Let's kick this blog off with... So What's Intune?

If you recognize the term Intune then you're probably not new to the Microsoft Cloud Experience. Now if you're more familiar with the term Microsoft Endpoint Manager...! 

No, let's just stick to Intune for now. That is because Microsoft has a pretty awesome piece of Mobile Device Management (MDM) tech that it uses to manage an organizations' device inventory (Windows endpoints, servers, mobile devices etc.) but sometimes struggles with nomenclature standardization. By sometimes, I mean a lot. At some point in the future, I intend to look at the history of Microsofts' entry into cloud technology starting with the launch of Azure back in 2008. This will include various name changes in its' tech like Defender*, Endpoint*, Azure*, etc. 

But I'm getting a bit ahead of myself. Probably because I have a lot of thoughts, and reflections, and annoyances, and nerd praise, etc. I can't wait to get off my chest.

Because at the end of the day - I genuinely really do love working as a specialist in the Microsoft cloud stack and really do feel that they have been doing a pretty good job at most things. Besides, if Microsoft did their job too perfectly, it would put consultants like me out of a job 😉.

1. What is Intune?
Intune is a cloud service in the enterprise mobility management space that keeps your workforce productive while protecting your corporate data. This solution is integrated into the Microsoft Endpoint Manager solution just like SCCM.

Microsoft Endpoint Manager Intune offers options for managing mobile devices. This management platform can be used to manage Windows 10, Android, iOS and macOS devices. Intune is part of the Microsoft cloud and offers the possibility to, for example: Package and deploy applications in Microsoft Endpoint manager; Set the background and lock screen; Export Intune policies from tenant to tenant; Reset devices; Office 365 ProPlus to deploy.

With Intune, you can:
  • Manage Android or iOS mobile devices and Windows 10 PCs that your staff uses to access company data.
  • Manage the mobile apps your staff uses.
  • Protect your company's information by controlling how your staff accesses and shares it.
  • Verify that devices and applications comply with company security requirements.

Intune is the component of the Enterprise Mobility + Security (EMS) solution that manages mobile apps and devices. Intune integrates tightly with other EMS components such as Azure Active Directory (Azure AD) for identity and access control, and Azure Information Protection for data protection. When you use it with Microsoft 365, you can enable your workforce to be productive across all devices, while protecting your organization's information. With Intune, you are able to:
  • Choose to be 100% cloud with Intune, or be co-managed with Configuration Manager and Intune. Your ConfigMgr client licenses are included with Intune.
  • Set rules and configure settings on personal and organization-owned devices to access data and networks.
  • Deploy and authenticate apps on devices – on-premises and mobile.
  • Protect your company's information by controlling how users access and share information.
  • Ensure that devices and applications comply with your security requirements.
  • Provide support for personal devices or a BYOD policy
  • Control features and settings on Android, Android Enterprise, iOS/iPadOS, macOS, and Windows 10 devices
  • Use Autopilot to onboard new Windows 10 devices

2. Automatically deploy computers with Intune
Windows Autopilot is a set of technologies for deploying new devices, resetting or completely wiping older devices whether due to the device being provisioned to a new user or theft. If your organization is mainly a Microsoft focused venture and if you already leverage licenses for Office365, Intune is an excellent tool for managing your devices.

Autopilot gives your organization the ability to Once the device has been deployed through Autopilot, it can be seamlessly plugged into Microsoft 365. Automatically add devices in Azure AD or Hybrid AD. Intune MDM / enrollment so that you can manage it remotely. 

Microsoft markets autopilot as being a “white glove” “zero touch” experience. But is it? Not entirely. Barely partly, to be honest. If you buy your devices wholesale from e.g. Dell, HPE, Lenovo, etc. you can request that the devices hashes and serial numbers are added to your organizations tenants. This means that when you enroll the devices, that they already starting “calling home” straight from the OOBE experience. 

So, granted that you have already configured an appropriate autopilot configuration profile, your devices will be viewable within autopilot; Intune; and within Azure Active Directory. 

Is it really “zero-touch” though? No. Not at all. Non-autopiloted devices can be enrolled by simply allowing a user with the appropriate license (E3, E5, E+MS, etc.) to login. The problem with this is that the user will by default be added as a local administrator. This can be circumnavigated via creating the appropriate policies but can be more elegantly prevented by utilizing autopilot. 

But ultimately the Intune/Autopilot ecosystem allows far better automation (Full life cycle management) and Users can be added in Intune when requesting a new device. The device goes directly to the user. Self-service (in theory) allows the user to help themselves.

3. Sign-off
That wraps it up for my initial portray into tech blogging. Not gonna lie. it'll probably be a bumpy road but like I wrote above, once I get some of the kinks out of my rudimentary writing style, I'm going to get into some reallly cool stuff. 

Stuff like:
  • Security Baselines - what are they and why should I care?
  • Hold on... what are simplified security profiles?
  • Intune Device Configurations? 
  • What the heck is an OMA-URI??
  • Hold up.. you can use ADMX templates in the cloud??
  • Automating security template designs
  • Discovering Defender for Endpoint on Linux
  • Defender on macOS too?
  • On-Premise Microsoft Monitoring Agent (MMA) and Defender ATP
  • How to leverage MMA/ATP in Defender for Endpoint

And a bunch of other ideas for blog posts, guides, tutorials and more that I have scribbled down in an ever growing .txt 

See you soon!