Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). Intune is included in Microsoft’s Enterprise Mobility + Security (EMS) suite, and enables users to be productive while keeping your business data protected. It integrates with other services, including Microsoft 365 and Azure Active Directory (Azure AD) to control who has access, and what they have access to, and Azure Information Protection for data protection. When you use it with Microsoft 365, you can enable your workforce to be productive on all their devices, while keeping your organisation’s information protected.
With Intune, you can:
- Choose to be 100% cloud with Intune, or be co-managed with Configuration Manager and Intune.
- Set rules and configure settings on personal and organisation-owned devices to access data and networks.
- Deploy and authenticate apps on devices – on-premises and mobile.
- Protect your company information by controlling the way users access and share information.
- Be sure devices and apps are compliant with your security requirements.
When devices are enrolled and managed in Intune, administrators can:
- See all enrolled and get an inventory of devices accessing organisation resources.
- Configure devices so they meet your security standards. For example, you probably want to block jailbroken devices.
- Push certificates to devices so users can easily access your Wi-Fi network, or use a VPN to connect to your network.
- See reports on users and devices that are compliant, and not compliant.
- Remove organisation data if a device is lost, stolen, or not used anymore.
When apps are managed in Intune, administrators can:
- Add and assign mobile apps to user groups and devices, including users in specific groups, devices in specific groups, and more.
- Configure apps to start or run with specific settings enabled, and update existing apps already on the device.
- See reports on which apps are used, and track their usage.
- Do a selective wipe by removing only organization data from apps.
One way that Intune provides mobile app security is through app protection policies. App protection policies:
- Use Azure AD identity to isolate organization data from personal data. So personal information is isolated from organizational IT awareness. Data accessed using organization credentials are given additional security protection.
- Help secure access on personal devices by restricting actions users can take, such as copy-and-paste, save, and view.
- Can be created and deployed on devices that are enrolled in Intune, enrolled in another MDM service, or not enrolled in any MDM service. On enrolled devices, app protection policies can add an extra layer of protection.
Compliance and conditional access
Intune integrates with Azure AD to enable a broad set of access control scenarios. For example, require mobile devices be compliant with organization standards defined in Intune before accessing network resources, such as email or SharePoint. Likewise, you can lock down services so they’re only available to a specific set of mobile apps. For example, you can lock down Exchange Online so it’s only accessed by Outlook or Outlook Mobile.