Demystifying Microsoft Intune: The Ultimate Guide

Microsoft Intune is a cloud-based service provided by Microsoft that allows organizations to manage and secure their devices and applications. It offers mobile device management (MDM), mobile application management (MAM), and PC management capabilities, enabling administrators to control and protect corporate data on various devices such as smartphones, tablets, and computers.

Learn Microsoft Intune with our free course on YouTube channel.

What is Microsoft Intune

If we go by definition, Microsoft Intune is a cloud-based endpoint management solution that provides Mobile Device Management (MDM) and Mobile Application Management (MAM) capabilities. With the help of Microsoft Intune, you can manage the devices, and you can control the working of those devices.

Let’s consider one example and let’s understand, what exactly Microsoft Intune is.

Let’s assume we have an organization where we have multiple employees and they are using devices to access company’s resources. These devices can be company-owned devices (devices those are owned by the organization) or these devices can be personal devices, (devices those are owned by the user itself). These devices can be Windows devices, android devices, IOS or iPad, or even MAC devices.

With the help of Microsoft Intune, you enroll these devices. When i say enroll a device, it is like registering a device to Microsoft Intune. And once a device is enrolled, you can apply configuration policies to these devices. With the help of configuration policies, you can control network settings of the device, you can control display settings, or the printer settings, and much more.

You can apply compliance policies on the devices. With the help of compliance policy, you can make sure that the device is compliant to your organization’s security requirements. You can install applications on these devices from Microsoft Intune itself. You don’t have to login to the machine every time to install the applications. You can even remove an application from the device. Or you can wipe the data from the device (when a device is no longer in use). With the help of app protection policies, you can further secure the applications those are deployed on the devices.

what is microsoft intune

So in nutshell, using Microsoft Intune you can manage the devices, you can install applications on the devices, and you can control the working of the devices.

Microsoft Intune features and benefits

  1. With the help of Microsoft Intune you can manage company-owned devices as well as personally-owned devices (BYOD). Personally owned devices are also called BYOD or (Bring your own device). These devices can be Windows devices, IOS or IPAD, Android Devices, or MAC devices.
  2. Using Microsoft Intune you can deploy the applications on the devices. You can update the applications to make sure the applications on your devices are using the latest version. You can even remove the applications from the devices when these are no longer required.
  3. Using Intune you can make sure the organization data is protected, and is isolated from the personal data on the personal devices.
  4. With the help of Microsoft Intune, you can deploy application policies, security policies, configuration policies and conditional access policies. You can apply these policies to the groups or the devices, and these devices can automatically fetch these settings from Microsoft Intune. These devices just need an internet connection.
  5. Microsoft Intune helps Administrators to make sure that the devices are compliant with your organization’s security requirements.
  6. With the help of reports you can see the users and devices those are accessing your organization resources.
  7. With the help of Wipe option in Intune, you can restore a device to the factory default settings. And using Retire option, you can remove managed applications, settings, and email profiles those were assigned using Intune.

Operating Systems supported by Microsoft Intune.

Intune supports Android, Apple (iOS or iPad), Linux, MAC OS, Windows, and Chrome OS.

Android devices: If you are using Android devices, you can enroll devices those are using 8.0 and later version. You can enroll and manage Android Enterprise devices, and Android open source project devices.

Apple (IOS/iPad): If your users are using iOS or iPad, they can enroll devices if they are running on Apple iOS 14.0 and later, and same goes for iPAD.

Linux: In case of Linux, your devices should be running on Ubuntu Desktop 22.04 or 22.04.1 version.

MAC OS: If you are using MAC OS devices, these devices should be running on MAC OS 11.0 and later.

Windows: And in case of Windows Operating system, you can enroll Windows 10, Windows 11, Windows 8.1, Windows 8.1 RT, Surface Hub, you can enroll Cloud PCs running on Windows 10 and Windows 11, Windows 10 IOT Enterprise, and Windows Holographic for Business.

Microsoft Intune architecture.

Now that you have basic understanding of Microsoft Intune, so let’s deep dive and understand the architecture of Microsoft Intune.

This is Microsoft Intune high-level architecture. At the background you can see Microsoft Azure. Because Microsoft Intune is designed on top of Microsoft Azure.

microsoft intune architecture

On the right you can see Azure Active Directory where you manage the users and groups, you register or join the devices, and you apply conditional access policies. Every task that you perform in Microsoft Intune, in background these tasks are performed in Azure Active Directory.

For example, when you say I want to enroll a device with Microsoft Intune. So you actually Register that device with Azure Active Directory. Depending on the type of device a user is using (like, if you are using a personal device or a company-owned device), you register or join that device with Azure Active Directory. If your device is joined with on-premise Active Directory, then you Hybrid Join that device with Azure AD. And when you register or join, or you hybrid join a device, you use Azure Active Directory credentials (that has Microsoft Intune license assigned). And once these devices are registered or joined with Azure AD, these devices get automatically enrolled with Microsoft Intune.

So everything that you do within Microsoft Intune portal (Microsoft Endpoint Manager), at the backend these tasks are performed in Azure Active Directory.

Next, in this architecture you have Microsoft Intune, where you manage your devices, you enroll devices, you deploy applications on the devices, apply compliance policies, and protect devices and the applications.

You can install Office 365 applications, or the applications from the Apple Store, google play store, or Microsoft store.

And, at the bottom left of the architecture, you can see Endpoint Manager console. Microsoft Endpoint Manager is a web console (or Admin Center) from where you manage Microsoft Intune. You can also say that Microsoft Intune is a part of Microsoft Endpoint Manager.

Conclusion.

Microsoft Intune is a cloud-based endpoint management solution that provides MDM and MAM capabilities.

Using Microsoft Intune, you can enroll devices, you can force configuration profiles on the devices to manage device settings, you can apply compliance policies on the devices to make sure that devices are complaint to organization’s security requirements. You can install applications on devices, you can protect the applications using app protection policies and you can retire a device or wipe the data from the device using Microsoft Intune.

In the next article we will discuss what is MDM and MAM and we will talk about device lifecycle and app life cycle.

Further resources

We also welcome you to browse through our other blog posts on Exchange mail flow:
What is SPF record and how does it work
How to setup SPF record in Office 365
What is DKIM record
What is DMARC record
What is MX (mail exchange) record

Happy Learning!!