Intune Device Management

Published: October 26, 2023 | Last Updated: November 15, 2023

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). With Intune, you can help protect your organization's data by managing how your users access and share that information. You can also manage the devices themselves, including PCs, smartphones, and tablets. This article provides a comprehensive guide to managing devices with Microsoft Intune.

Key Concepts in Intune Device Management

Endpoint Protection

Intune integrates with endpoint protection solutions to ensure devices are secure and compliant with organizational policies. This includes features like:

• Antivirus and malware protection configuration.
• Firewall settings management.
• Disk encryption enforcement.

Device Compliance

Establish and enforce policies that devices must meet to be considered compliant. Non-compliant devices can be restricted from accessing corporate resources.

• Define compliance requirements for operating systems (Windows, iOS, Android, macOS).
• Set conditions like minimum OS versions, encryption status, and passcode requirements.
• Integrate with Conditional Access policies for granular access control.

Device Configuration

Configure device settings to meet organizational needs and security standards. This can range from network settings to application configurations.

Common configuration profiles include:

Device Enrollment Methods

Intune supports various enrollment methods to bring devices under management. The best method depends on the device platform and user scenario.

Automated Enrollment

For corporate-owned devices, automated enrollment streamlines the setup process:

• Windows Autopilot: For Windows devices, allowing a zero-touch deployment experience.
• Apple Business Manager / School Manager: For iOS and macOS devices, enabling zero-touch deployment.
• Android Enterprise Zero-Touch Enrollment: For Android devices.

User-Driven Enrollment

Users can enroll their devices themselves:

• Company Portal App: Available on all major platforms, guiding users through enrollment.
• Manual Enrollment: For specific scenarios where automated methods are not feasible.

Application Management (MAM)

Beyond device management, Intune allows you to manage applications, ensuring data security even on unmanaged or BYOD devices.

App Protection Policies

These policies control how data is handled within applications. You can restrict actions like:

• Copying data to other apps.
• Saving data to personal cloud storage.
• Taking screenshots.
• Enforcing app-level encryption.

Application Deployment

Deploy, configure, and update applications to managed devices.

• Support for store apps, line-of-business (LOB) apps, and web links.
• Remote installation, uninstallation, and assignment.

Monitoring and Reporting

Intune provides robust reporting capabilities to monitor device health, compliance, and application status.

Device Status

View the status of all enrolled devices, including their compliance state, last check-in time, and hardware details.

App Status

Track the deployment status of applications across different device groups.

Compliance Reports

Generate detailed reports on device compliance against defined policies.

Example: Enforcing a Passcode Policy on iOS Devices

To ensure basic security, you can create a compliance policy for iOS devices that requires a passcode.

Steps:

1. Navigate to Devices > iOS/iPadOS > Compliance policies.
2. Click Create policy.
3. Select iOS/iPadOS as the platform.
4. Name the policy, e.g., "iOS Passcode Requirement".
5. Under Device Properties, configure the following:
   • Require a passcode to unlock mobile devices: Set to Require.
   • Simple passcode: Set to Block.
   • Minimum passcode length: Set to a value greater than 4 (e.g., 6).
   • Passcode type: Choose Alphanumeric or Numeric based on your security needs.
6. Assign the policy to the desired user or device groups.

This policy ensures that all enrolled iOS devices have a strong passcode, enhancing the security of corporate data.