Microsoft Intune from A to Z – Overview

By | December 13, 2017

The following guides and articles will described the Microsoft Intune, features benefits and how to configure and deploy the important features for Mobile devices.
This specific article focused on Microsoft Intune Overview and the mobile world.


”Project Rome makes Microsoft Cloud the OS for everything”.
Windows Device is no longer the only OS for personal computing, iOS and Android has a large market share.
Windows PCs remain Microsoft in a personal computing space that now has a mobile component dominated by non-Windows platforms and devices. Microsoft leverage “Windows as a platform” to embrace these devices and Project Rome is Microsoft’s strategy to use Microsoft Cloud to
create a personal platform- and device-agnostic OS that enables seamless user and app experiences across all devices and platforms.
Based on project Rome we understood that the main system or service that we need is the MDM\EMM solutions to allow management and security for all devices.

EMM, MDM, MAM and Device Security

If you ask System Admin what is the differences between MDM, MAM, UEM and EMM you probably you won’t get a conclusive answer and the result is bad because companies don’t know what the requirements for Mobile solutions.
In a short the for all acronym:
MDM – Mobile Device Management allows to enroll an employee  mobile phone, tablet or other device and then track, manage and secure it through a profile specific to that employee and their tasks.
EMM – Enterprise Mobility Management is a comprehensive, hardware method of remotely managing devices, including configuration and the enterprise content generated on them with MDM and MAM.
MAM – Mobile Application Management allow to control access to business applications and the content associated with them without controlling the entire physical device.
UEM – Unified Endpoint Management allow to remotely provision, control and secure everything from mobile, tablets, laptops, desktops and IoT devices.

You must remember that on all of these capabilities comes a layer of cyber that need to provide solution for advanced attack and prevention.

So what your preferred in your company?
The difference between these solutions and technologies may come down to degrees of control, but deploying the wrong strategy can cause security breach, cost companies and kill employee and admins morale.

The conclusion is that Enterprise mobility management tools are evolving far past their mobile device management roots. New features include better analytics, integration with Azure, Office 365, mobile identity management — and preparing for the internet of things.
So as I mentioned before it will be based on Microsoft Cloud,  Mobile Identity and analytics!

What is Microsoft Intune

Microsoft Intune is a cloud-based service in the EMM space that helps enable your workforce to be productive while keeping your corporate data protected. With Intune, you can perform the following actions:

Manage the mobile devices your workforce uses to access company data
Manage the mobile apps your workforce uses
Protect your company information by helping to control the way your workforce accesses and shares it
Ensure devices and apps are compliant with company security requirements

Intune is the component of Enterprise Mobility + Security that manages mobile devices and apps. It integrates closely with other EMS components like Azure AD for identity and access control and Azure Information Protection for data protection. When you use it with Office 365, you can enable your workforce to be productive on all their devices, while keeping your organization’s information protected.

Image result for microsoft intune architecture

Microsoft Intune benefits and problem solved

When we’re looking into mobile solutions we need to know what our requirements and issues that need to solve and after that to choose the compatible solutions.
Microsoft Intune have many features and capabilities and advantages because the Microsoft Cloud.

The benefits of Microsoft Intune

Choice of Device – With Microsoft Intune you can provide employees with the ability to register, enroll, and manage their devices as well as install corporate applications from the self-service Company Portal – all from the devices of their choice.

Management of Office mobile apps – With Microsoft Intune you can increase the Mobile productivity for your employees with access to corporate resources on Office mobile apps they know and love.

Data Protection – Secure corporate data, including Exchange email, Outlook email, and OneDrive for Business documents, based on the enrollment status of the device and the compliance policies set by the administrator.

No need to maintain Infrastructure – Eliminate the need to plan, purchase, and maintain hardware and infrastructure by managing mobile devices from the cloud with Intune.

Integration with Enterprise – Extend your existing System Center Configuration Manager infrastructure through integration with Intune to provide a consistent management experience across devices on-premises and in the cloud.

Flexible Licensing – Spend less time counting devices with per-user licensing for Intune. Intune is also included as part of the Enterprise Mobility Suite, the most cost-effective way to acquire Intune, Azure Active Directory Premium, and Azure Rights Management.

Common Business problems that Microsoft Intune helps solve

1. Protect your on-premises email and data so that it can be accessed by mobile devices
Protect your Office 365 mail and data so that it can be safely accessed by mobile devices
Issue corporate-owned phones to your workforce
Offer a bring-your-own-device (BYOD) or personal device program to all employees
Enable your employees to securely access Office 365 from an unmanaged public kiosk
Issue limited-use shared tablets to your task workers

Microsoft Intune is unified device management that allow you to use the Cloud, On-Premises and bring management capabilities for PC, Mobile devices, mobile application and provide to users access to corporate resources and keep the data secure.

From the Field

One of the big features in Microsoft Intune is the integration with the Azure and specially the Azure AD with Conditional Access, from example:

When a user requests access to an Cloud service from a supported device platform, Azure AD authenticates the user and the device. Azure AD grants access to the service only if the user conforms to the policy set for the service. Users on devices that are not enrolled are given instructions on how to enroll and become compliant to access Cloud services. Users on iOS and Android devices are required to enroll their devices by using the Intune Company Portal application. When a user enrolls a device, the device is registered with Azure AD and it’s enrolled for device management and compliance. You must use the Azure AD device registration service with Microsoft Intune for mobile device management for Office 365 services. Device enrollment is required for users to access Cloud services when device policies are enforced.


When a user successfully enrolls a device, the device becomes trusted. Azure AD gives the authenticated user single sign-on access to company applications. Azure AD enforces a conditional access policy to grant access to a service not only the first time the user requests access, but every time the user renews a request for access. The user is denied access to services when sign-in credentials are changed, the device is lost or stolen, or the conditions of the policy are not met at the time of request for renewal.

More Information

(Visited 76 times, 1 visits today)

2 thoughts on “Microsoft Intune from A to Z – Overview

  1. Pingback: Microsoft Intune from A to Z – Process of Activation - Eli Shlomo Blog

Comments are closed.