According to a study by Kensington, 52% of devices are stolen or lost from the workplace. With a large shift to remote work, Mobile Device Management (MDM) is no longer a luxury, but rather a necessity. While there are many different mobile device management solutions, Microsoft's integrated solution, Microsoft Intune, ranks as one of the best solutions on the market. Continue reading to see if Intune is right for your organization.
Microsoft Intune is a mobile device management (MDM) and mobile application management (MAM) cloud-based service. Through Microsoft Intune, you can control how your organization's devices are used, including tablets, laptops, and mobile phones.
Prevent emails from being sent to people outside your organization
Allow employees to use personal devices for school or work
Isolate personal data from organizational data
Deploy Microsoft Office 365 apps easily to devices within your organization
Microsoft Intune 2023 Updates
UPDATE RINGS: When you use Intune policies for Update rings, you're configuring the Windows settings that manage how and when devices will install Windows updates. If a Windows update setting has a Windows 10 or Windows 11 version dependency, the version dependency is noted in the settings details.
Following are the Windows Update settings for Windows 10 and Windows 11 Updates where you can manage under update rings with Microsoft Intune.
Make update available as soon as possible- With this option, there's no delay in making the update available to devices. This selection is the default behavior for Windows Update.
Make update available on a specific date- With this option you can select a day on which the update in the policy will become available to install. Windows Update won’t make the update available to devices with this configuration until that day is reached.
Make update available gradually - This process helps distribute the availability of the update across a range of time that you configure, with Windows Update making an update available to different subsets of the devices targeted by the policy, at different times. This option can reduce the effect to your network when compared to offering the update to all devices at the same time. The following section explains how to use this option in more detail.
New Updates 2023
Before a device can send the reporting data that's used in the Windows 10 feature updates report for Intune, you must Configure data collection:
Service-based data is collected for all feature update versions and doesn't require you to configure data collection.
Client-based data is collected from devices only after data collection is configured.
Be Azure Active Directory Joined, or Hybrid Azure Active Directory Joined to support submitting of data for reporting.
Run Windows 10 1903 or later, or Windows 11. Although Windows 10 and later feature updates policy supports earlier versions of Windows, earlier versions don't support reporting of the data that Intune uses for the feature updates reports.
Whether your organization issues corporate devices or incorporates a BYOD policy, Microsoft Intune will allow you to enroll and control all employee devices. Depending on how your organization issues devices, you can adjust the settings in Intune to allow you to have control on all settings, features, and security.
Remove organization data if the device is stolen, lost, or not in use
2. Manage Applications with Microsoft Intune
Microsoft Intune is designed to protect organizational data at the application level through app protection policies. These app policies:
Secure access to personal devices by restricting certain actions
Use Azure AD identity to isolate organization data from personal data
Can be created and deployed on devices enrolled in Intune
3. Increase Security and Compliance with Microsoft Intune
To enable a broad set of access control scenarios, Microsoft Intune can integrate with Azure Active Directory. In this scenario, your organization will require mobile devices to be compliant with your organization's standards - defined in Intune prior to allowing access to network resources.
Depending on your organization's security and compliance standards, you can define your set of rules within Intune to lock down certain services for a specific set of users and devices.
Intune is part of Microsoft's Enterprise Mobility + Security (EMS) suite. Intune coordinates with Azure Active Directory (Azure AD) to identify who has access to this application and what they can access. In addition, it integrates with Azure Information Protection for data protection. It can be used with the Microsoft 365 suite of products.
For example, you can deploy Microsoft Teams, OneNote, and Endpoint to your mobile devices. This allows the employees in your organization to be productive on all of their devices, while keeping your organization’s information protected.
Did you know that 80% of organizations do not have DMARC policies set up? This makes it easy for hackers to spoof their...
Microsoft quality updates
Microsoft has introduced a new feature that allows organizations to configure policies that determine which feature updates are delivered to Windows devices. It administrators can deploy updates immediately, on a specific date and gradually to all Windows 10 and Windows 11 clients.
