What is Microsoft Intune? Guide to Microsoft Endpoint Manager

According to a study by Kensington, 52% of devices are stolen or lost from the workplace. With a large shift to remote work, Mobile Device Management (MDM) is no longer a luxury, but rather a necessity. While there are many different mobile device management solutions, Microsoft's integrated solution, Microsoft Intune, ranks as one of the best solutions on the market. Continue reading to see if Intune is right for your organization. 

Table of Contents

• What is Microsoft Intune?
• What can you do with Microsoft Intune?
• Microsoft Intune Benefits
• MDM for Office 365 vs Microsoft Intune
• Microsoft Intune Requirements
• Microsoft Intune Pricing
• How to get started with Microsoft Intune? 

What is Microsoft Intune?

Source

Microsoft Intune is a mobile device management (MDM) and mobile application management (MAM) cloud-based service. Through Microsoft Intune, you can control how your organization's devices are used, including tablets, laptops, and mobile phones. 

Part of Microsoft Endpoint Manager, Intune, can integrate with Azure Active Directory and Azure Information Protection. 

Through Microsoft Intune you can:

• Prevent emails from being sent to people outside your organization
• Allow employees to use personal devices for school or work
• Isolate personal data from organizational data
• Deploy Microsoft Office 365 apps easily to devices within your organization

What can you do with Microsoft Intune? 

1. Manage Devices with Microsoft Intune

Whether your organization issues corporate devices or incorporates a BYOD policy, Microsoft Intune will allow you to enroll and control all employee devices. Depending on how your organization issues devices, you can adjust the settings in Intune to allow you to have control on all settings, features, and security. 

Once devices are enrolled, you will be able to:

• Configure devices so they meet security standards
• See reports on users and devices that are compliant and not compliant
• Remove organization data if the device is stolen, lost, or not in use

2. Manage Applications with Microsoft Intune

Microsoft Intune is designed to protect organizational data at the application level through app protection policies. These app policies:

• Secure access to personal devices by restricting certain actions
• Use Azure AD identity to isolate organization data from personal data
• Can be created and deployed on devices enrolled in Intune

3. Increase Security and Compliance with Microsoft Intune

To enable a broad set of access control scenarios, Microsoft Intune can integrate with Azure Active Directory. In this scenario, your organization will require mobile devices to be compliant with your organization's standards - defined in Intune prior to allowing access to network resources. 

Depending on your organization's security and compliance standards, you can define your set of rules within Intune to lock down certain services for a specific set of users and devices. 

Intune is part of Microsoft's Enterprise Mobility + Security (EMS) suite. Intune coordinates with Azure Active Directory (Azure AD) to identify who has access to this application and what they can access. In addition, it integrates with Azure Information Protection for data protection. It can be used with the Microsoft 365 suite of products.

For example, you can deploy Microsoft Teams, OneNote, and Endpoint to your mobile devices. This allows the employees in your organization to be productive on all of their devices, while keeping your organization’s information protected.

Microsoft Intune Features

• Device Management
• Application Management
• Compliance and Conditional Access
• Solve Common Business Problems Intune Solves
• Define Your Own App Protection Policies
• Remotely Managed Devices
• Reports and System Logs
• Task Creation and Management

Microsoft Intune Benefits

Microsoft Intune provides your organization with the flexibility it needs to control your critical data, regardless of the device. Due to its cloud-based feature, Intune can work to secure iOS, Windows, and Android devices from one single mobile solution. 

Microsoft Intune benefits:

• Data Encryption
• Mobile Device Tracking
• Password Enforcement
• Device Inventory
• Remote Data Wiping and App Distribution

Microsoft Intune Extension Management

Microsoft Intune Management was added on to the Intune application as an extension to upload PowerShell scripts. The management extension enhances Windows device management (MDM), and makes it easier to move to modern management. You can run these scripts on Windows 10 devices. This feature applies to Windows 10 and later (excluding Windows 10 Home).

MDM for Office 365 vs. Microsoft Intune

Microsoft currently offers two mobile device management solutions: MDM for Office 365 and Microsoft Intune. While these products are similar, there are key differences between them that can sway your decision. 

