What is Microsoft Intune? The Ultimate Guide for Beginners
Although Microsoft Endpoint Configuration Manager (formerly SCCM) is still a very popular infrastructure management tool, many companies are moving to Azure and Intune.
That’s why in this article we’ll address Intune for beginners. Let’s provide an overview of what
Microsoft Intune is and how you can manage devices with it. Shall we get started?
To learn more about Azure or Intune, check out these two articles: Azure - Advanced Installer Blog | The MSI(X) Experts Crib and Intune - Advanced Installer Blog | The MSI(X) Experts Crib.
What is Microsoft Intune?
Microsoft Intune is an enterprise mobility management (EMM) solution that is mainly used to manage mobile devices, network settings, and other mobile services and settings.
Intune is a service provided by the Azure subscription and offers the possibility to manage:
- Devices and applications,
- Information protection configurations,
- Endpoint protection and
- Policy management solutions (security/configuration).
What else can Intune be used for?
Intune can be combined with Azure services to facilitate further management of the infrastructure. This is what happens with Azure Virtual Desktop, where other Azure resources, like Azure Active Directory or Virtual Networks, are needed.
You can also use Intune with Microsoft 365 to simplify the deployment of Microsoft 365 apps, such as Microsoft Teams, OneNote, to your devices.
If you're familiar with SCCM, then you can consider Intune a lighter version of SCCM but where everything is managed inside the cloud.
If you are switching from SCCM to Intune, you will notice that some of the features are not present or as advanced in Intune. But, keep in mind that Intune is continuously in development, meaning that SCCM functionalities will be ported with time.
What Management options are available in Intune?
With Intune, you can manage almost everything you can think of, from the obvious Windows devices via MDM (Mobile Device Management) to MacOS, Android, and even iOS.
While iOS, Android, and MacOS devices need the Intune agent to be present in order to be managed, when it comes to Windows devices, they can be arguably managed without the Intune client agent - this applies only for Windows 10.
When we mention the Intune client agent, we are referring to the Intune Company Portal.
Within the Intune agent you can find all the company apps that are used and installed on your device. Furthermore, many configurations can be deployed through the Company Portal.
You can find the Company Portal on Google Play Store and Apple Store.
For Windows 7 and Windows 8, an Intune MSI,the client is available to download at: Manually add the Windows 10 Company Portal app - Microsoft Intune.
As I mentioned, for Windows 10 devices, you don't technically need the Company Portal to manage that device. Why is that?
When you install the Company Portal onto a device, you are doing an Intune agent-based management, and for Windows 10, Intune uses the Mobile Device Management (MDM) stack of the Windows 10 operating system itself.
What is Intune AutoPilot?
With SCCM, all the companies provided a “golden image” which is used as a baseline for OS installation across all infrastructure, which means that all devices were enrolled on the same version of OS with the same configurations and applications and so on.
However, as patches and new Windows OS versions continue to launch, that “golden image” needs to be updated according to the internal process of each company. This was done to make sure the machine had the latest OS version and to avoid security risks or End of Life (EOL) versions of the OS.
With Intune, the “golden image” is no longer needed, instead, you can use the AutoPilot functionality. This is a framework to provision Windows machines without going through the reimagining process. Simply put, it's a set of technologies to simplify and automate the OOBE experience.
With AutoPilot, you can:
- Pre-configure new devices
- Recover Devices
- Reset Devices
While reimaging is technically not needed and the process is a bit simplified, the granular control that was present in SCCM Task Sequences is not found in AutoPilot.
Microsoft’s idea is that when a company purchases a set of devices with preinstalled Windows, Intune will transform the device into a “business-ready” state by:
- Applying settings and policies
- Installing apps
- Changing the edition of Windows being used to support advanced features. For example, from Windows Pro to Windows Enterprise.
With that being said, there is a division of opinions regarding this in the IT Pros community.
If a device ever requires reimaging, the user must manually install the OS via USB stick or DVD and then enroll the device in Intune, whereas with SCCM, the manual for reimaging was never available.
How to Manage Devices with Intune?
After you enroll a device in Intune, managing it is pretty straightforward. You can sync your Windows Store for Business with Microsoft Intune in just a few minutes. This will allow you to quickly install any Store app on your devices.
Intune offers multiple possibilities when it comes to application deployments. Check out our article about MSIX: How to deploy MSIX Packages with Microsoft Intune.
Apart from application deployment and policy compliance, many other actions can be taken on a specific device, such as:
- View device inventory
- Run bulk device actions on multiple devices at the same time
- Autopilot reset (Windows Only)
- BitLocker key rotation (Windows only)
- Collect diagnostics (Windows 10 only)
- Disable Activation Lock (iOS only)
- Erase (macOS Only)
- Fresh Start (Windows only)
- Full Scan (Windows 10 only)
- Locate device (iOS only)
- Lost mode (iOS only)
- Quick Scan (Windows 10 only)
- Remote control for Android
- Remote lock
- Rename device
- Reset passcode
- Restart (Windows only)
- Update Windows Defender Security Intelligence
- Windows 10 PIN reset
- Send custom notification (Android, iOS/iPadOS)
- Synchronize device
- Update cellular data plan (iOS/iPadOS)
Without a doubt, more and more companies are switching to cloud solutions. So, the appearance of Azure and Intune was natural, but that doesn’t mean MECM (SCCM) will no longer exist. As with many other technologies, it will take time until MECM is considered EOL.
While the process is much more simplified for IT Pros, the customizations and options presented are still falling short when compared to SCCM. However, it won't come as a surprise if Intune becomes 1-1 with SCCM in the future.For more topics like this, leave your suggestions in the comment section below.
Subscribe to Our Newsletter
Sign up for free and be the first to receive the latest news, videos, exclusive How-Tos, and guides from Advanced Installer.