This is a continuation of a series of articles on Azure services from an operational engineering perspective with the most recent introduction to Microsoft Intune with the link here. The previous article mentioned Microsoft Intune with its broad offerings and common ways to use them. This article discusses device management with Intune specifically. 

Microsoft Intune is a cloud-based service that manages devices and their applications. These devices can include mobile phones, tablets, and notebooks. It can help configure specific policies to control applications. It allows people in the organization to use their devices for school or work. The data stays protected, and the organizational data can be isolated away from the personal data on the same device. It is part of Microsoft’s Enterprise Mobility and Security EMS suite. It integrates with the Azure Active Directory to control who has access and what they can access. It integrates with Azure Information Protection for data protection.  

Device management overview is a key task for the Intune administrator. It enables organizations to protect and secure their resources and data from different devices. A device management provider can ensure that only the authorized users can get access to the devices and their applications.

Intune offers Mobile device management and Mobile application management. Some key tasks for such management include 1) supporting diverse mobile platform and their ecosystems 2) ensuring devices and applications are compliant with the organization's security requirements, 3) creating policies that keep the organization data safe on organization-owned and personal devices, 4) using a single solution to enforce policies and 5) protecting the company’s information by controlling the way data is used.

In-tune works seamlessly with on-premises solutions for mobile devices and application management. Many organizations use an on-premises Configuration Manager to manage devices, and this can be cloud-attached to Microsoft Intune. The benefits of Intune and cloud include conditional access, running remote actions, using Windows autopilot and more. Microsoft Endpoint manager is a solution platform that unifies several services. It includes Microsoft Intune for cloud-based device management and configuration manager with Intune for cloud-attach device management. This option to ‘co-manage’ with Configuration Manager and Intune is just right for leveraging the cloud to manage the devices in the field. There is also an option for Endpoint manager tenant attach where the devices are uploaded to the Endpoint manager admin center without enabling auto-management or switching to Intune

Intune also integrates with other services to extend security and protection. Microsoft 365 is a key component to simplify common IT tasks and it works with Intune, Azure Active Directory and more. Windows Defender includes many security features to help protect windows client devices. Together with Intune, it enables Windows Defender SmartScreen to look for suspicious activities. Using the Microsoft Defender for Endpoint, it helps prevent security breaches on mobile devices. Conditional access is a feature of Azure Active Directory and together with Intune, it makes sure only compliant devices are allowed access to emails and other applications.

The choices for the approaches to manage devices and applications depends on the organization and their requirements. There are some features that are built-into the Intune and this helps with managing those devices. Another approach helps manage the applications on those devices. There is a also a combination that can do both.

The device management admin center offers many capabilities that allow administrators to enroll devices, set device compliance, manage devices, manage applications, iOS eBooks, install Exchange, manage roles, manage windows client updates, manage software updates, Azure Active Directory,  manage users, groups and members and troubleshoot. Microsoft Intune offers a planning guide to get started.