Intune is the component of Enterprise Mobility + Security (EMS) that manages Windows 10 systems, mobile devices and apps. It integrates closely with other EMS components like Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.
- Microsoft Endpoint Manager
- Intune Overview
- Intune Subscriptions
- Mobile Device Management (MDM)
- Mobile App Management (MAM)
- Azure Active Directory
- Role-Based Administrative Control (RBAC)
- LAB: Intune Overview
Intune lets you manage your workforce’s devices and apps and how they access your company data. To use this mobile device management (MDM), the devices must first be enrolled in the Intune service. When a device is enrolled, it is issued an MDM certificate. This certificate is used to communicate with the Intune service.
- Device Enrollment
- Device Management Capabilities
- Enrollment Options
- Windows Enrollment
- Android Enrollment
- iOS Enrollment
- LAB: Device Enrollment
Use device configuration profiles to manage and control a whole range of different features and functionality on devices.
- Configure Device Profiles
- Configure Device Features
- Configure Device Restrictions
- Configure Settings: Email, VPN, Wi-Fi
- Administrative Templates
- Upgrade Editions
- LAB: Device Configuration
As an IT admin, you are responsible for making sure that your end users have access to the apps they need to do their work. This can be a challenge because there are a wide range of device platforms and app types. Moreover, you might need to manage apps on both company devices and user’s own devices, while ensuring your network and your data remain secure.
- App Lifecycle
- Add apps to Intune: Store Apps – Office 365 – Web Apps – LOB Apps – Win32 Apps – PowerShell Scripts
- Monitor Apps
- App Configuration Policies
- LAB: App Management
Device and App Protection
Policies can be created to define whether devices are compliant, to configure conditional access or to protect app and device data.
- Device Compliance Policies
- App Protection Policies
- Windows Information Protection
- Conditional Access
- LAB: Device and App Protection
Endpoint Protection provides real-time protection against malware threats, keeps malware definitions up-to date, and automatically scans computers. Endpoint Protection also provides tools that help you to manage and monitor malware attacks.
- Endpoint Protection
- Microsoft Defender for Endpoint
- Integration between Intune and Defender for Endpoint
- Enforce Compliance with Conditional Access
- Remediate Vulnerabilities
- LAB: Endpoint Protection
As an IT admin, you need control over the company devices. With Intune, you can remotely reboot, rename, lock or wipe a device.
- Lock, Restart or Remove Device
- Locate Lost Device
- Logout or Remove User
- Bypass Activation Lock
- Reset Passcode
- Remote Control Mobile Devices
- Synchronize Device
- LAB: Device Management
Intune can be used to run devices as a kiosk, sometimes known as a dedicated device. A device in kiosk mode can run one or multiple apps. You can show and customize a start menu, add different apps, including Win32 apps (for Windows 10), add a specific home page to a web browser, and more.
- Windows 10 Kiosk Devices
- Android Kiosk Devices
- iOS Kiosk Devices
- LAB: Kiosk Devices
Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for production use minutes after you bought them from the vendor.
- Windows Autopilot Overview
- Windows Autopilot Requirements
- Deployment Scenarios
- Administering Windows Autopilot
- LAB: Windows Autopilot