Greetings, I hope you all doing well, this is our first blog on Intune and the entire series related to Microsoft Intune will be coming soon.
After reading this blog, you will get a fair understanding of what is Microsoft Intune.
Some of the standard terms that you guys might have read are that Intune is Microsoft's MDM Solution.
MDM here stands for mobile device management, and you guys might have also heard that Intune is Microsoft's MAM solution which is mobile application management.
So that's the only reason why we are also going to talk about what is device management and what is application management, now before we go ahead and learn what exactly Microsoft Intune is.
Let’s talk about an ideal scenario about an organization
Wherein user is using a device that has been provided by you that means it has actually managed by your IT team so when it comes to configuring Security, data loss protection anything and everything you have the full control on this particular device and you can set N number of policies so that the corporate data remains protected over and above,
If you need more security you can configure policies that will say your device is a compliant or non-compliant device. After the Intune blog, we can assure you that you will have a fair understanding of what is a compliant and non-compliant device.
Just a short overview, when a device is adhering to all the policies in terms of security, data sharing that you have configured then that particular device is named as compliant. If a device is not adhering to the policies or the settings which you have configured then it is called a non-compliant device.
As stated in the above figure, where everything is managed by IT on a particular device. The application which user is accessing would remain secure everything will stay secure, but the fact is that let's think of a different situation now wherein the user is using a personal device
e.g. a personal Smartphone also can be managed using Microsoft Intune. How?
Microsoft Intune will help you to manage this particular device which does not belongs to your enterprise and which actually leads the concepts of Bring Your Own Device (BYOD) that means you are giving your user the privilege to use their own personal device, but being an admin you are also protecting and securing the information that will be accessed by a user on a personal device.
the common term that you guys might have heard about Microsoft Intune and the part of Microsoft Intune service which will help you to manage application is called mobile application management MAM and Intune service which will help you manage device is called Mobile device management
so now if we talk about a proper definition of what Microsoft Intune is Microsoft Intune is a service offered by Microsoft which will help you to manage devices as well as application on those particular devices by keeping the data protected and secured .
MDM and MAM are the two components which actually belong to Microsoft Intune and now let's talk about more about device management, the device management is something wherein you're going to create policies which will configure different settings or do some checks on upon the particular device to know whether those particular devices are actually complying the policies that you have created or not, and the best part is that this is something which works on the protocols or API's that are available in mobile operating system
A small example, if you don't want your user to change the wallpaper or in common word you need to change the configuration or restrict a user device to do it.
But this change can only be done in IOS as this feature is only available in IOS and not on Android, that means what if your mobile does not allow the wallpaper to be changed by an external service or by a different service apart from its own operating system instance then that feature might not be available.
This is where protocols or APIs that are available in the mobile operating system comes into the picture ( parameter on which the device management of Intune works ).
When users enroll more than one devices by using Microsoft Intune, then will have a better inventory data. That means you will get information on how many enroll devices of a particular user and its inventory data reports, Microsoft Intune reporting is not limited to what you see on the portal you have a full integration available with the Power BI.
Since you are defining the policies to meet the company security and health standards you will also get the status of a device whether it is compliant or not. With Microsoft Intune, you can actually push certificates for Wi-Fi VPN profiles so that the users can access a particular service, and again one more very good feature is the power to actually remove the corporate data from the manage devices.
We have talked enough about Mobile Device Management (MDM), let's now discuss Mobile Application Management (MAM).
MAM will help you to assign mobile apps to your employees where the user will launch a company portal app that's been used by Intune and click on the shortcut icon of applications to install it on that particular device which they are using. You can also configure apps with standard settings that we'll remain the same all across enterprise, also can control how the corporate data is being used and shared in mobile apps
To understand more on MAM, we have sent an email that's a confidential to one of my peer and my enterprise has configured a setting wherein the user has to use Outlook app and it's only the outlook app with which you can access that particular attachment or that particular email then you will not be able to save that file locally on the mobile device. This means we can also configure data protection or data sharing when it comes to the corporate information that belongs to your tenant or that belongs to your enterprise.
Since the information is being saved in two different containers when it comes to segregated the personal information that belongs to the user and the corporate information belongs to a user. Then you will be able to wipe the data from mobile apps specifically.
In two ways you can wipe the data:-
Full wipe: Data will be wiped forever and cannot be restored
Selective wipe: Only corporate data will be removed
Since it's cloud service, you will also have reporting for this, which means you can narrow down which application is actually being provisioned for which particular user on which particular device. the three entities device application and user you can create custom reports.
As I mentioned before with the Power BI, the desktop app itself and apart from that you will get ample information on the portal itself and help you to track the mobile app usage.
Let's Summarize we have talked about
- What is Microsoft Intune?
- What is MDM?
- What is MAM?
This was all about Microsoft Intune, as mentioned I will be creating a series of blogs for MDM and MAM
What will be the next blog?
Next blog will be on
- About setting up Intune?
- How you can set up Intune in Portal?
- What are the license requirements?
- How you can go ahead and check different pricing that is available for Intune service
If you guys feel like giving feedback please add to comments please, we are new and we are here to learn better day by day. We will try to create coming blogs at best. Thanks for your time and have a great day ahead.