According to a study by Kensington, 52% of devices are stolen or lost from the workplace. With a large shift to remote work, Mobile Device Management (MDM) is no longer a luxury, but rather a necessity. While there are many different mobile device management solutions, Microsoft's integrated solution, Microsoft Intune, ranks as one of the best solutions on the market. Continue reading to see if Intune is right for your organization. 

Table of Contents


 

What is Microsoft Intune?

What is Microsoft Intune?

 

Microsoft Intune is a mobile device management (MDM) and mobile application management (MAM) cloud-based service. Through Microsoft Intune, you can control how your organization's devices are used, including tablets, laptops, and mobile phones. 

Part of Microsoft Endpoint Manager, Intune, can integrate with Azure Active Directory and Azure Information Protection. 

Through Microsoft Intune you can:

  • Prevent emails from being sent to people outside your organization
  • Allow employees to use personal devices for school or work
  • Isolate personal data from organizational data
  • Deploy Microsoft Office 365 apps easily to devices within your organization

 

Microsoft Intune 2023 Updates

 

UPDATE RINGS:  When you use Intune policies for Update rings, you're configuring the Windows settings that manage how and when devices will install Windows updates. If a Windows update setting has a Windows 10 or Windows 11 version dependency, the version dependency is noted in the settings details.

Update Options

Following are the Windows Update settings for Windows 10 and Windows 11 Updates where you can manage under update rings with Microsoft Intune.

Make update available as soon as possible - With this option, there's no delay in making the update available to devices. This selection is the default behavior for Windows Update.

Make update available on a specific date - With this option you can select a day on which the update in the policy will become available to install. Windows Update won’t make the update available to devices with this configuration until that day is reached.

Make update available gradually - This process helps distribute the availability of the update across a range of time that you configure, with Windows Update making an update available to different subsets of the devices targeted by the policy, at different times. This option can reduce the effect to your network when compared to offering the update to all devices at the same time. The following section explains how to use this option in more detail.

 

New Updates 2023

  • Before a device can send the reporting data that's used in the Windows 10 feature updates report for Intune, you must Configure data collection:

    • Service-based data is collected for all feature update versions and doesn't require you to configure data collection.
    • Client-based data is collected from devices only after data collection is configured.

    Service and client-based data is described in Use the Windows 10 feature updates (Organizational) report later in this article.

  • Devices:

    Devices must:

    • Meet the prerequisites for Windows 10 and later feature updates policy as documented in Feature updates for Windows 10 and later policy in Intune.
    • Be Azure Active Directory Joined, or Hybrid Azure Active Directory Joined to support submitting of data for reporting.
    • Run Windows 10 1903 or later, or Windows 11. Although Windows 10 and later feature updates policy supports earlier versions of Windows, earlier versions don't support reporting of the data that Intune uses for the feature updates reports.

 

Click here for more info on policies. 


 

What can you do with Microsoft Intune?
 

1. Manage Devices with Microsoft Intune

Whether your organization issues corporate devices or incorporates a BYOD policy, Microsoft Intune will allow you to enroll and control all employee devices. Depending on how your organization issues devices, you can adjust the settings in Intune to allow you to have control on all settings, features, and security. 

Once devices are enrolled, you will be able to:

  • Configure devices so they meet security standards
  • See reports on users and devices that are compliant and not compliant
  • Remove organization data if the device is stolen, lost, or not in use

 

2. Manage Applications with Microsoft Intune

Microsoft Intune is designed to protect organizational data at the application level through app protection policies. These app policies:

  • Secure access to personal devices by restricting certain actions
  • Use Azure AD identity to isolate organization data from personal data
  • Can be created and deployed on devices enrolled in Intune

 

3. Increase Security and Compliance with Microsoft Intune

To enable a broad set of access control scenarios, Microsoft Intune can integrate with Azure Active Directory. In this scenario, your organization will require mobile devices to be compliant with your organization's standards - defined in Intune prior to allowing access to network resources. 

Depending on your organization's security and compliance standards, you can define your set of rules within Intune to lock down certain services for a specific set of users and devices. 

Intune is part of Microsoft's Enterprise Mobility + Security (EMS) suite. Intune coordinates with Azure Active Directory (Azure AD) to identify who has access to this application and what they can access. In addition, it integrates with Azure Information Protection for data protection. It can be used with the Microsoft 365 suite of products.

For example, you can deploy Microsoft Teams, OneNote, and Endpoint to your mobile devices. This allows the employees in your organization to be productive on all of their devices, while keeping your organization’s information protected.

 

Microsoft Intune Features

  • Device Management
  • Application Management
  • Compliance and Conditional Access
  • Solve Common Business Problems Intune Solves
  • Define Your Own App Protection Policies
  • Remotely Managed Devices
  • Reports and System Logs
  • Task Creation and Management

 

4 min read

The power of remote security monitoring

Remote security monitoring is revolutionizing the way we protect our businesses. With advanced technology and real-time...

5 min read

Securing Your Cloud: Best Practices for Cloud Security in 2024

Uncover the essential tactics for achieving unparalleled security for your cloud infrastructure in 2024 while also...

7 min read

Preventing Email Spoofing: A Guide to DMARC Implementation

Did you know that 80% of organizations do not have DMARC policies set up? This makes it easy for hackers to spoof their...

 

Microsoft quality updates

Microsoft has introduced a new feature that allows organizations to configure policies that determine which feature updates are delivered to Windows devices. It administrators can deploy updates immediately, on a specific date and gradually to all Windows 10 and Windows 11 clients.


