Microsoft Endpoint Manager: Configuring Devices with Microsoft Intune

Intune Overview

Intune is the component of Enterprise Mobility + Security (EMS) that manages Windows systems, mobile devices and apps. It integrates closely with other EMS components like Microsoft Entra ID for identity and access control and Azure Information Protection for data protection.

• Microsoft Endpoint Manager
• Intune Overview
• Intune Subscriptions
• Mobile Device Management (MDM)
• Mobile App Management (MAM)
• Microsoft Entra ID
• Role-Based Administrative Control (RBAC)
• LAB: Intune Overview

Device Enrollment

Intune lets you manage your devices and apps and how they access your company data. To use mobile device management (MDM), the devices must first be enrolled in the Intune service. When a device is enrolled, it is issued an MDM certificate. This certificate is used to communicate with the Intune service.

• Device Enrollment
• Device Management Capabilities
• Enrollment Options
• Windows Enrollment
• Android Enrollment
• iOS Enrollment
• MacOS Enrollment
• Linux Enrollment
• LAB: Device Enrollment

Device Configuration

Use device configuration profiles to manage and control a whole range of different features and functionality on devices.

• Configure Device Profiles
• Configure Device Features
• Configure Device Restrictions
• Configure Settings: Email, VPN, Wi-Fi
• Administrative Templates
• Upgrade Editions
• LAB: Device Configuration

App Management

As an IT admin, you are responsible for making sure that your end users have access to the apps they need to do their work. This can be a challenge because there are a wide range of device platforms and app types. Moreover, you might need to manage apps on both company devices and user's own devices, while ensuring your network and your data remain secure.

• App Lifecycle
• Add apps to Intune: Store Apps - Office 365 - Web Apps - LOB Apps - Win32 Apps - PowerShell Scripts
• Monitor Apps
• App Configuration Policies
• LAB: App Management

Device and App Protection

Policies can be created to define whether devices are compliant, to configure conditional access or to protect app and device data.

• Device Compliance Policies
• App Protection Policies
• Windows Information Protection
• Conditional Access
• LAB: Device and App Protection

Endpoint Protection

Endpoint Protection provides real-time protection against malware threats, keeps malware definitions up-to date, and automatically scans computers. Endpoint Protection also provides tools that help you to manage and monitor malware attacks.

• Endpoint Protection
• Microsoft Defender for Endpoint
• Integration between Intune and Defender for Endpoint
• Enforce Compliance with Conditional Access
• Remediate Vulnerabilities
• LAB: Endpoint Protection

Device Management

As an IT admin, you need control over the company devices. With Intune, you can remotely reboot, rename, lock or wipe a device.

• Lock, Restart or Remove Device
• Locate Lost Device
• Logout or Remove User
• Bypass Activation Lock
• Reset Passcode
• Remote Control Mobile Devices
• Synchronize Device
• LAB: Device Management

Kiosk Devices

Intune can be used to run devices as a kiosk, also known as a dedicated device. A device in kiosk mode can run one or multiple apps. You can show and customize a start menu, add different apps, including Win32 apps (for Windows), add a specific home page to a web browser, and more.

• Windows Kiosk Devices
• Android Kiosk Devices
• iOS Kiosk Devices
• LAB: Kiosk Devices

Windows Autopilot

Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for production use minutes after you bought them from the vendor.

• Windows Autopilot Overview
• Windows Autopilot Requirements
• Deployment Scenarios
• Administering Windows Autopilot
• LAB: Windows Autopilot