Intune support guide for mobile device Management assists beginners trying to get into the game of supporting a modern IT network.  What the heck does that mean?  Traditional IT or Active Directory is based on LDAP while modern IT, what Intune is built on Microsoft Azure AD.  This is nothing more than an identity service. The identity service provides single sign using OAUTH2 or SAML. It is one of many components of the Microsoft 365 family.  This is not to say Traditional Active Directory and Azure Active Directory can’t work together in a hybrid universe but I really want to drive home the point that Intune is separate entity from Traditional AD and while Group Policies have been around for decades and therefore incredibly rich in features,  Intune is the future.  For those familiar with the basics, we have created shortcuts into some deep dive conversations.  Don’t know how to access Intune?   Skip down to Microsoft Admin Center.

• Need a more basic introduction to Intune Security & Support?
  • We provide more context to why MDM security AKA Intune is more important than ever with the work from anywhere revolution happening now.  Follow this link for guiding you through the initial steps of Windows 10 setup, joining Azure Active Directory, and integrating Intune as the final piece of the puzzle.
• Nuts and Bolts conversation for joining vs registering and enrolling devices
  • Skip pass the high level talk about and dive into how to instructions for join computers to Azure AD followed by Intune.
• Compliance Policy Setup in Intune
  • Enforcing rules in your network. This should be used in conjunction with conditional access. https://Compliance.microsoft.com is dealing with the status of compliance. https://security.microsoft.com/securescore Security scores tell if you are compliance compared to industry standard.  Isn’t this fun?
• Intune setup for Conditional Access
  • Conditional Access ensure devices are compliant. You create conditional access based on sign-in risk based off of a risk score, location (where did you login from, etc), and other conditions.
• Configuration Profiles
  • Configuration Profile will enforce the setting or policy like Bitlocker.
• Autopilot Setup in Intune
  • Customize a new computer without laying your IT hands on it.
• Device Management – Company Owned Devices
  • Device Management is more for companies looking to manage the entirety of the device.
• Bring Your Own Device Setup in Intune (BYOD) Section
  • App Management is typically used in BYOD (Bring Your Own Device) situations into work.  Here, Intune allows the company to manage the data connected to apps on the device while not managing the device itself.

Microsoft Admin Center

Small businesses may be pretty familiar with the Admin Center interface.  We will navigate to Intune through the endpoint management link.

NOTE:  Some device and application policies are configurable via the Microsoft 365 admin center from Devices > Policies.  Do not use this UI to setup and manage your policies.  Never, ever…  Ever, ever, ever… use Microsoft 365 Admin Center for setup and managing your policies.

Go Intune or go home!!!  Work only in the Intune / Device management portal. You have been warned.

Intune Admin Center

Our Intune support guide for mobile device Management has a nice illustration below of where you can access Intune admin center from the Microsoft Admin Center.  From there, we can access the features of Intune.  As you can see, the portal also contains some quick links to active directory features like users and groups.

Got Intune?

Head into Azure Active Directory Admin Center to see what Mobile Device Management Profile (MDM) you are currently using.

 

 

 

 

 

 

 

 

 

 

 

 

Select Some from the MDM user scope to use MDM auto-enrollment to manage enterprise data on your employees’ Windows devices. MDM auto-enrollment will be configured for AAD joined devices and bring your own device scenarios.

 

 

 

 

 

 

 

 

 

 

To learn about creating groups for when Administrators select “some” click here.

• Azure active directory>Mobility(MDM and MAM)>Microsoft Intune > MDM User scope

If so, as per the following MS Document: https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enroll#configure-automatic-mdm-enrollment

• Configure MDM User scope. Specify which users’ devices should be managed by Microsoft Intune. These Windows 10 devices can automatically enroll for management with Microsoft Intune.
  • None – MDM automatic enrollment disabled
  • Some – Select the Groups that can automatically enroll their Windows 10 devices
  • All – All users can automatically enroll their Windows 10 devices

More Intune Fundamentals

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). You control how your organization’s devices are used, including mobile phones, tablets, and laptops. You can also configure specific policies to control applications For your reference we are attaching the following MS links:

• https://docs.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune
• https://docs.microsoft.com/en-us/mem/intune/fundamentals/what-is-device-management
• https://docs.microsoft.com/en-us/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager
• https://docs.microsoft.com/en-us/mem/intune/fundamentals/migration-guide

 

Microsoft Endpoint Manager Admin Center

Use Intune Portal shortcut below or navigate to “Endpoint Manager” from the Microsoft Admin Center console if you have Microsoft 365 Business Premium or similar licensing.

https://endpoint.microsoft.com/

 

 

 

 

 

 

Enroll devices | Windows Enrollment

To manage devices in Intune, devices must first be enrolled in the Intune service.  Both personally owned and corporate-owned devices can be enrolled for Intune management.

 

 

 

 

There are two ways to get devices enrolled in Intune:

• Users can self-enroll their Windows PCs
• Admins can configure policies to force automatic enrollment without any user involvement

 

Learn more about the two methods for Windows devices to enroll with Intune.  Check out our licensing post discussing what is required to have Intune running in your environment.

 

 

 

 

 

 

Illustrated below is the apps section of Intune.  In the overview section, we can see all apps as well as some monitoring as to what is going on with our apps.

By Platform

We can look at apps by platform.

Policy

We can look at the policies related to apps

Other

And we have some other features of Intune like adding categories for our apps and authenticating users for company ebooks.  Let’s take a look at all app.

 

 

 

 

 

 

 

Intune Support Guide for Mobile Device Management Summary

Additional Resources:

• Not sure what Microsoft 365 license to get?
• Need to understand more about Modern IT by Microsoft 365?
• Need all the portal links to commonly used Microsoft 365 services?