Getting Started with Microsoft Intune

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). It helps organizations manage the devices and apps that employees use to access company data. This guide will walk you through the initial steps to get you up and running with Intune.

What is Microsoft Intune?

Intune is part of Microsoft's Enterprise Mobility + Security (EMS) suite. It allows you to:

Enroll devices (Windows, macOS, iOS, Android) into management.
Configure device settings and policies.
Deploy applications to managed devices.
Protect corporate data by managing app access and compliance.
Remotely wipe or lock devices if they are lost or stolen.

Prerequisites

Before you begin, ensure you have:

An Azure Active Directory (Azure AD) tenant.
A Microsoft 365 or EMS license that includes Intune.
Global Administrator or Intune Administrator role in Azure AD.

Step 1: Accessing the Intune Portal

You can access the Microsoft Intune portal directly through your web browser.

https://intune.microsoft.com/

Step 2: Initial Configuration and Enrollment Setup

a) Setting the MDM Authority

The first time you access Intune, you'll be prompted to set the MDM authority. This is crucial as it determines which service will manage your mobile devices. For most organizations, this should be set to Microsoft Intune.

Important: Once set, the MDM authority cannot be changed. Ensure you select the correct option.

b) Configuring Device Enrollment

To manage devices, they need to be enrolled. Intune supports various enrollment methods depending on the device type and operating system.

Windows Devices: Via Windows Autopilot, manual enrollment, or bulk enrollment.
macOS Devices: Via Automated Device Enrollment (ADE) or manual enrollment.
iOS/iPadOS Devices: Via Apple Business Manager (ABM)/Apple School Manager (ASM) ADE or manual enrollment.
Android Devices: Via Android Enterprise enrollment (Work Profile or Dedicated Device) or Android device administrator enrollment.

Navigate to Devices > Enroll devices to explore the specific enrollment options and instructions for each platform.

Step 3: Creating Device Compliance Policies

Compliance policies define the rules that a device must follow to be considered compliant with your organization's standards. This is a fundamental aspect of securing your data.

To create a compliance policy:

Go to Devices > Compliance policies.
Click Create policy.
Select the Platform (e.g., Android, iOS/iPadOS, Windows 10 and later).
Define the settings for your policy, such as password requirements, encryption, and minimum OS version.
Assign the policy to user groups.

Devices that do not meet these policies can be blocked from accessing corporate resources.

Step 4: Configuring Device Configuration Profiles

Configuration profiles are used to deploy settings and features to your managed devices. This can include Wi-Fi profiles, VPN settings, email profiles, security settings, and more.

To create a configuration profile:

Go to Devices > Configuration profiles.
Click Create profile.
Select the Platform and Profile type (e.g., Settings catalog, Templates).
Configure the desired settings.
Assign the profile to user or device groups.

Step 5: Deploying Applications

Intune allows you to deploy applications to your managed devices. You can deploy required apps or make apps available for users to install from the Company Portal app.

To add an app:

Go to Apps > All apps.
Click Add.
Select the App type (e.g., Microsoft Store app, Managed Google Play app, iOS/iPadOS app, Win32 app).
Configure the app information and assignment.

Next Steps and Best Practices

This guide covers the foundational steps. As you become more familiar with Intune, consider exploring:

Conditional Access policies in Azure AD: Integrate Intune with Conditional Access to enforce compliance before granting access to apps and data.
App Protection Policies (MAM): Protect corporate data within apps on both managed and unmanaged devices.
Reporting and Monitoring: Utilize Intune's reporting features to track device compliance, app deployment status, and more.
Custom Compliance Policies: For more granular control over device compliance.

Tip: Start with a pilot group of users and devices before rolling out Intune to your entire organization. This allows you to refine policies and identify any potential issues.

Azure AD Team

Published: October 26, 2023