What is Microsoft Intune?
Microsoft Intune stands out as a robust cloud-based service designed to streamline the remote management of mobile devices and applications. This comprehensive solution offers management of both company-owned and personal devices.
Microsoft Intune simplifies Mobile Device Management (MDM) and Mobile Application Management (MAM). It enables easy management and protection of organizational devices and applications without requiring complex infrastructure.
Administrators gain comprehensive control over the entire device lifecycle through the unified Intune admin center. This encompasses streamlined processes such as device onboarding with Autopilot, application deployment, device configuration, device security, and efficient device offboarding with device reassignment capabilities.
Additionally, Intune provides robust functionality to manage the application lifecycle similar to the device lifecycle. This includes tasks like application deployment, securing application data on end-user devices, Application management, and the seamless removal of applications and organizational data.
Table of Contents
Valuable Intune Features
- Mobile Device Management (MDM)
- Mobile Application Management (MAM)
- Endpoint Security
- Windows Update for Business
- Intune Cloud PKI
- Embedded Security Copilot Experience
1. Device Management [MDM]
Once you enroll your devices in Intune, you gain control over the entire device lifecycle. There are various enrollment methods to choose from, allowing you to select the one that best fits your requirements.
Intune not only facilitates the management of company-owned devices but also extends its support to BYOD (Bring Your Own Device) scenarios.
By utilizing the Enrollment restrictions policy, accessible through the Intune admin center, you can control the types of devices eligible for enrollment into your Intune organization.
Here are the supported operating systems for device management:
Once a device is enrolled, you have the flexibility to perform various actions on it. Examples include but are not limited to:
- Restart the managed device
- Send a Wipe command to the device
- Retire a Device
- Collect Diagnostic Logs
- Rename the Device and so on…
2. Application Management [MAM]
Mobile Application Management (MAM) safeguards organization data within managed applications. Originally focused on Android and iOS devices, Microsoft has expanded MAM support to Windows devices through Microsoft Edge for Business. Key features of MAM include:
- Deployment of Applications: Simplify and streamline the process of deploying applications on managed devices.
- Information Copy/Paste Restrictions: Enhance security by restricting copy/paste functionality within managed applications.
- App Selective Wipe: Enable the creation of wipe requests using App Selective wipe to remove managed apps and associated data from user devices.
- Application Reporting and Monitoring: Gain insights into application usage through comprehensive reporting and monitoring features.
3. Endpoint Security
The endpoint security node in Intune is used to configure device security and manage security-related tasks for your managed devices. It allows Intune administrators to identify devices that are at risk and perform remediation tasks. The endpoint security node currently Includes:
- Security Baseline configurations
- Security tasks
- Antivirus configuration
- Disk encryption configuration settings
- Endpoint Privilege Management
- Endpoint Detection and response
- App Control for Business
- Attack surface reduction
- Account protection
- Device compliance
- Conditional Access
- Microsoft Defender for Endpoint Configurations
Using Autopilot, you can pre-configure new Windows devices before sending them to business users. Autopilot makes the process easy by Enrolling your device Entra ID and Intune, Installing applications, and setting up security and configuration policies.
Some of the main benefits of Autopilot Include:
- Simplified Deployment: Autopilot streamlines the deployment process, allowing for quick and hassle-free provisioning of Windows devices without the need for extensive manual configurations.
- User Self-Service: End-users can easily set up their devices, reducing the dependency on IT personnel. This self-service approach enhances user experience and minimizes the time and effort required for device onboarding.
- Consistent Configuration: Autopilot ensures that devices are configured consistently according to organizational policies and standards, reducing the likelihood of configuration errors and ensuring a standardized computing environment.
- Zero-Touch Provisioning: The zero-touch provisioning capability of Autopilot enables devices to be configured automatically, requiring minimal interaction from IT administrators. This is particularly beneficial for remote or distributed deployments.
- Enhanced Security: Autopilot helps enforce security measures during the device setup, ensuring that devices are configured with the necessary security settings and compliance policies from the outset. This contributes to a more secure computing environment.
5. Windows Update for Business
Windows Update for Business seamlessly integrates with Intune, providing organizations with a comprehensive solution for managing Windows OS updates including Drives and firmware updates. This integration extends the benefits of centralized update management and flexible deployment rings into the Intune ecosystem.
Administrators can leverage the combined power of Windows Update for Business and Intune to establish tailored update strategies, ensuring that devices remain secure and up-to-date.
You can create Update Rings to manage Windows updates and use the Feature Update policy to handle the deployment of feature updates. This is a particularly useful feature if you want to maintain consistency in feature updates across all your organizational devices.
6. Intune Cloud PKI
Microsoft Cloud PKI simplifies the management of intricate Public Key Infrastructure (PKI). It empowers you to effortlessly create a Certificate Authority, issue certificates to users and devices through Intune, and efficiently handle the entire certificate lifecycle, encompassing tasks such as Certificate renewal and revocation.
While this feature has not been released yet, Microsoft recently announced that it will be available starting February 2024 which will be a part of Microsoft Intune Suite. You can purchase it as a standalone add-on license for $2/user/month if you don’t want a full Microsoft Intune Suite license.
To use Intune Cloud PKI, you will need to Sign in to Intune admin center > Tenant administration > Cloud PKI.
7. Embedded Security Copilot Experience
Security Copilot leverages Gen-AI technology to enhance the experience of IT administrators in the security and management of end-user devices. Embedded Security Copilot Experience is launching in December 2023 as a private preview for select customers.
It will help to Identify and remediate issues faster by providing real-time information to administrators from the Intune admin center. It will also provide AI-driven recommendations for threats, incidents, and vulnerabilities.
Microsoft Intune Pricing
The Microsoft Intune license is billed on a per-user, per-month basis. Various plans are available for Intune, each offering distinct feature sets and unlocking specific functionalities based on the chosen plan.
|Microsoft Intune Plan 1 ($8/user/month)|
|Cloud-based UEM solution with basic functionalities such as:|
✔️ Endpoint Management of Windows, Android, iOS, and macOS devices.
✔️ Endpoint security
✔️ Endpoint Analytics
✔️ Mobile Application Management [MAM]
Intune Plan 1 is included in:
✔️ Microsoft 365 E3, E5, F1, F3, Enterprise Mobility + Security E3 and E5, and Business Premium plans.
|Microsoft Intune Plan 2 ($4/user/month)|
|This is an add-on license to Microsoft Intune Plan 1 which provides Advanced endpoint management. Along with that, It includes:|
✔️ Microsoft Intune Tunnel for MAM
✔️ Endpoint Management of Speciality Devices
✔️ Mobile firmware updates over-the-air
|Microsoft Intune Suite ($10/user/month)|
|It is also an add-on to the Microsoft Intune Plan 1 license. Below additional functionality/tools are included in the Intune Suite:|
✔️ Remote Help
✔️ Endpoint Privilege Management
✔️ Intune Advanced Analytics
✔️ Microsoft Cloud PKI
✔️ Microsoft Enterprise App Managment
|Intune Standalone Licenses||Price|
|Intune Remote Help||$3.50|
|Endpoint Privilege Management||$3|
|Enterprise App Management||$2|