Microsoft 365 Header

Mastering Endpoint Security with Microsoft Intune

Written by Paul Schnackenburg / 15.03.2024 /
Home » Blog » Mastering Endpoint Security with Microsoft Intune

M365 E3 and E5 brings you Microsoft Intune, Microsoft’s mobile device management (MDM) cloud service. In this article we’ll look at how it can help you manage devices and PCs, mobile apps, protect company data, and enforce security policies.

There used to be an on-premises product called System Center Configuration Manager (SCCM), now called Microsoft Configuration Manager, which you can integrate tightly with Intune.

There used to be a requirement that Intune administrators were licensed for Intune but this is no longer the case. Endpoint analytics is an interesting part of Intune, using signals from your devices to pinpoint problematic or slow PCs, it’s part of the overall Adoption score.

If you have Windows 10/11 devices that serve specific functions (on a factory floor, at a nurses station in a hospital for example), you can use Cloud Configuration to easily manage them entirely using Intune, with scripted, baseline configuration settings.

Mobile Device Management

There are a couple of ways you can use Intune, if you have devices (smartphones, tablets, laptops) that are company owned you can enroll them in Intune.

This gives you a great deal of control over the device, including the ability to manage settings, apps and the option to wipe the device should it be lost or stolen.

You can also use Intune to manage OS updates for Windows devices, push out applications to devices, configure Wi-Fi profiles and deploy certificates as well as block iOS jailbroken and rooted Android devices.

If the device is a personal device, owned by the employee, they may not be comfortable with enrolling the device so you can use Mobile Application Management (MAM) for those devices.

Mobile Application Management

This less intrusive approach lets you create app protection policies (APP) across specific applications, with email being the classic example.

Users want to access business email on their personal smartphone so you put policies around it where they can only use Outlook (free mobile app for Android and iOS), not the built-in mail apps and you can further protect corporate data so that a user can’t copy business data to a non-business app (personal email app etc.).

If the device is lost or stolen, you can wipe the corporate data off it while leaving personal photos etc. untouched.

Picking between MDM and MAM is going to depend on many factors such as your userbase, your employment contracts, business and security needs and more; make sure you spend some time in the planning phase to get it right.

Another part of managing mobile applications might be to connect them back to on-premises resources securely, Microsoft now offers their own VPN for iOS and Android called Tunnel – and it’s integrated into the Microsoft Defender for Endpoint.

Microsoft Configuration Manager

If you have deployed MCM on-premises to manage your servers and traditional client PCs you can integrate Intune into your management flow through Co-management to leverage the best of both worlds and prepare your environment for a gradual migration to cloud management.

Don’t confuse this with Hybrid MDM which is the older, deprecated approach to marrying SCCM and Intune.

Intune Suite

In true Microsoft fashion there are add-ons for Intune that you may want to consider for your business, if they solve a particular business problem for you.

There are stand-alone add-ons, an Intune P2 plan and the full Intune Suite, which includes the following: Advanced endpoint analytics to track and optimize end user experiences, Endpoint Privilege Management which lets end users perform certain administrative tasks on their Windows device without being a local administrator and Microsoft Tunnel for MAM which extends the per-app VPN feature for Android and iOS apps to MAM.

There’s also Remote Help, which is a secure way to allow helpdesk to access the screen of staff to assist them and Managing specialty devices such as AR/VR headset and large smart screen devices.


To properly protect your Microsoft 365 environment, use Hornetsecurity one-of-a-kind services:

To keep up with the latest Microsoft 365 articles and practices, visit our Hornetsecurity blog now.


Conclusion

We believe that now you can unlock enhanced security and efficiency with Microsoft Intune as one of your comprehensive solutions for device management and data protection.

FAQ

What is Microsoft Intune used for?

Microsoft Intune is a cloud-based service that provides mobile device management (MDM) and mobile application management (MAM) capabilities. It allows organizations to manage and secure mobile devices, ensuring compliance with security policies and facilitating remote management.

What does Microsoft Intune give access to?

Microsoft Intune provides access to features such as:

Mobile Device Management (MDM)
Mobile Application Management (MAM)
Conditional Access Policies (through Entra ID)
Endpoint Security
Device Compliance Monitoring
Application Deployment and Management

What’s the benefit of Intune for your business?

Intune is used to the security and management of both computers and smartphones / tablet devices within an organization. It helps enforce security policies, manage device configurations, and protect corporate data on both company-owned and employee-owned devices, contributing to a more secure and controlled IT environment.