Originally posted at Lucian.Blog.


Having worked with Microsoft Intune a fair bit recently, in some clever ways like to extended System Centre Configuration Manager to the cloud for multi-factor authentication purposes, I’ve come to find Intune quite handy. In most ways it can be considered SCCM in the cloud which isn’t necessarily a bad thing.

In this post I’d like to quick fire off a whole bunch of handy Intune facts, figures and maybe other f-words for commonly asked questions I’ve been asked about the product suite…

What

  • Microsoft Intune is a cloud based PC + mobile device management and security service.
  • Available as a stand alone service or included in Office 365 subscriptions.
  • There is no on-premises variant with the service being SaaS only
  • Agents are deployed to devices which can be managed through the cloud based web portal
  • There are 3 main web portals that are used with Intune
    • Account Portal
      • A central console or tenant that has all the device, user, license and administrative information. Think of this as similar to your Office 365 admin console.
    • Admin Console
      • A service specific administrative console where all policies and processes can be created and assigned to devices.
    • Company Portal
      • A company specific custom portal that users can access via the web or mirrored in the Company Portal app for Windows 8x, Windows Phone 8x, Android and iOS.
      • Users can view their managed devices and company published applications that can be deployed to their devices.

When

  • Microsoft Intune, originally Microsoft Windows Intune was first publicly announced in July 2011.
  • Since the initial launch the product has matured and moved ever closer to being a part of the Office 365 product suite.
  • Initially the product only supported Windows workstation and server workloads, though now the platform compatibility has stretched across additional mobile platforms, and it is ever growing.

Where

Why

  •  Device choice
    • Users have the ability to register, enroll and manage their own device
    • Install corporate apps from the self-service Company Portal
    • Work apps are separate to personal apps on the device
    • Various OS platforms available which provides a very wide range for device choice
  • Data protection
    • Secure corporate data through polices and settings pushed out from the Admin Console
    • Secure Exchange email, OneDrive for Business documents
    • Remote wipe device or specific apps, settings
  • Enterprise integration
    • Extend SCCM to the cloud through integration with Intune
    • However- bear in mind when this is configured, SCCM takes over and all management is handled in SCCM and NOT in Intune!!! -IMPORTANT
    • If SCCM is going to remain on-premises for some time, Intune provides a great way to extend SCCM to be able to manage mobile devices, while keeping existing policies and configurations intact, even applying those to mobile or external devices
  • No infrastructure required
    • Being a SaaS service, there is no on-premises infrastructure required to use only Intune.
    • If you want to leverage SCCM and extend that, then that’s a different story and the on-premises SCCM infrastructure needs to remain indefinitely
  • 3 licensing tiers
    • Flexible licensing to be able to leverage what makes sense
      • Intune license > access to Intune service and all its features
      • Intune with SA > evergreen Intune that will see updates applied to the tenant forever
      • Intune + SCCM > extend SCCM to the cloud
  • Windows targeted MDM
    • Functionality build into Windows workstation OS, Workplace Join and via downloaded Company Portal app, that is focused on Windows workstation device management first, and additional platforms second

How

  • How to  provision an Intune tenant / subscription
    • Anyone can sign up for a free trial of Intune
    • No linked to any Office 365 or Azure tenant, a new service can be signed up for in 5 minutes
    • Click here to sign up for Microsoft Intune
    • If you’re now happy with the service, you can upgrade to a full tenant by:
    • Go to Intune Account Portal
    • Click Purchases
    • Click Buy Now
    • On the Customize your purchase, complete purchase and upgrade to a licensed tenant
  • How to allow for single sign on with Intune
    • Intune can be considered the same configuration as Office 365 and Azure for SSO
    • The ‘back end’ relies on Azure AD
    • To leverage SSO for a complete federated identify with common credentials and passwords:
      • Deploy AADSync
      • Deploy ADFSv3 + ADFS WAP
      • Configure services and tenant
      • More details to come in another blog post
  • How to join a device to Intune to be managed: cloud vs hybrid
    • There are two main ways to join a device to Intune
    • The first option for management is through the Intune agent
      • In the Intune Administration Console
      • Go to Admin
      • Go to Client Software Download
      • You can now download Microsoft_Intune_Setup.exe which will deploy the complete Intune agent on the desired machine for management
    • The second option for management is through workplace join and the Company Portal app
      • Again in MFA in Office 365 using Intune Part 5 I explained how to complete a Workplace Join
      • From here, the next step is getting the Company Portal app
      • The Company Portal app is available for iOS, Android, Windows Phone and Windows 8x
      • When you launch the app and sign in, with all the correct config it will find your tenant
      • From there enroll the device for management, though this wont install an Intune Agent
        • Rather the app will essentially be the agent and all config “passes through” the app
  • How to deploy an SSL certificate to a mobile device via Intune and SCCM > to be used for MFA

 

Although a blog post not in a chronological order in terms of Intune, I hope you enjoyed the overview information that should be useful for any pre-sales or design docs where quick info on Intune as a whole is necessary.

Thank you


Originally posted at Lucian.Blog.

Category:
Communication and Collaboration, Identity and Access Management, Office 365
Tags:
,