Using the linked reference above as my starting point and source of basic information (with attribution given in my first post in this series), let’s try to dissect it from my experience as a traditional Configuration Manager guy. I’ll attempt to restate much of that post into my own words and understanding, as well as attempting to draw some comparisons between Intune and loosely aligned Configuration Manager features where appropriate. The bulleted quotes that will follow below are taken from that article.
Not surprising, there are myriad number of ways to get access to the solution. One can purchase Intune licenses only, but most end up getting the full up Enterprise Mobility Suite (EMS) licenses. What gets interesting here is how this stack is designed to work in harmony with many discrete offerings from Microsoft today. These include the fact that Intune itself is built on top of Azure AD, and that all the components of the Microsoft Secure Productive Enterprise (SPE) are further designed to work seamlessly together (Windows10, EMS, and Office 365). The functionality is built in, and not bolted on, but integrated. The intricacies of Microsoft’s licensing world are far outside the scope of this document, however.
..Intune is the management arm of Microsoft’s Enterprise Mobility & Security (EMS) product offering, which consists of a suite of elements to aid:
Summarizing from my reference link in my first article in this series, Intune allows the organization to safely and securely manage mobile devices and applications on the internet. This is a major departure from historically managing these assets within the traditional fortress of the on-prem data center and the various corporate firewalls that protect it.
Alternatively, you could manage applications only, without the need to manage the actual devices those applications reside upon. This introduces a “sandbox” metaphor, where corporate data is isolated from personal data, and managed by the enterprise with no impact on the personal data that resides outside that sandbox. I will expand upon all of this using several “scenarios” that were published.
Intune also allows the enterprise to secure Office365 for mobile access to corporate resources via the internet. This link presents an example scenario to illustrate the concept: Protect Office365 data with Intune (Jeff Gilbert, Matthew Baldwin)
Intune provides the means for the bulk enrollment and management of corporate phones for secure management.
Intune also allows for the implementation of limited use “shared devices” for task workers. For example, these could include machines used by workers on a factory floor, or perhaps iPads used by customers to order food in a restaurant. The key is that they are not the typical devices used by a single individual
Intune further provides for the implementation of a secure BYOD or personal device use strategy in the workplace. This link presents an example scenario to illustrate that concept: Enable BYOD with Intune (Jeff Gilbert)
Lastly, Intune also allows the use of Office365 on unmanaged devices/apps not under corporate control. An example of this would be my use of Office365 on my personal iOS devices. Another scenario to illustrate how this is accomplished may be found here: Protect company data without managing devices with Intune (Jeff Gilbert)
While I’ve only included three scenarios here as references, it is important to keep this reference handy: Start Using Enterprise Mobility + Security (Jeff Gilbert). It is essentially a getting started guide for EMS that will be updated on a fairly regular basis to include all new scenarios and show you how they fit together in some holistic manner. Links to all of the scenarios (and other resources) are linked from this page. Think of it as your living roadmap into the evolution of EMS and the various scenarios that surround it!
Now that we know what it does, how does it map to Configuration Manager? I’ll be investigating that in my next post.