Microsoft Intune Benefits
Microsoft Intune provides your organization with the flexibility it needs to control your critical data, regardless of the device. Due to its cloud-based feature, Intune can work to secure iOS, Windows, and Android devices from one single mobile solution.
Microsoft Intune benefits:
Mobile Device Tracking
Remote Data Wiping and App Distribution
Microsoft Intune Extension Management
Microsoft Intune Management was added on to the Intune application as an extension to upload PowerShell scripts. The management extension enhances Windows device management (MDM), and makes it easier to move to modern management. You can run these scripts on Windows 10 devices. This feature applies to Windows 10 and later (excluding Windows 10 Home).
MDM for Office 365 vs. Microsoft Intune
Microsoft currently offers two mobile device management solutions: MDM for Office 365 and Microsoft Intune. While these products are similar, there are key differences between them that can sway your decision.
MDM for Office 365
MDM for Office 365 is included in many Office 365 subscriptions and offers integrated tools for your organization to manage your user’s mobile devices. While MDM for Office 365 offers a limited feature set, it can still be used to enforce policies and settings to help control access of Office 365 data on mobile devices. These capabilities are divided into 4 settings categories: requirement of password settings, encryption settings, non-jailbroken devices, and a managed email profile. MDM for Office 365 is a great mobile device management solution if there is no requirement for mobile application management.
Alternatively, Intune provides both mobile device management and mobile application management solutions. This ensures that your corporate data is not only protected in Office 365, but in all applications where this data exists. Using Azure Active Directory and the Intune portal, you can deploy, configure, and manage applications, as well as wipe devices or specific applications in case your employee loses their device. Intune is included with a variety of Microsoft 365 licenses as well as a standalone license, and includes more policy settings than MDM for Office 365, such as policies to configure settings, updates, applications, and more.
Move to Modern Management
User computing is undergoing a digital transformation. Traditional IT focuses on a single device, manual platform. In comparison, the modern workplace uses a variety of platforms that are user and business-owned. Users can now work from anywhere with Intune.
Intune has a variety of system and administrative requirements. First, all users that are required to have their devices managed must have an Intune subscription via a standalone license or another license that includes Intune. Additionally, the person in charge of deploying and managing Intune must have a global administrator or Intune service administrator role assigned to them. Having Azure Active Directory set up is not necessarily a requirement, however it is highly recommended, as it will automate the process of adding users and groups within Intune.
Finally, based on the manufacturer of the devices that you’d like to be managed, here are the following operating system requirements:
Apple iOS 12.0 or later
Apple iPadOS 13.0 or later
MacOS 10.13 or later
Android 6.0 and later
Windows 10 (Home, S, Pro, Education, and Enterprise versions)
Windows 10 Enterprise 2018 LTSC
Windows 10 IoT Enterprise
Windows Holographic for Business
Windows 10 Teams
Windows 10 1709 or later
PCs running Windows 8.1 or later
Microsoft Intune Pricing
As previously mentioned, Intune is included in a variety of Microsoft 365 licenses and as a standalone license. View our list below to see what Microsoft licenses include Intune.
Note: Costs listed above are at market rate, but Microsoft Gold Partners, like Datalink Networks, are able to provide these licenses at a discounted rate. Contact us today to see how Datalink Networks can save your organization money on Intune licensing!
How to get started with Microsoft Intune!
To get started, you first need to ensure that you have purchased the appropriate licenses and have complied with the requirements above.
After the requirements are met, you’ll need to configure your company’s domain name with Intune. You can then use Azure Active Directory to sync existing users and groups with Intune. Once your users are added to Intune, you can assign them licenses, giving users permission to use Intune. From here, you can begin adding applications, configuring and enrolling devices as needed.
For help getting your organization set up on Microsoft Intune, contact Datalink Networks today for a free consultation!