Microsoft Intune Abilities

Hey folks,
I want to introduce you the Microsoft Intune service with his abilities that I’ve checked recently, It is not a secret that Microsoft strongly pushing the Microsoft Intune and improves it rapidly, to be honey they are doing amazing job over there, I have found some new great features that I am going to show you.
Basically, Microsoft Intune is cloud-based service which allows us managing Mobile and Windows 10 devices via Intune along with that, we definitely can set devices management strategy policies and even deploy applications to our devices, make sure and devices and apps are compliant with our security requirements and more great features that described below:

We should make sure we are allowing devices to join and register to Azure AD

Manage an Intune device

Don’t forget –  If you want to allow to the certain user,  you should enable the license for him:

Licenses that include Intune:
https://docs.microsoft.com/en-us/intune/licenses

You need to register your PC to Intune and join them by opening your PC settings and navigate to Access Work or School and then click on Connect:
In this way we register our device to Microsoft Intune and AD Azure:

Then, select the “Join this device to Azure Active Directory

And inserting your personal details:

Connected successfully:

Here it’s how main Intune dashboard looks like:

As you can see on the left side of the window. we have some management ability that you may know, let talk about them:

Device Enrollment:
In this area we are managing our devices and getting fully overview about any type of devices, mobiles, and PC’s, we can set enrollment restrictions, deploy autopilot and even set password policies requirement,  and MFA for our devices.

Device compliance:
In this area, we set compliance settings such as, require BitLocker, secure boot, code integrity, OS requirements, set password requirement like password type, allowing simple password or not, Password expiration, Firewall, Anti-virus, ATP and more really great options, and they constantly improve them.

Creating notifications for our devices, Windows defender ATP, which integrated to Windows Defender ATP, locations, mobile thread defense, and of course Audit log.

Device configuration:
In this area, we can set a profile for a certain platform, what kind of profiles? Wi-Fi, VPN, Kiosk, Email, Identity protection, Certificates, Device restrictions and more, you also can custom your profile, the most I liked is “Edition upgrade” which can automatically upgrade devices that run some versions of Windows 10 to a newer edition.
for full profile list please check this out:
https://docs.microsoft.com/en-us/intune/device-profiles

We also can deploy PowerShell scripts from Device configuration area.

Devices:
In this area we can get out devices with their info, hardware details, what kind of type join they are, we also can set device clean up rules for which it reminds us the disable or non-active computers from our on-premises AD PowerShell scripts.
By the way, they are several  device types you may know:

  • Azure AD join – which is a non-joined computer that joins to AD azure like Workgroup machine
  • Azure AD registered – which is a device which registered to the local AD and synced with AD connect

Software updates:
As you can understand, in this area, we can deploy Windows 10 update rings, we can update policies for iOS and monitor them

Client apps:
In this area, We can deploy applications to our devices and mobiles, we can also deploy app protections policies, – App selective wipe, set up the Company portal branding, Conditional access:

We can set some rules for controlling our devices, for example, I have set the  “multi-factor authentication” which required for each registered device, you can set this per location and per device type – which available on AD azure),

For further information about conditional access:
https://docs.microsoft.com/en-us/intune/conditional-access

Users, Groups – Are like the on-premises objects, you can review your users and groups.
Roles – You can set permission to your IT guys and let them manage some area and abilities in the Intune.

Troubleshooting:
That’s nice you can run Troubleshooting wizard per user and see what wrong or good with him. Very useful for you

Ok So

If I am trying to sum up the Microsoft Intune, I certainly can say that I’ve been impressed, along the time, Microsoft develops for us the major on-premises abilities straight from the cloud and even give us extra features, so it’s just a matter of time until the Azure AD, Intune, and others cloud features will be perfect, but no doubt they are in the right way.
Moreover, If you have SCCM, so you can enable the “Co-Management” feature which allows us to manage our Windows 10 devices from Microsoft Intune & SCCM together.

Not everything is perfect yet: I tried to deploy several applications to Windows 10 and encountered in some errors which under investigation on Microsoft.
You can enable the EMS trial account and test by yourself

Leave a Comment

Your email address will not be published.

In the news
Load More