Intune ExplainedIntune was born as Microsoft’s Cloud based Mobile Device Management platform. Since then, it has grown into a management platform for both mobile devices and P.C.s. Intune can now manage iPhone, Android, Windows Phone, and some versions of Windows. It’s clear that Microsoft intends to grow Intune into a complete cloud-based device management platform.
The process of planning for an Intune roll out can be difficult. The features and functionality within Intune are ever evolving, so knowing how to deploy Intune effectively takes some studying. In this blog post, we’ll provide an introduction into Intune's current capabilities. We will test out what Intune can do to make your data more secure in a “Cloud First, Mobile First” world.
What is Intune?The acronyms seem nearly endless, don’t they? Mobile Device Management (MDM), Enterprise Mobility Management (EMM), and Mobile Application Management (MAM) are three of the more popular acronyms you’ll see describing what Intune is. Each describes some of the functionality available within Intune, and I see them all used in this space. Whatever the acronym we use, there are three main areas of functionality that Intune currently provides.
- Intune manages devices your organization’s workforce uses to access company data
- Intune manages the mobile applications your organization’s workforce uses to access company data
- Intune verifies that devices and applications are compliant with your organization’s security policies
Intune is design around the idea that an organization’s workforce needs access to company data around the clock from anywhere and on any device. The modern workforce uses a lot of devices, and most of them tend to be brought from home. Intune gives organizations a way to manage those devices and how they are used to access organizational data.
It’s important to note that Intune is intentionally integrated tightly with the rest of the Enterprise Mobility + Security (EM+S) suite. You’ll quickly find that Intune licenses alone will limit your organization’s management options. I use the EM+S E5 license in my tenant. While this nearly doubles the price of an Office 365 E3 license, the features and functionality provided are impressive.
Device Management vs. Application Management?When planning for deploying Intune, I find it’s important to understand the difference between device management and app management. Keep the difference clear in your head will save you lots of time and effort when defining your Intune policies.
Device Management Policies Cover:Enrolling devices
- Configuring devices
- Pushing certificates
- Reporting on devices and measuring device compliance
- Removing organizational data from devices
Application Management Policies Cover:
- Assigning mobile applications to employees
- Configuring applications
- Controlling how organizational data is used
- Removing organizational data from applications
- Updating applications
- Reporting and tracking application usage
If we go back to EM+S, there are additional security features that are added from other parts of that stack. When an application is managed though other EM+S features as well as Intune you gain additional features like:
- Isolation of personal data from organizational data within an application
- Single sign-on
- Application based conditional access
- Multi-factor authentication
- Rights management support
What Devices Does Intune Manage?
While planning your Intune deployment it’s important to understand what devices Intune can manage. Intune manages phones, tablets, and computers.Phones/Tablets:
- Android 4.4 and later devices
- iOS 9.0 and later devices
- Windows Phone 8.1, and Windows 8.1 RT, Windows 10 Mobile
- Windows 10
- MAC OS X 10.11 and later
- Windows 8.1 (sustaining mode)
Intune With & Without Device EnrollmentMost of the functionality within Intune is going to require installing the Company Portal application on the managed device, but there are still some benefits that can be gained without that requirement.
Features Without Enrollment Provided by Intune Include:
- PIN requirements
- Preventing “save-as”
- Copy/Paste restrictions
- Jailbreak detection
- Remote wipe some protected data.
Putting It All Together
Moving to a cloud-based IT infrastructure can be challenging for many reasons. Customers often feel like they are losing control over their organization’s data to some extent during this process. Microsoft is very focused on making the data more available to in as many ways as they can.
Adding Intune to your Microsoft cloud stack gives organization’s the ability to control end-user’s BYOD devices, and how they use those devices to access organizational data. Before you can plan your Intune deployment, you need to understand the capabilities of this product. Customers are rightfully confused by the wide range of features spread out across the EM+S stack, so it’s worthwhile to make sure you understand what you’re getting with the licenses you purchase.