What is Intune? How to Use Microsoft’s Endpoint Manager

Imagine this: an employee informs the IT team that they’ve lost their work phone on public transit. It’s filled with sensitive company data, and panic sets in. Without a system in place to manage devices remotely, your company’s information is now at risk. This is where Microsoft Intune steps in—giving businesses the power to remotely wipe, secure, and manage devices, even in unforeseen situations. Whether you’re managing a fleet of company-owned devices or allowing employees to bring their own, Intune helps maintain control and security, keeping your business data safe no matter what happens.

Sound dreamy? Read on to learn all about Microsoft Intune and how it’s helping IT teams like yours efficiently manage devices. You’ll discover:

• What is Intune? 

• Ways to use Intune device management 

• Setting up Intune mobile device management

• Intune pricing and licensing 

What is Intune?

Microsoft Intune is a cloud-based service that enables organizations to manage mobile devices and applications. It provides Mobile Device Management (MDM) and Mobile Application Management (MAM) capabilities. Through Intune, IT pros can ensure that the devices accessing corporate resources—whether they're company-owned or personal—are compliant with security policies and configured appropriately.

With Intune, you can control how devices are used by enforcing security measures like password strength, encryption, and compliance with company policies. It also allows administrators to manage apps on devices, ensuring that only approved applications have access to corporate data. This is especially useful for managing remote workforces, as Intune makes it easy to manage access to sensitive information while maintaining control over security, regardless of where your employees are located.

Ways to Use Intune Device Management 

Whether you're handling company-issued devices or supporting a Bring Your Own Device (BYOD) policy, Intune allows IT teams to maintain control and secure access to corporate data. Here are some practical ways to leverage Intune for device management:

• Configure and secure devices across platforms

• Control and secure apps to ensure corporate data stays protected

• Apply compliance policies to meet organizational security standards

• Restrict access to corporate data based on security compliance

Let’s dive deeper into each of these areas. 

1. Device Management

With Microsoft Intune, you can manage and configure settings on a wide range of devices, including Windows PCs, macOS, iOS, and Android devices. For example, a company could use Intune to enroll all employee laptops and smartphones, ensuring they are configured with the appropriate security settings, such as requiring a PIN or fingerprint for login. It also allows remote wiping of lost or stolen devices, protecting sensitive company data. Imagine an IT team managing hundreds of devices across various locations—Intune simplifies ensuring all devices have the latest software updates and security patches without needing physical access to each device.

1. App Management

Intune allows you to control which apps are installed and used on company devices. For instance, a healthcare provider can use Intune to allow access to essential apps like Microsoft Teams or medical software but restrict unauthorized apps like social media or unapproved messaging platforms. Additionally, through app protection policies, a company could ensure that sensitive corporate data in apps like Outlook or OneDrive remains encrypted and isn’t shared with personal apps, protecting data even on personal devices (BYOD).

1. Security Policies

Using Intune, you can enforce compliance policies across all devices to ensure they meet security standards. For example, an IT consulting firm might require that all devices accessing their network have antivirus software installed and up-to-date. If a device does not meet these standards, Intune can flag it as non-compliant and restrict its access to corporate resources until the necessary updates or configurations are made.

1. Conditional Access

Intune works with Microsoft Entra ID (formerly Azure Active Directory) to implement conditional access, controlling which devices or users can access specific corporate resources based on their compliance status. For example, a financial services company could use conditional access to ensure only employees using compliant, secured devices can access sensitive financial data through their company apps. If an employee’s device doesn’t have the latest security updates or if it’s jailbroken, access to corporate email or databases could be automatically denied until the issue is resolved.

These features make Intune a powerful tool if you’re looking to secure your organization’s devices and data, while still providing flexibility for remote or mobile workforces.

Setting Up Intune Mobile Device Management

Setting Up Intune

To get started with Intune, the first step is to enroll devices. This involves signing into the Microsoft Intune admin centre and configuring enrollment settings for the devices you need to manage (phones, laptops, tablets, etc.). You can invite users to enroll their devices through an easy-to-follow process where they log in with their company credentials, or you can configure automatic enrollment for company-owned devices. 

Creating and Applying Policies

After enrollment, you can begin setting up security or compliance policies to ensure all devices meet your organization’s security standards. These policies could include enforcing password complexity, enabling encryption, or requiring antivirus protection. From the admin centre, you can create these policies by choosing specific configurations and then applying them to device groups. For example, you might apply stricter security policies for devices accessing sensitive financial data, while other devices have more basic configurations. 

Learn how to create conditional access policies in this article > 

Monitoring Devices

Once devices are enrolled and policies are applied, Intune allows administrators to continuously monitor device compliance. Through the dashboard, you can view device status, check for compliance violations, and receive alerts for any security issues, such as missing updates or non-compliant devices. If a device is flagged as non-compliant, admins can take immediate action, like remotely wiping the device or restricting its access to company data until it meets the necessary security requirements.

This process helps ensure your organization's devices are always secure and up-to-date, providing peace of mind even with a dispersed or mobile workforce.

Intune Pricing and Licensing 

Here are the main licensing and pricing options for Microsoft Intune:

1) Microsoft Intune Plan 1 

A cloud-based unified endpoint management solution that is included in the following licences:

• Microsoft 365 E5

• Microsoft 365 E3

• Enterprise Mobility + Security E5

• Enterprise Mobility + Security E3

• Microsoft 365 Business Premium

• Microsoft 365 F1

• Microsoft 365 F3

• Microsoft 365 Government G5

• Microsoft 365 Government G3

• Microsoft Intune for Education

​​2) Microsoft Intune Plan 2

An add-on to Microsoft Intune Plan 1 that offers advanced endpoint management capabilities. Intune Plan 2 is included in Microsoft Intune Suite.

3) Microsoft Intune Suite 

An add-on to Microsoft Intune Plan 1 that unifies mission-critical advanced endpoint management and security solutions.

Interested in Intune Mobile Device Management? 

Learn about the unique ways it could help your organization maintain visibility into devices and manage security by speaking to one of our experts. We’ll help assess your environment, take a look at your licensing, and come up with an action plan to get you closer to unified device management.