MDM for Office 365

MDM for Office 365 is included in many Office 365 subscriptions and offers integrated tools for your organization to manage your user’s mobile devices. While MDM for Office 365 offers a limited feature set, it can still be used to enforce policies and settings to help control access of Office 365 data on mobile devices. These capabilities are divided into 4 settings categories: requirement of password settings, encryption settings, non-jailbroken devices, and a managed email profile. MDM for Office 365 is a great mobile device management solution if there is no requirement for mobile application management.

Microsoft Intune

Alternatively, Intune provides both mobile device management and mobile application management solutions. This ensures that your corporate data is not only protected in Office 365, but in all applications where this data exists. Using Azure Active Directory and the Intune portal, you can deploy, configure, and manage applications, as well as wipe devices or specific applications in case your employee loses their device. Intune is included with a variety of Microsoft 365 licenses as well as a standalone license, and includes more policy settings than MDM for Office 365, such as policies to configure settings, updates, applications, and more. 

Move to Modern Management

User computing is undergoing a digital transformation. Traditional IT focuses on a single device, manual platform. In comparison, the modern workplace uses a variety of platforms that are user and business-owned. Users can now work from anywhere with Intune. 

Are you paying too much for Microsoft Business Licensing? Get a free audit and save up 20%!

Microsoft Intune Requirements

Intune has a variety of system and administrative requirements. First, all users that are required to have their devices managed must have an Intune subscription via a standalone license or another license that includes Intune.  Additionally, the person in charge of deploying and managing Intune must have a global administrator or Intune service administrator role assigned to them. Having Azure Active Directory set up is not necessarily a requirement, however it is highly recommended, as it will automate the process of adding users and groups within Intune.  

Finally, based on the manufacturer of the devices that you’d like to be managed, here are the following operating system requirements: 

• Apple 

• • Apple iOS 12.0 or later 
  • Apple iPadOS 13.0 or later 
  • MacOS 10.13 or later 

• Google   

• • Android 6.0 and later  

• Microsoft 

• • Surface Hub 
  • Windows 10 (Home, S, Pro, Education, and Enterprise versions) 
  • Windows 10 Enterprise 2018 LTSC 
  • Windows 10 IoT Enterprise 
  • Windows Holographic for Business 
  • Windows 10 Teams 
  • Windows 10 1709 or later 
  • PCs running Windows 8.1 or later

Microsoft Intune Pricing

As previously mentioned, Intune is included in a variety of Microsoft 365 licenses and as a standalone license. View our list below to see what Microsoft licenses include Intune. 

• Microsoft 365 E5 - $57/user/month 
• Microsoft 365 E3 - $32/user/month 
• Enterprise Mobility + Security E5 - $16.40/user/month 
• Enterprise Mobility + Security E3 - $10.60/user/month 
• Microsoft 365 Business Premium - $20/user/month
• Microsoft 365 F1 - $2.30/user/month
• Microsoft 365 F3 - $8/user/month
• Microsoft 365 Government G5 $35/user/month
• Microsoft 365 Government G3 $20 /user/month
• Intune for Education - $8.28/faculty user/month with student use benefits 
• Microsoft 365 Education A5 - $10.80/faculty user/month 
• Microsoft 365 Education A3 - $5.80/faculty user/month 
• Intune stand-alone license - $2/device/month 

See why Microsoft Gold Partners get the best pricing for Microsoft Licensing and Services!

Note:  Costs listed above are at market rate, but Microsoft Gold Partners, like Datalink Networks, are able to provide these licenses at a discounted rate. Contact us today to see how Datalink Networks can save your organization money on Intune licensing! 

How to get started with Microsoft Intune

To get started, you first need to ensure that you have purchased the appropriate licenses and have complied with the requirements above.

After the requirements are met, you’ll need to configure your company’s domain name with Intune. You can then use Azure Active Directory to sync existing users and groups with Intune. Once your users are added to Intune, you can assign them licenses, giving users permission to use Intune. From here, you can begin adding applications, configuring and enrolling devices as needed.

For help getting your organization set up on Microsoft Intune, contact Datalink Networks today for a free consultation!