Microsoft Endpoint Manager: Configuring Devices with Microsoft Intune

Intune Overview

Intune is the component of Enterprise Mobility + Security (EMS) that manages Windows systems, mobile
devices and apps.
It integrates closely with other EMS components like Microsoft Entra ID for identity and access
control and Azure Information Protection for data protection.

• Microsoft Endpoint Manager
• Intune Overview
• Intune Subscriptions
• Mobile Device Management (MDM)
• Mobile App Management (MAM)
• Microsoft Entra ID
• Role-Based Access Control (RBAC)
• LAB: Intune Overview

Device Enrollment

Intune lets you manage your devices and apps and how they access your company data.
To use mobile device management (MDM), the devices must first be enrolled in the Intune service.
When a device is enrolled, it is issued an MDM certificate. This certificate is used to communicate with the
Intune service.

• Device Enrollment
• Device Management Capabilities
• Enrollment Options
• Windows Enrollment
• Android Enrollment
• iOS Enrollment
• MacOS Enrollment
• Linux Enrollment
• LAB: Device Enrollment

Device Configuration

Use device configuration profiles to manage and control a whole range of different features and functionality on
devices.

• Configure Device Profiles
• Configure Device Features
• Configure Device Restrictions
• Configure Settings: Email, VPN, Wi-Fi
• Settings Catalog
• Upgrade Editions
• LAB: Device Configuration

App Management

As an IT admin, you are responsible for making sure that your end users have access to the apps they need to do
their work.
This can be a challenge because there are a wide range of device platforms and app types.
Moreover, you might need to manage apps on both company devices and user’s own devices, while ensuring your
network and your data remain secure.

• App Lifecycle
• Add apps to Intune: Store Apps – Office 365 – Web Apps – LOB Apps – Win32 Apps – PowerShell Scripts
• Monitor Apps
• App Configuration Policies
• LAB: App Management

Device and App Protection

Policies can be created to define whether devices are compliant, to configure conditional access or to protect
app and device data.

• Device Compliance Policies
• App Protection Policies
• Conditional Access
• LAB: Device and App Protection

Endpoint Protection

Endpoint Protection provides real-time protection against malware threats, keeps malware definitions up-to date,
and automatically scans computers.
Endpoint Protection also provides tools that help you to manage and monitor malware attacks.

• Endpoint Protection
• Microsoft Defender for Endpoint
• Integration between Intune and Defender for Endpoint
• Enforce Compliance with Conditional Access
• Remediate Vulnerabilities
• LAB: Endpoint Protection

Device Management

As an IT admin, you need control over the company devices. With Intune, you can remotely reboot, rename, lock or
wipe a device.

• Lock, Restart or Remove Device
• Locate Lost Device
• Logout or Remove User
• Bypass Activation Lock
• Reset Passcode
• Remote Control Mobile Devices
• Synchronize Device
• LAB: Device Management

Kiosk Devices

Intune can be used to run devices as a kiosk, also known as a dedicated device. A device in kiosk mode can
run one or multiple apps.
You can show and customize a start menu, add different apps, including Win32 apps (for Windows), add a specific
home page to a web browser, and more.

• Windows Kiosk Devices
• Android Kiosk Devices
• iOS Kiosk Devices
• LAB: Kiosk Devices

Windows Autopilot

Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them
ready for production use minutes after you bought them from the vendor.

• Windows Autopilot Overview
• Windows Autopilot Requirements
• Deployment Scenarios
• Administering Windows Autopilot
• Windows Autopilot Device Preparation
• LAB: Windows Autopilot