Microsoft Intune is a family of products and services that helps businesses manage and maintain all their devices, regardless of whether it’s a physical device, or a cloud-connected device endpoint.
The Intune family includes:
• Microsoft Intune
• Configuration Manager and co-management
• Endpoint analytics
• Windows Autopilot
• Intune admin center
• Intune Suite
Microsoft Intune provides a holistic management experience while adding new functionality and in- telligent actions, such as anomaly detection in Advanced Endpoint Analytics and remediation scripts that can proactively resolve end user issues before they see an issue – without any complex migration or disruption of productivity.
It provides several assets to aid your transition to modern management while also increasing customers’ security and helping them move to the cloud. Microsoft Intune also includes management capabilities for different endpoints. To summarize:
1. Windows
2. Android
3. Linux
4. macOS
5. iPadOS
The figure below explains all the management features Microsoft Intune delivers:
Figure : Microsoft Intune – service portfolio
Microsoft Intune helps you manage physical and Cloud PC endpoints, laptops, tablets, and other mobile devices, including iOS, Android, and macOS devices.
Microsoft Intune is built on Entra ID (formally known as Azure Active Directory) as the identity store for users and user/device groups; this also means that Intune relies 100% on Entra ID. It replaces the traditional Active Directory, includes hybrid identity capabilities, and can also integrate with local management infrastructures such as Configuration Manager via Kerberos.
Intune is applicable for devices that don’t fall in the management scope of Group Policy, such as mobile phones, devices that are not Active Directory Domain Services (AD DS) domain members, or Windows 11 devices that are joined to Entra ID:
Figure : Microsoft Intune – admin center
With Microsoft Intune, you can achieve the following:
• Let your organization’s employees use their physical and Cloud PC endpoint devices to access organizational data (commonly known as Bring Your Own Device (BYOD)).
• Manage organization-owned phones.
• Control access to Microsoft 365 from unmanaged devices, such as public kiosks and mobile devices.
• Help ensure that devices and apps that do connect to corporate data comply with security policies.
For example, when a user attempts to open one of their Line-of-Business (LOB) apps on their phone or Windows endpoint, Microsoft 365 checks with Entra ID to authenticate the user and verify whether that user can access the data from that app on that device. The granting of access depends on the following:
• Conditional Access policies defined within Entra ID
• Whether the app on that device complies with app configuration and data protection policies (Intune will confirm this for Entra ID)
If the device and app are both compliant with all applicable policies, Entra ID tells Microsoft 365 that the data can be accessed.
Thant Zin Phyo@Cracky (MCT, MCE, MVP)
No comments:
Post a Comment