 

Microsoft Intune Benefits

Microsoft Intune Benefits


Microsoft Intune provides your organization with the flexibility it needs to control your critical data, regardless of the device. Due to its cloud-based feature, Intune can work to secure iOS, Windows, and Android devices from one single mobile solution. 

Microsoft Intune benefits:

  • Data Encryption
  • Mobile Device Tracking
  • Password Enforcement
  • Device Inventory
  • Remote Data Wiping and App Distribution
Picture1


Microsoft Intune Extension Management

Microsoft Intune Management was added on to the Intune application as an extension to upload PowerShell scripts. The management extension enhances Windows device management (MDM), and makes it easier to move to modern management. You can run these scripts on Windows 10 devices. This feature applies to Windows 10 and later (excluding Windows 10 Home).

MDM for Office 365 vs. Microsoft Intune

Microsoft currently offers two mobile device management solutions: MDM for Office 365 and Microsoft Intune. While these products are similar, there are key differences between them that can sway your decision. 

MDM for Office 365

MDM for Office 365 is included in many Office 365 subscriptions and offers integrated tools for your organization to manage your user’s mobile devices. While MDM for Office 365 offers a limited feature set, it can still be used to enforce policies and settings to help control access of Office 365 data on mobile devices. These capabilities are divided into 4 settings categories: requirement of password settings, encryption settings, non-jailbroken devices, and a managed email profile. MDM for Office 365 is a great mobile device management solution if there is no requirement for mobile application management.

Microsoft Intune

Alternatively, Intune provides both mobile device management and mobile application management solutions. This ensures that your corporate data is not only protected in Office 365, but in all applications where this data exists. Using Azure Active Directory and the Intune portal, you can deploy, configure, and manage applications, as well as wipe devices or specific applications in case your employee loses their device. Intune is included with a variety of Microsoft 365 licenses as well as a standalone license, and includes more policy settings than MDM for Office 365, such as policies to configure settings, updates, applications, and more. 

Move to Modern Management

User computing is undergoing a digital transformation. Traditional IT focuses on a single device, manual platform. In comparison, the modern workplace uses a variety of platforms that are user and business-owned. Users can now work from anywhere with Intune. 

Are you paying too much for Microsoft Business Licensing? Get a free audit and save up 20%!

 

Microsoft Intune Requirements

 

Intune has a variety of system and administrative requirements. First, all users that are required to have their devices managed must have an Intune subscription via a standalone license or another license that includes Intune.  Additionally, the person in charge of deploying and managing Intune must have a global administrator or Intune service administrator role assigned to them. Having Azure Active Directory set up is not necessarily a requirement, however it is highly recommended, as it will automate the process of adding users and groups within Intune.  

Finally, based on the manufacturer of the devices that you’d like to be managed, here are the following operating system requirements: 

  • Apple 
    • Apple iOS 12.0 or later 
    • Apple iPadOS 13.0 or later 
    • MacOS 10.13 or later 
  • Google   
    • Android 6.0 and later  
  • Microsoft 
    • Surface Hub 
    • Windows 10 (Home, S, Pro, Education, and Enterprise versions) 
    • Windows 10 Enterprise 2018 LTSC 
    • Windows 10 IoT Enterprise 
    • Windows Holographic for Business 
    • Windows 10 Teams 
    • Windows 10 1709 or later 
    • PCs running Windows 8.1 or later

Microsoft Intune Pricing

As previously mentioned, Intune is included in a variety of Microsoft 365 licenses and as a standalone license. View our list below to see what Microsoft licenses include Intune. 

  • Microsoft 365 E5 - $57/user/month 
  • Microsoft 365 E3 - $32/user/month 
  • Enterprise Mobility + Security E5 - $16.40/user/month 
  • Enterprise Mobility + Security E3 - $10.60/user/month 
  • Microsoft 365 Business Premium - $20/user/month
  • Microsoft 365 F1 - $2.30/user/month
  • Microsoft 365 F3 - $8/user/month
  • Microsoft 365 Government G5 $35/user/month
  • Microsoft 365 Government G3 $20 /user/month
  • Intune for Education - $8.28/faculty user/month with student use benefits 
  • Microsoft 365 Education A5 - $10.80/faculty user/month 
  • Microsoft 365 Education A3 - $5.80/faculty user/month 
  • Intune stand-alone license - $2/device/month 

See why Microsoft Gold Partners get the best pricing for Microsoft Licensing and Services!

Note:  Costs listed above are at market rate, but Microsoft Gold Partners, like Datalink Networks, are able to provide these licenses at a discounted rate. Contact us today to see how Datalink Networks can save your organization money on Intune licensing! 

 

How to get started with Microsoft Intune!

To get started, you first need to ensure that you have purchased the appropriate licenses and have complied with the requirements above.

After the requirements are met, you’ll need to configure your company’s domain name with Intune. You can then use Azure Active Directory to sync existing users and groups with Intune. Once your users are added to Intune, you can assign them licenses, giving users permission to use Intune. From here, you can begin adding applications, configuring and enrolling devices as needed.

For help getting your organization set up on Microsoft Intune, contact Datalink Networks today for a free consultation!

Schedule a Free Consultation

 

Contact Datalink Networks

4 min read

The power of remote security monitoring

Remote security monitoring is revolutionizing the way we protect our businesses. With advanced technology and real-time...

5 min read

Securing Your Cloud: Best Practices for Cloud Security in 2024

Uncover the essential tactics for achieving unparalleled security for your cloud infrastructure in 2024 while also...

7 min read

Preventing Email Spoofing: A Guide to DMARC Implementation

Did you know that 80% of organizations do not have DMARC policies set up? This makes it easy for hackers to spoof their...