Mobile device management via Microsoft Intune

Mobile device management




In the aftermath of the pandemic in the year 2000, IT administrators were scrambling to ensure their businesses and systems were operating as employees shifted to a home-based work environment. For some administrators, this was a matter of using tools they already had but had not used in a long time. Microsoft Intune was one of those tools that has gained popularity since the outbreak began for the second time in.

(Because of the outbreak, Microsoft has combined Microsoft Intune and Configuration Manager into one solution, which it names Microsoft Endpoint Manager.) Utilizing Microsoft Intune, you can manage your mobile devices and applications of your employees, as well as access company information. You can also use Intune to manage private devices owned by your employees. This article is updated to walk you through the fundamentals of use of Microsoft Intune. 

To use the MDM system, mobile devices must be registered. (MDM) system devices must be registered with the Intune service. There are many methods to register employees. Each method is based upon the kind of device owner (private or corporate) and the type of device (iOS, Windows, Android) and the requirements for management (resets or lockouts, affinity, resets). In default, devices on all platforms are registered in Intune. But you can limit devices based on platform. 




Device lifecycle management 

Mobile device management, just like many IT management tasks, is a part of the same lifecycle. The lifecycle of mobile device management is comprised of four phases: 

  • Phase of registration: They are registered through the management of mobile devices solution. Intune lets you register both mobile devices, such as smartphones as well as Windows PCs. 
  • Phase of configuration: Check that all devices that are registered are secure and adhere to all security and configuration guidelines. Automate other administrative tasks, like setting up WLAN. 
  • Secure phase Mobile device management software lets you continually monitor the settings you set during the configuration phase. This phase is where you make use of the mobile management software to ensure that devices are compliant by monitoring and the deployment of software updates. 
  • The final phase Once a device has been no longer required or is stolen, lost, or destroyed and you want to protect your device’s data. Data can be removed through a reset and then performing the full and selective reset, which erases all enterprise data out of the device. 

Automatic mobile device management registration 

Automatic registration lets users enroll on their Windows 10 devices with Intune without assistance from IT. Administrators can utilize AAD’s Azure Active Directory (AAD) portal to allow automated registration of all customers, or certain groups. 

To sign up for your devices the users need to add your business accounts to personal computers or integrate their corporate account with Azure Active Directory. The device gets registered and is integrated with Azure Active Directory and can be controlled via the AAD portal using Intune. 







Registering Windows 10 devices 

There are numerous methods to sign up Windows 10 devices with Microsoft Intune to manage device. Certain are managed by the user while others are controlled are managed by IT administrators. Certain are designed to work with BYOD applications, and some are intended are designed to help improve the modern deployment scenario and control and management of company devices. Each registration method has distinct requirements for deployment and behavior. 




The ways that can be employed to register with Intune are the following: 

Method  Description 
1. Create a school or business account.  This registration method enrols the device with Azure AD. If you own Azure AD Premium licenses and your Azure AD client is configured to register automatically using Intune the device will also be registered with Intune. This is a good option if autopilot is not being employed in the setting. 
2. Register only within MDM (user managed)  This method of registration is only registered through Intune however it does not register the device’s information as part of Azure AD. This method only in settings that do not have Azure AD Premium licenses which must be used to enable the automated registration for devices using Intune. 
3. Azure AD Integration (OOBE)  This method of registration is identical to method 1 with one difference: The device is registered in the out-of-box encounter (OOBE). If you are using Azure AD Premium licenses and your Azure AD client is configured to automatically register through Intune the device is also registered in Intune. 
4. Azure AD Integration (Autopilot User-Controlled Deployment Mode)  The registration process is identical to method 2 but with some variations. Devices are registered in the custom experience out of box. A lot of OOBE screens can be skipped to provide more user-friendly setup. This is the preferred method to register devices with Intune however, this is dependent on Azure AD Premium licenses, and your Azure AD client must be configured to register automatically using Intune. 
5. Azure AD Integration (Autopilot when in auto-deploying mode)  The registration method used is like method 4, but with one distinction. It permits skipping all OOBE displays to go away when the unit is switched up for the first time. Azure AD Integration and Intune registration are completely automated and require no involvement. This kind of registration is designed for devices that are not user-friendly, such as kiosks, however it can be utilized by ordinary users. It is possible to assign users to devices to ensure that the user only requires the password. The most effective configuration compared to other options. 
6. Register only through the MDM, the device register manager (MDM)  This method of registration is like method 3 however, it is executed by IT administrators with a specific account type called a device enrollment manager (DEM) account. The DEM is registered on the device, connects to the portal for enterprise users, and installs any apps the user will require. 
7. The System Center Configuration Manager is managed in conjunction with the System Center Configuration Manager  Shared management lets you control Windows 10 devices simultaneously using the configuration manager and Microsoft Intune. This solution allows you to move from traditional management to modern and provides a transition method using a gradual method. Sharing management can be the best method to register devices that are controlled by SCCM. (SCCM). After activation, the device is controlled via SCCM and Intune so that the most effective capabilities of both are employed. 
8. Azure AD integration (mass registration)  Mass registration is a cost-effective method to configure an array of devices that can be controlled by Intune without the need to build the devices. It is possible to enable mass enrollment through the creation of a deploy bundle by using Intune’s Windows configuration designer app available from Microsoft’s app store. Microsoft App Store. 

