Device Management

--- title: Device Management tags: theme description: Use `{%hackmd theme-dark %}` syntax to include this theme. --- <style> html, body, .ui-content { background-color: #333; color: #ddd; } .markdown-body h1, .markdown-body h2, .markdown-body h3, .markdown-body h4, .markdown-body h5, .markdown-body h6 { color: #ddd; } .markdown-body h1, .markdown-body h2 { border-bottom-color: #ffffff69; } .markdown-body h1 .octicon-link, .markdown-body h2 .octicon-link, .markdown-body h3 .octicon-link, .markdown-body h4 .octicon-link, .markdown-body h5 .octicon-link, .markdown-body h6 .octicon-link { color: #fff; } .markdown-body img { background-color: transparent; } .ui-toc-dropdown .nav>.active:focus>a, .ui-toc-dropdown .nav>.active:hover>a, .ui-toc-dropdown .nav>.active>a { color: white; border-left: 2px solid white; } .expand-toggle:hover, .expand-toggle:focus, .back-to-top:hover, .back-to-top:focus, .go-to-bottom:hover, .go-to-bottom:focus { color: white; } .ui-toc-dropdown { background-color: #333; } .ui-toc-label.btn { background-color: #191919; color: white; } .ui-toc-dropdown .nav>li>a:focus, .ui-toc-dropdown .nav>li>a:hover { color: white; border-left: 1px solid white; } .markdown-body blockquote { color: #bcbcbc; } .markdown-body table tr { background-color: #5f5f5f; } .markdown-body table tr:nth-child(2n) { background-color: #4f4f4f; } .markdown-body code, .markdown-body tt { color: #eee; background-color: rgba(230, 230, 230, 0.36); } a, .open-files-container li.selected a { color: #5EB7E0; } </style> # Microsoft Intune ## Introduction to Device Management With the increase in remote work, businesses, both large and small, must consider a mobile device management solution. This aspect is not a luxury, but rather a requirement for providing the most effective control. Additionally, a missing mobile device could occur at any time. As a result, there are numerous solutions available, with **Microsoft Intune** being one of the best. # Microsoft Intune ![](https://i.imgur.com/r1r7PuO.png) Intune is Mobile Device & Application Management (MDM&MAM). It brings control over how your organization's devices, such as mobile phones, tablets, and laptop computers, are used. With Intune, you can manage multiple devices per person, and the different platforms that run on each device, including iOS/iPadOS, macOS, Android, and Windows. Intune separates policies and settings by device platform. So it's easy to manage and view devices of a specific platform. **Intune** includes the following integration options. - Integration with AAD for **Access** - Integration with Azure Information Protection for **data protection** - Integration with Microsoft 365 suite of products ## Capabilities Here are some examples of what you can do with Intune. - Device Management - Application Management - Compliance and Conditional Access - Solve Common Business Problems Intune Solves - Define Your Own App Protection Policies - Remotely Managed Devices - Reports and System Logs --- # Management ## Start Managing Devices Organizations can safeguard their data and resources from various devices by using **device management**. Enrolling the devices with intune will give you the option to manage their usage with policies. You can controll their settings like their paswword, rules and settings. You can use Intune to set rules and configure settings on personal and corporate-owned devices to access data and networks. - Apps can be deployed and authenticated on all on-premise and mobile devices. - Control how users access and share information to protect your company's information. - Check that your devices and apps meet your security requirements. **When devices are enrolled and managed in Intune, administrators can:** - See the devices enrolled and get an inventory of devices accessing organization resources. - Configure devices, so they meet your security and health standards. For example, you probably want to block jailbreaking devices. - Push certificates to devices so users can easily access your Wi-Fi network or use a VPN to connect to your network. - See reports on users and devices compliance. - Remove organization data if a device is lost, stolen, or not used anymore. ## Start Managing Applications Intune allows you to create, publish, push, configure, secure, monitor, and update mobile apps for your users Within an application, MAM allows you to manage and protect your organization's data within the application. > [Manage apps from the Company Portal website](https://docs.microsoft.com/en-us/mem/intune/user-help/manage-apps-cpweb) # Use cases - Protecting your on-premises email and data so it can be safely accessed by mobile devices - Protecting your Microsoft 365 email and data so it can be safely accessed by mobile devices - Offer a bring your own device program to all employees - Issue corporate-owned phones to your employees - Issue limited-use shared tablets to your employees - Enable your employees to securely access Microsoft 365 from an unmanaged public kiosk --- # Intune & Azure Active Directory Intune integrates with Azure AD to enable a broad set of access control scenarios such as Conditional Access. These powerful services, when combined, provide control over your company's devices and easy access to internal resources, allowing your team to stay productive from any device. --- # Get started with intune First you have to start with this set up page. - [Intune set up account](https://signup.microsoft.com/get-started/signup?products=40BE278A-DFD1-470a-9EF7-9F2596EA7FF9&ali=1) > If your organization has its own custom domain that you want to use without .onmicrosoft.com, you can change that in the Microsoft 365 admin center When you're finished, you can move on to the custom domain. **Configure your custom domain name** - [Microsoft 365 admin center](https://admin.microsoft.com/) - [Sign in to Intune in the Microsoft Endpoint Manager admin center]( https://endpoint.microsoft.com) [Interactive Guide w/ MS endpoint manager](https://mslearn.cloudguides.com/guides/Manage%20devices%20with%20Microsoft%20Endpoint%20Manager) # Confirm your licenses When you sign up for the Intune free trial, a Microsoft Intune license is created for you. You will also receive a trial Enterprise Mobility + Security (EMS) subscription as part of this trial. > [Click here to confirm the licenses](https://docs.microsoft.com/en-us/mem/intune/fundamentals/licenses#confirm-your-licenses) # How to interact with Intune? You will most frequently use two portals: ## [The Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/) This is where you can explore the capabilities of Intune. It is a one-stop shop to manage and complete tasks for your mobile devices. This admin center includes the services used for device management, including Intune and Azure Active Directory, and to also manage client apps. One of these can be accomplished in the Device Management admin center. - Enroll devices - Set device compliance - Manage devices - Manage apps - iOS eBooks - Install Exchange on-premises connector - Manage roles - Manage software updates - Manage Windows client updates - Manage iOS/iPadOS updates - Azure active directory - Manage users - Manage groups and members - Troubleshoot ## [The Microsoft 365 admin center](https://admin.microsoft.com) This is where you can add and manage users, if you are not using Azure Active Directory for this. You can also manage other aspects of your account, including billing and support. --- # Do you want to go further? Intune is a good Microsoft product that is Agile and simple for deploying MDM solution that covers the greatest number of policies while also being stable, scalable, and safeguards your company's data as well as allowing you to control how your employees access and share business information. Now that you have a sense of Intune, you can continue by configuring it to enable mobile device management and gain the control. > [Set up Intune!](https://docs.microsoft.com/en-us/mem/intune/fundamentals/setup-steps)