October 30, 2023
|
8
min read
Josh Wittman
Josh Wittman, co-founder of Simeon Cloud, excels in Microsoft 365 through governance, security, and automation. An expert in SaaS, DevOps, and cybersecurity, he innovates in the digital workplace.
Business person migrate data and corporate information into cloud technology for data security

If you’re new to Microsoft Intune, getting started with mobility management for the first time can be a daunting task. With the right tools and processes, however, it can be an incredibly efficient way to stay in control of your work devices. 

Intune is a cloud-based service that allows you to manage, monitor, and secure all of your company devices from a single dashboard. It also provides an easier way to deploy applications, manage security settings, and enforce policies. 

In this guide, we will walk you through how to get started with company device management in Microsoft Intune. We’ll cover how to set up your devices, enroll them in Intune, and configure admin policies for a secure and productive work environment. Let’s dive straight in!

This article covers:

What Is Microsoft Intune?

Microsoft Intune is a cloud-based enterprise mobility management (EMM) service that’s part of Microsoft 365. It helps organizations manage the devices their employees use to access corporate data and applications. 

Intune provides both mobile device management (MDM) and mobile application management (MAM) capabilities to enable secure access to corporate resources from any device, anywhere.

It enables organizations to securely manage and protect corporate data on mobile devices, laptops, desktops, and virtual desktop infrastructure environments. It can be used for managing both corporate-owned devices as well as bring-your-own-device scenarios (BYOD).

The service includes features such as device enrollment, inventory tracking, remote wiping, app deployment, and control settings for iOS, Android, and Windows. It also provides secure access to Office 365 applications such as Outlook, Word, and Excel from any device. 

Additionally, it provides tools for managing user access rights to different applications based on roles or groups within the organization.

Intune also offers advanced security capabilities such as multi-factor authentication, conditional access policies, app protection policies, and compliance settings that help ensure that only compliant devices can access corporate resources. 

MDM vs MAM: Choosing the Right Approach

Mobile Device Management (MDM) and Mobile Application Management (MAM) are two distinct mobility management offerings within the Microsoft Intune platform. Both technologies provide organizations with the ability to manage and secure mobile devices, but they each offer different levels of control and security.

MDM is designed to provide organizations with a comprehensive approach to managing mobile devices. The technology allows administrators to remotely configure enrolled devices, enforce policies, manage apps, deploy updates, and track usage. 

With MDM, organizations can ensure that mobile devices and operating systems are compliant with corporate policies and standards. 

MAM offers organizations a more granular approach to managing mobile applications. This technology allows administrators to control access to specific applications on a user’s device while still allowing them full control over the overall device configuration. 

MAM provides administrators with a way to monitor application usage, block unauthorized applications, and restrict access based on user identity or location. 

When it comes to choosing which technology is right for an organization’s needs, it ultimately depends on the type of data being accessed and managed by the organization’s employees. 

For example, if an organization needs complete control over their employee’s devices — including application access — MDM may be the best solution. However, if an organization only needs control over specific applications or data that is accessed by employees, MAM may be a better option as it provides more granular control without restricting users from using their personal devices as they please. 

A Step-by-Step Framework for Device Management with Intune

Once you’ve chosen your preferred approach, it’s time to put your mobility management plan into action. In this guide, we’ll focus on the mobile device management (MDM) approach. 

Let’s walk through the various steps necessary to set up MDM with Microsoft Intune:

Step 1: Set up the environment

The first step is to set up Microsoft Intune for your organization. 

This includes creating an account with a valid domain name, setting up a tenant for managing the corporate devices, and enabling the required services for device management in Intune. 

Step 2: Configure mobile device policies

Once the environment is set up, it’s time to configure policies for managing mobile devices. 

This means setting up restrictions on device features such as internet access or camera usage, configuring security settings such as passcode complexity or remote wipe capabilities, and setting up other policies such as app installation or data encryption requirements. 

Step 3: Enroll your company devices

After configuring policies for managing different mobile devices with Microsoft Intune, it’s time to enroll them into the system. 

There are multiple ways to do this - users can be given an enrollment link which they can use to enroll their own devices into Intune. 

They can also use a QR code which they can scan using their device’s camera. 

Finally, IT administrators can manually enroll devices into Intune using bulk enrollment methods such as Apple Configurator 2 or Windows Autopilot Deployment Program (WADP). 

Step 4: Start managing individual applications

Once devices are enrolled in Microsoft Intune, IT administrators can manage applications on them remotely. 

This may involve: 

  • deploying apps from public stores like Google Play Store or Apple App Store
  • deploying custom line-of-business apps
  • pushing out updates and patches
  • removing unwanted apps, and more. 

Step 5: Monitor device usage

In addition to managing applications on enrolled devices remotely with Microsoft Intune, IT administrators can also monitor the usage of these managed devices. 

This includes tracking user activity like which apps are being used most often; when users log into their accounts; what websites they visit regularly; etc.

Step 6: Generate device reports

Finally, IT administrators can generate comprehensive reports on various aspects of managed mobile devices. 

The types of reports you can generate include reports on application installations, updates, and removals; user activity logs; compliance status of organizational policies; and more. All of this helps keep track of activities related to managed devices within an organization’s network.

Using Software Automation to Simplify Intune Management

Intune management can be complex and time-consuming. Automation tools can help simplify the process by taking care of routine tasks such as deploying application packages, monitoring device health, and ensuring compliance with corporate policies.

Here are some of the ways automation can help you better manage your Intune environment:

Automated Device Enrollment: Automated provisioning enables IT admins to quickly and easily set up and manage company-owned devices, such as iPhones and iPads, with Intune. 

This eliminates manual setup processes and reduces the time it takes to get devices ready for use. Additionally, automated provisioning increases security by ensuring that all mobile devices are configured according to your organization's security policies. 

Automated Policy Management: Automation tools can help simplify policy management by allowing IT admins to centrally manage all Intune policies across multiple platforms. 

This ensures that all devices are compliant with corporate security requirements and reduces the amount of time spent manually configuring individual settings on each device. 

Automated Software Deployment: Automation tools can also help simplify software deployment by enabling IT admins to quickly deploy applications across multiple platforms using Intune's cloud-based delivery model. 

This eliminates the need for manual installation of applications on each device, saving time and reducing the risk of errors associated with that process. 

Automated Security Management: Finally, automation tools can simplify security management by providing real-time threat detection capabilities that alert administrators if any malicious activity is detected on any managed device within the organization's network. 

This helps admins quickly identify and address any potential threats before they become serious issues that could cause loss of company data.

Policy Management and Application Deployment Platform for Microsoft Intune from CoreView

CoreView Configuration Manager for Microsoft 365 simplifies the administration of Microsoft 365. It comes with features like end-to-end lifecycle management, detailed audit logs, configuration backup functionality, and built-in security baselines.

CoreView lets you easily deploy applications across company-owned devices using its robust application packaging tool for Intune. It also takes care of application updates without requiring you to package the application again from scratch.

Apart from application packaging, CoreView Configuration Manager also helps configure and modify a range of app and device management policies inside Intune — all with detailed audit logging and one-click backup restoration — using a single unified dashboard.

Want to learn more about how CoreView can improve your Intune device management workflow? Sign up for a free demo — we’ll walk you through it one-on-one.

Get a personalized demo today

Created by M365 experts, for M365 experts.