Originally posted at Lucian.Blog.
Having worked with Microsoft Intune a fair bit recently, in some clever ways like to extended System Centre Configuration Manager to the cloud for multi-factor authentication purposes, I’ve come to find Intune quite handy. In most ways it can be considered SCCM in the cloud which isn’t necessarily a bad thing.
In this post I’d like to quick fire off a whole bunch of handy Intune facts, figures and maybe other f-words for commonly asked questions I’ve been asked about the product suite…
What
- Microsoft Intune is a cloud based PC + mobile device management and security service.
- Available as a stand alone service or included in Office 365 subscriptions.
- There is no on-premises variant with the service being SaaS only
- Agents are deployed to devices which can be managed through the cloud based web portal
- There are 3 main web portals that are used with Intune
- Account Portal
- A central console or tenant that has all the device, user, license and administrative information. Think of this as similar to your Office 365 admin console.
- Admin Console
- A service specific administrative console where all policies and processes can be created and assigned to devices.
- Company Portal
- A company specific custom portal that users can access via the web or mirrored in the Company Portal app for Windows 8x, Windows Phone 8x, Android and iOS.
- Users can view their managed devices and company published applications that can be deployed to their devices.
- Account Portal
When
- Microsoft Intune, originally Microsoft Windows Intune was first publicly announced in July 2011.
- Since the initial launch the product has matured and moved ever closer to being a part of the Office 365 product suite.
- Initially the product only supported Windows workstation and server workloads, though now the platform compatibility has stretched across additional mobile platforms, and it is ever growing.
Where
- Microsoft Intune information home page
- Microsoft Intune Account Portal
- Microsoft Intune Admin Console
- Microsoft Intune Company Portal
- Exact URL dependent on your tenant
- Microsoft Intune licensing PDF download – direct from Microsoft
- Getting started with Microsoft Intune: walk-through guide
Why
- Device choice
- Users have the ability to register, enroll and manage their own device
- Install corporate apps from the self-service Company Portal
- Work apps are separate to personal apps on the device
- Various OS platforms available which provides a very wide range for device choice
- Data protection
- Secure corporate data through polices and settings pushed out from the Admin Console
- Secure Exchange email, OneDrive for Business documents
- Remote wipe device or specific apps, settings
- Enterprise integration
- Extend SCCM to the cloud through integration with Intune
- However- bear in mind when this is configured, SCCM takes over and all management is handled in SCCM and NOT in Intune!!! -IMPORTANT
- If SCCM is going to remain on-premises for some time, Intune provides a great way to extend SCCM to be able to manage mobile devices, while keeping existing policies and configurations intact, even applying those to mobile or external devices
- No infrastructure required
- Being a SaaS service, there is no on-premises infrastructure required to use only Intune.
- If you want to leverage SCCM and extend that, then that’s a different story and the on-premises SCCM infrastructure needs to remain indefinitely
- 3 licensing tiers
- Flexible licensing to be able to leverage what makes sense
- Intune license > access to Intune service and all its features
- Intune with SA > evergreen Intune that will see updates applied to the tenant forever
- Intune + SCCM > extend SCCM to the cloud
- Flexible licensing to be able to leverage what makes sense
- Windows targeted MDM
- Functionality build into Windows workstation OS, Workplace Join and via downloaded Company Portal app, that is focused on Windows workstation device management first, and additional platforms second
How
- How to provision an Intune tenant / subscription
- Anyone can sign up for a free trial of Intune
- No linked to any Office 365 or Azure tenant, a new service can be signed up for in 5 minutes
- Click here to sign up for Microsoft Intune
- If you’re now happy with the service, you can upgrade to a full tenant by:
- Go to Intune Account Portal
- Click Purchases
- Click Buy Now
- On the Customize your purchase, complete purchase and upgrade to a licensed tenant
- How to allow for single sign on with Intune
- Intune can be considered the same configuration as Office 365 and Azure for SSO
- The ‘back end’ relies on Azure AD
- To leverage SSO for a complete federated identify with common credentials and passwords:
- Deploy AADSync
- Deploy ADFSv3 + ADFS WAP
- Configure services and tenant
- More details to come in another blog post
- How to join a device to Intune to be managed: cloud vs hybrid
- There are two main ways to join a device to Intune
- The first option for management is through the Intune agent
- In the Intune Administration Console
- Go to Admin
- Go to Client Software Download
- You can now download Microsoft_Intune_Setup.exe which will deploy the complete Intune agent on the desired machine for management
- The second option for management is through workplace join and the Company Portal app
- Again in MFA in Office 365 using Intune Part 5 I explained how to complete a Workplace Join
- From here, the next step is getting the Company Portal app
- The Company Portal app is available for iOS, Android, Windows Phone and Windows 8x
- When you launch the app and sign in, with all the correct config it will find your tenant
- From there enroll the device for management, though this wont install an Intune Agent
- Rather the app will essentially be the agent and all config “passes through” the app
- How to deploy an SSL certificate to a mobile device via Intune and SCCM > to be used for MFA
- I’ve written an extensive series on how to do this on this blog
- Check out these posts:
Although a blog post not in a chronological order in terms of Intune, I hope you enjoyed the overview information that should be useful for any pre-sales or design docs where quick info on Intune as a whole is necessary.
Thank you
Originally posted at Lucian.Blog.