsoft Intune allows IT admins to manage and secure devices from anywhere. Key capabilities include:

  • Remote Lock and Wipe: Secure lost or stolen devices by remotely locking them or wiping sensitive data to prevent unauthorised access.
  • Password Reset: Remotely reset passwords to ensure device security, especially when devices are compromised or when suers forget their credentials.
  • Device Reboot: Remotely reboot devices to apply updates or resolve issues without user intervention.
  • Settings Update: Push updates to device settings remotely to enforce new policies or correct configurations.

These features streamline device management, improve security, and maintain business continuity by allowing quick responses to security threats and operational demands.

10. Cross-Platform Support

One of Intune’s strongest features is its extensive cross-platform support, which ensures that you can manage a diverse range of devices without issues.

Intune supports Windows, macOS, iOS, and Android platforms. This allows IT admins to oversee devices across different operating system using a single management interface.

This is great news if your business operates in a multi-device, multi-OS environment, as it simplifies the management process and ensures that security policies are applied, no matter the device type.

How Intune Helps You

microsoft intune features Define Your Own App Protection Policies

App protection policies (APP) are rules you can put in place to ensure your business’s data remains safe or contained in a managed app.

In this circumstance, a policy usually simply refers to a rule that’s enforced when a user attempts a prohibited set of actions in their account, if they try to copy or move corporate data, or if they try to sign into company sites via a dangerous or insecure network. A managed app is an app with app-protection policies applied to it ― Intune can manage these.

Microsoft Intune allows you to create your own protection policies so you can control who has access to company data. It allows you to ensure that data stays protected by controlling how they use it within Office and other apps. You can define access based on users, location, device state, app sensitivity, and real-time risk.

microsoft intune features

microsoft intune features Remotely Managed Devices:

As a cloud-based tool, Microsoft Intune enables you to manage enrolled devices remotely, eliminating the need for on-premise management infrastructure. Consequently, the admin can manage all client devices from anywhere so long as they have an internet connection.

The Retire or Wipe actions allow you to remove devices from Intune. This is useful for devices your business no longer needs, repurposed devices, or devices that are missing or reported stolen. Users can also remotely issue a command to all devices enrolled in Intune from the Intune Company Portal.

microsoft intune features Reports and System Logs:

Another underrated Microsoft Intune feature is its comprehensive reports and system logs. These allow you to view software inventories with great detail. This means that you can create reports that retrieve information on particular types of installed software on managed devices. These can drill down into specific details and export as CSV or HTML formats. Easy as!

Audit logs in Microsoft Intune make up a record of activities that result in a change. All Create, Update (edit), Delete, Assign, and Remote actions will result in audit events that Intune admins can review for the majority of workloads. Intune will enable auditing for all customers by default and they can’t disable it.

Users can review audit logs if they have one of the following permissions:

microsoft intune features

microsoft intune features Task Creation and Management:

You can create, manage, and execute tasks remotely on managed devices, such as enforcing policy updates, or device restarts. Furthermore, you can set up remote tasks that force client machines to update their policies or restart as soon as they’re back online. The admin console allows you to view if tasks are still queued, running, successful, or have failed. You can also select multiple devices for one task instead of handling each device individually.

Once you’ve signed into your admin account ― if you have G Suite ― it’s easy to open your Admin console from Gmail or any other app.

microsoft intune features Deploy Software and Updates:

Push software packages and updates to managed devices through the Admin Console. You have the choice to silently push the update through, or make an install package available for download. Regardless, the install package is encrypted on the administrator’s machine and uploaded to the Cloud.

intune admin console

You can use Intune to define update rings that specify the time and manner Windows as a Service updates your Windows 10 devices. By using Intune and update rings, you can build an update strategy for your company that aligns with the needs of your business.

microsoft intune features Centralised Control Portal:

Intune streamlines the device management process by allowing you to manage all devices from the Cloud with no infrastructure required. Connect Intune to the configuration manager to manage all devices (PC, Mac, Linux, UNIX servers and mobile devices) from a single management console.

You can either opt to be 100% cloud-based with Intune, or be co-managed with Configuration Manager and Intune. Business owners who choose the latter option do so for the flexibility of concurrently managing Windows 10 devices by using both Configuration Manager and Microsoft Intune. Therefore, they’re able to cloud-attach existing investments in Configuration Manager by adding new functionality.

microsoft intune features Manage Office Mobile Apps:

Another easy element is that you can control Office 365 applications down to a detailed level. For example, you can restrict access to email, or OneDrive documents, if the user should log in from an unapproved device. Also enforce conditional access policies for apps like SharePoint, Exchange, and Skype.

Intune app-protection policies help secure work files on Intune-enrolled devices. You can also use app-protection policies on employee owned-devices that aren’t enrolled for Intune management. In this scenario, although your company doesn’t manage the device, it’s crucial to ensure you protect business files and resources from security threats.

microsoft intune features Microsoft Malware Protection Engine:

Microsoft Intune features the same protection engine that comes with the highly regarded Microsoft Security Essentials (MSE) package. As a result, the Intune malware engine protects against viruses and spyware and utilises the same definitions and research used by MSE.

You can secure your business’s managed computers with Intune via Endpoint Protection. Endpoint Protection provides real-time protection from malware threats, updates malware definitions, and conducts automatic computer scanning. Tools that help you to manage and monitor malware attacks will also be at your disposal through Endpoint Protection.

microsoft intune features Mobile Application Management:

Manage mobile apps that your employees may wish to use for their work functions or a business app you’ve created yourself. Create and enforce app protection policies to ensure organisational data remains safe and contained within a managed app. As a result, you can restrict users from copying or moving documents or files.

For IT admins to manage apps using MAM and app-protection policies, they must enrol a device with Intune MDM.  IT administrators can also manage apps using MAM and app protection policies on devices not enrolled with Intune MDM (known as MAM without device enrolment, or MAM-WE). This means that devices enrolled with third-party EMM providers can still have apps managed via Intune.

microsoft intune features View Hardware Configurations:

Intune enables you to view the basic hardware configuration of managed PCs, including software that’s been installed on the client system. Perform inventory scans to detect any unapproved, or unlicensed applications running on a device.

Third-party mobile threat defence (MTD) software has been integrated with the Intune unified endpoint management (UEM) platform by Microsoft. This has enabled the detection of potential malware infections on an employee’s unenrolled device. This new Intune capability is particularly useful for businesses that allow BYOD policies, as you can block access to enterprise systems devices with the MTD software flags.

microsoft intune features

It’s fair to say that Intune features a range of abilities to manage and secure your data. It is a vital tool in managing mobile devices in this BYOD culture. Above all, it gives you increased work mobility and flexibility, simultaneously protecting your business’s information. With the reduced burden on IT, low costs, and increased productivity, Intune shapes up to be a very powerful tool.

To discover what the above Microsoft Intune features can do for your business — give our team a call today.