User and device profiles 

Microsoft Intune offers features and settings that you can turn on or deactivate on various devices within your company. This feature and settings can be controlled by profiles. Examples of profiles are: 

  • A wireless profile which provides diverse devices with access to the corporate wireless network. 
  • The VPN profile allows several devices the ability to connect to your VPN server that is part of your corporate network. 



Intune: The profiles below are in Intune: 

Profile Description 
Features of devices (iOS as well as the macOS)  Control functions are available for iOS or macOS devices, like AirPrint Notifications, AirPrint, and devices with approved configurations. 
Device limitations  Device restrictions affect security, hardware, data sharing and other settings of the devices. For instance, you could create a profile for device restriction that blocks the users on iOS gadgets from using your camera of the device. 
Protection of endpoints  Set up endpoint protection settings on Windows 10 BitLocker and Windows Defender settings for Windows 10 devices. 
Identification protection  Identity Protection ensures the security and usability of Windows Hello for Business on devices that run Windows 10 and Windows 10 Mobile. Set these settings up to allow Windows Hello for Business to be available to devices and users and establish specifications for device PINs as well as gestures. 
Kiosk  This profile is used to configure the device to ensure that one or more applications can be used. You can also alter the other functions of your kiosk device like the start menu, and the web browser. 
E-mail  The email preferences profile is where the email options set for Exchange ActiveSync are assigned, monitored, and maintained across the devices. It is possible to use email preferences to maintain consistency, cut down on support calls and allow users to access the email account of your company on your personal devices, without having to set up the accounts. 
VPN  Create VPN profiles for your users and devices in your business so they can quickly secure connect your network. VPNs (virtual private networks) provide users with secured remote access to your company network. Devices utilize the VPN connection profile for connecting to the VPN server. 
WLAN  WLAN settings are used to assign different wireless networks to devices and users. By assigning a wireless account, you give the users access to your company’s wireless network without needing to configure it on their own. 
mobile eSIM (currently in the public in a preview stage)  eSIM mobile profiles offer the ability to set up mobile connections to the Internet as well as data connectivity on managed devices. After you receive activated codes by your cell service provider You can import these activation codes with Intune and then add them to your eSIM-enabled devices. 
Education Windows 10  Configure the options of your Windows Take a Test app. If you enable these options, your device will not be able to run any other applications while the testing is completed. 
Education iOS  iOS utilizes an app called the iOS Classroom app to guide students’ learning and manage gadgets in the class. You can set up iPad devices to allow several students to share one device. 
Editions upgraded  Versions updates on Windows 10 automatically update some versions of Windows 10 to a newer version. 
Guidelines for updating  iOS update policies explain how to design and apply iOS policies for installing update software on iOS devices. You can also verify the status of the installation. 
Certificates  Certificates enable the trusted certificates that are trusted. Enrollment (SCE) protocol and Public Key Cryptography Standards (PKCS) certificates issued to devices and utilized to authenticate WLAN, VPN, and email profiles. 
Windows Information Protection profile  Windows Information Protection protects you from data leaks and snoops but does not compromise the user experience. It also shields corporate applications and the data stored on corporate and private devices used by employees at work from accidental data leaks. No changes to your system or other applications are required. 
A user-defined profile  Custom settings allow you to assign settings for devices that are not connected to Intune. For Android phones, as an instance you can input Open Mobile Alliance Uniform Resource Identifier (OMA-URI) values. For iOS devices you can use a file for configuration you made in Apple Configurator. Custom profiles are described in greater detail in the article below. 

User profiles

It is a requirement of the Windows 10 operating system that requires that every user have a profile for their user. User profiles are created after the user logs in for the first time. They are then stored within the folder Users. Profiles for users are made using the contents of the default profile within the folder Users. There are three kinds of profiles for users: 

  • Local It is accessible on one computer. 
  • Roaming The HTML0 type is used to be transferred between domain members. 
  • Required: This is a particular type of pre-configured user profile that does not save any user’s login changes. 
  • Temporary Profile: Temporary profiles are generated whenever an error hinders the user’s profile from being loaded. 

Intune for managing mobile devices and mobile devices The Intune app is just scratching the surface 

As you can observe, Intune is a great and robust Microsoft tool that is becoming increasingly important as work-from-home is transformed from an emergency to becoming a normal part of life. This article will be an introduction to the world of. For IT administrators who are new to the field, the more you understand about Intune and the applications it has, the more effectively you will be able to complete your job. 


Share on social media: