If you’ve been looking at the benefits of Microsoft 365 for business, you may have noticed something called Intune listed as one of the secure cloud services included. Intune’s something I hadn’t used a lot and I don’t think there’s a lot of awareness about it, so I decided to research and write this post.
Microsoft Intune is a secure cloud service that enables mobile device management and mobile application management. With Intune you can manage how devices are used and enforce policies that allow you to control applications.
Intune is an advanced cloud-based service that integrates with other Microsoft services to provide comprehensive management of mobile devices. This blog post is going to be a bit of an overall look at Intune, including:
- How Does Microsoft Intune Work?
- What Can You Do With Microsoft Intune?
- How Does Microsoft Intune Integrate With Other Microsoft Services?
- Why Use Microsoft Intune?
- What Licences Do I Need To Use Microsoft Intune?
By the end of this blog post, you should know how Intune works and how your organisation would benefit from using it.
How Does Microsoft Intune Work?
As I said, Microsoft Intune is a cloud-based service that allows you to remotely manage mobile devices and mobile applications. One of the biggest benefits of Intune is that you can have an ultra-productive mobile workforce without worrying about the security of your organisation’s data.
You can do a lot with Intune, making it possible for your teams to work anywhere using their mobile devices. You can:
- Set rules and configure policies for a range of devices, whether they’re personal or organisation-owned. This means your company can have a BYOD (Bring Your Own Device) policy without major concerns about security.
- Deploy apps to mobile devices from any location to several devices concurrently. For example, you can deploy apps such as Microsoft Teams, Word, and Outlook to the devices you manage using Intune.
- Control what users and devices can access. Protect your organisation’s data by controlling the information that users can access and share.
- Ensure that the devices your team members are using are compliant with your security requirements. If devices aren’t compliant, this will be flagged up and you can resolve the issue.
Intune is an excellent cloud-based service to use for both organisation-owned and personal mobile devices. However, I think it’s particularly useful for businesses that embrace a Bring Your Own Device policy.
If your team members are using their own devices (mobile phones, laptops, and tablets to give 3 examples) for work, you must do everything within your power to protect your organisation’s devices. Microsoft Intune is massively beneficial here, as it lets you prevent users from accessing certain data on certain devices. You can also prevent users from sharing your organisation’s data and isolate organisation data from personal data.
Intune is actually part of Microsoft’s Enterprise Mobility + Security Suite and it also integrates with several other Microsoft services. For example, Microsoft Intune integrates with:
- Azure AD (Azure Active Directory)
- Azure Information Protection
- Microsoft 365 Applications
Microsoft Enterprise Mobility + Security Suite (EMS) is made up of a range of applications and services:
- Azure Active Directory
- Microsoft Endpoint Configuration Manager
- Microsoft Intune
- Azure Information Protection
- Microsoft Cloud App Security
- Microsoft Advanced Threat Analytics
- Microsoft Defender for Identity
- Microsoft Secure Score
As you can see, Microsoft Intune is a small part of Microsoft Enterprise Mobility + Security (EMS). The EMS Suite is designed to offer businesses excellent, best-in-class protection, detection, and response capabilities.
To fully appreciate Microsoft Intune and make the most of it, you need to fully understand what you can do with it. Here’s what you can do with Microsoft Intune.
What Can You Do With Microsoft Intune?
Microsoft Intune is an excellent cloud-based service for MDM (mobile device management) and MAM (mobile application management). Here’s a quick overview of everything you can do with it.
There are 3 main things you can do with Microsoft Intune:
- Set rules and configure policies for devices
- Deploy apps to mobile devices remotely
- Control what users can access and share
I think those points give you a really good idea of how you can use Intune and how doing so would advantage your business. However, I’m going to break down each point and give you some real-world examples of what you can do.
Set rules and configure policies for devices
Microsoft Intune enables you to set rules and policies for enrolled devices. Your organisation can control how team members can use the devices, ultimately protecting your business and its data.
In Microsoft Intune, you can create several configuration profiles that you can apply to mobile devices used by your team members. There are numerous features and settings that you can enable and disable on devices that are enrolled in Intune.
Configuration profiles can be created for a range of devices and operating systems, such as iOS, Android, and Windows. Configuration profiles contain a range of settings and rules that can be applied to any device within your organisation. For example, here are some of the functions Intune will allow you to control:
- Block access to Bluetooth settings on devices
- Block/allow access to certain devices on the network, such as printers
- Create VPN profiles, enabling the devices to remotely access your organisation’s network
- The installation of updates
There are literally hundreds of configuration profile templates ready to go. Pick and choose between the templates you want to use to create profiles that are tailored to the requirements of your organisation.
Deploy apps to mobile devices remotely
A part of Microsoft Intune is mobile application management (MAM). Mobile application management within Intune allows you to deploy and control apps, as well as monitor usage.
For enrolled devices (personal or organisation-owned), you can:
- Remotely configure apps, controlling when the device user can open apps or force them to open at a certain time
- Assign devices and users to fully-configurable groups, making deploying apps, policies, and rules simple
- See reports on when and how devices are used
- Wipe data from apps remotely, which is ideal if a device is stolen or you suspect malcontent
- Control actions that users can take in apps, such as preventing sharing, screenshotting, and copy & pasting
You can give users as much flexibility as required to enhance productivity while still controlling your organisation’s data.
Control what users can access and share
With Microsoft Intune, you have complete control over what users can access and share on enrolled devices.
Controlling what users can access and share can be much more advanced than just allowing or restricting access. You can micromanage access and sharing with app protection policies, preventing users from performing certain actions within apps.
For example, you can restrict users by preventing them using copy and paste functionality within certain apps. You can also control whether or not users can send emails to email addresses outside of your organisation’s control, or prevent certain types of data from being transmitted via email.
Using user groups, you can assign certain policies and rules to groups of users and devices. Alternatively, you can assign policies and rules per user and per device should you wish to. However, using groups you can rapidly push policies and rules to large numbers of devices and users.
How Does Microsoft Intune Integrate With Other Microsoft Services?
Microsoft Intune integrates with a number of other Microsoft services as I mentioned earlier in this blog post.
Intune integrates with Azure Active Directory for access control and Azure Information Protection for data protection purposes.
Microsoft Intune also integrates with the Microsoft Office suite of products. With Intune, you can remotely install applications such as Outlook and Word on devices and for certain users. You can also control how these applications work for certain devices and users.
As one of the cloud-based services that makes up Microsoft’s Enterprise Mobility + Security (EMS) suite, Intune is also closely integrated with the other services that make up the suite. EMS is a mobility management and security platform, so all the services within the platform are designed to empower your organisation’s team members to work productivity anywhere while ensuring your organisation is kept secure.
Are you still wondering why you should use Microsoft Intune? Here’s why Intune is beneficial for organisations and their employees.
Why Use Microsoft Intune?
The workforce, or labor force, is becoming increasingly mobile worldwide. More organisations than ever have people working on the move, which is enabled by the number of cloud services available to us. However, security is a big concern when users are working remotely or on the go. Intune is one of the Microsoft services that makes working on the go secure and accessible for all organisations.
Microsoft Intune lets you give your team everything they need to work on their mobile devices without sacrificing security. Essentially, you get the best of both worlds. Users can remain productive regardless of the device they are using without having to worry about the security of your organisation’s data.
What Licences Do I Need To Use Microsoft Intune?
There are three primary ways to get access to Microsoft Intune. They are:
- As a standalone Azure service. Intune is available as a standalone add-on within Azure. You will pay a subscription fee per user.
- As part of a Microsoft 365 licence. Microsoft Intune is available to users with any of the following M365 licences:
- Microsoft 365 Business Premium
- Microsoft 365 E3
- Microsoft 365 E5
- Microsoft 365 F3
- Microsoft 365 Government
- As part of Mobile Device Management for Microsoft 365. Mobile Device Management for Microsoft 365/Basic Mobility and Security is essentially a more basic version of Intune. This is available to users of all M365 plans.