This is a continuation of a series of articles on Azure services from an operational engineering perspective with the most recent introduction to Microsoft Intune with the link here. The previous article mentioned Microsoft Intune with its device management capabilities. This article discusses the lifecycle of devices and applications. 

Microsoft Intune is a cloud-based service that manages devices and their applications. These devices can include mobile phones, tablets, and notebooks. It can help configure specific policies to control applications. It allows people in the organization to use their devices for school or work. The data stays protected, and the organizational data can be isolated away from the personal data on the same device. It is part of Microsoft’s Enterprise Mobility and Security EMS suite. It integrates with the Azure Active Directory to control who has access and what they can access. It integrates with Azure Information Protection for data protection.  

Intune can help with the lifecycle management of the devices and applications. All devices must go through various stages of the lifecycle from enrollment, through configuration and protection, to retiring the device when it is no longer required. As an example, a phone used by an end-user for work purposes must first be enrolled with an Intune account to allow the company to manage it, then it must be configured for compliance and the data stored must be protected and finally, the device must be retired by wiping away all the sensitive data. Setting up device enrollment is the first step and the devices that can be enrolled can vary in size, shape, model, and functionality.  Even personal notebooks can be enrolled with the guarantee that the data will be isolated between usages for work and personal requirements.  Devices must be configured next to leverage all the offerings of Intune such as to be secure and compliant with the company standards, to manage how the devices operate, and to adhere to one or more policies. Devices do not necessarily lose functionalities when they are configured. They might just have more protection added to use those functionalities.  When users want to access company resources such as their work email or company network, they need not know all the complex settings Intune reduces this burden for them.  The Intune client software can also add more device management capabilities to the devices. The protection of the device is from unauthorized access or malicious attacks. These additional layers of protection are provided by multi-factor authentication, Windows Hello for business settings, and policies applied with the Intune client software. Finally, the devices go through the end of the lifecycle including resetting and removing from management. If they are lost or stolen, then they must be properly replaced.

The app lifecycle is somewhat like the device lifecycle in that it is also cyclic, but it goes through the lifecycle stages for add, deploy, configure, protect and retire. The first step in the application lifecycle is the addition of the application. The procedures remain the same for many different types of applications. The next stage is deploy, and Intune can assign devices and users to the applications. Additionally, in some app stores, app licenses can be purchased in bulk across users. Deployment is transparent. For example, license usage can be tracked from the Intune administration console. The configure part of the application lifecycle is easy to do with the tools that Intune provides and generally involves updating the application, configuring extra functionality, and managing browser policies. Intune gives many ways to help protect the data in the applications, but the main ones are the use of conditional access and application protection policies. The former controls access to say emails and services based on conditions and the latter protects company data used by the applications by say preventing their running if the device is jailbroken or rooted. Finally, an application can become outdated or require to be removed and this is made easy with uninstallation.

Together device and application lifecycle can ensure that they pose no risk to the company and allow the devices to expand their capabilities safely and securely.