Manage and secure devices in Intune - Microsoft Intune (2024)

Table of Contents
In this article Manage organization owned and personal devices Use your existing devices and use new devices Check the compliance health of your devices Control device features and assign policies to device groups Secure your devices Next steps
  • Article

Managing devices is a significant part of any endpoint management strategy and solution. Organizations have to manage laptops, tablets, mobile phones, wearables, and more. It can be a large task, especially if you're not sure where to start.

Enter Microsoft Intune. Intune is a cloud-based service that can control devices through policy, including security policies. For more information on Intune and its benefits, go to What is Microsoft Intune?.

The goal of any organization that's managing devices is to secure devices and the data they access. This task includes organization owned devices and personally owned devices that access your organization resources.

From a service perspective, Intune uses Microsoft Entra ID for device storage and permissions. Using the Microsoft Intune admin center, you can manage device tasks and policies in a central location designed for endpoint management.

This article discusses concepts and features you should consider when managing your devices.

Manage organization owned and personal devices

Many organizations allow personally owned devices to access organization resources, including email, meetings, and so on. There are different options available and these options depend on how strict your organization is.

You can require personal devices be enrolled in your organization's device management services. On these personal devices, your admins can deploy policies, set rules, configure device features, and more. Or, you can use app protection policies that focus on protecting app data, such as Outlook, Teams, and Sharepoint. You can also use a combination of device enrollment and app protection policies.

See Also
Sync enrolled device for WindowsTry Microsoft Intune overviewWhat Is Microsoft Intune and How Does It Work? I SoftlandingWhat is Microsoft Intune? The 6 Business Problems Intune Helps Solve

For organization owned devices, they should be fully managed by your organization, and receive policies that enforce rules and protect data.

For more information and guidance, go to:

  • Microsoft Intune planning guide
  • Deployment guide: Setup or move to Microsoft Intune

Use your existing devices and use new devices

You can manage new devices and existing devices. Intune supports Android, iOS/iPadOS, Linux, macOS, and Windows devices.

There are some things you should know. For example, if existing devices are managed by another MDM provider, then they might need to be factory reset. If the devices are using an older OS version, they might not be supported.

If your organization is investing in new devices, then it's recommended to start with a cloud approach using Intune.

For more information and guidance, go to:

  • Microsoft Intune planning guide
  • Deployment guide: Setup or move to Microsoft Intune

For more specific information by platform, go to:

  • Android platform deployment guide
  • iOS/iPadOS platform deployment guide
  • Linux enrollment deployment guide
  • macOS platform deployment guide
  • Windows enrollment deployment guide

Check the compliance health of your devices

Device compliance is a significant part of managing devices. Your organization will want to set password/PIN rules and check for security features on these devices. You'll want to know which devices don't meet your rules. This task is where compliance comes in.

You can create compliance policies that block simple passwords, require a firewall, set the minimum OS version, and more. You can use these policies and built-in reporting to see noncompliant devices and see the noncompliant settings on these devices. This information gives you an idea of the overall health of the devices accessing your organization resources.

Conditional Access is a feature of Microsoft Entra ID. With Conditional Access, you can enforce compliance. For example, if a device doesn't meet your compliance rules, then you can block access to organization resources, including Outlook, SharePoint, Teams, and more. Conditional Access helps your organization secure your data and protect your devices.

See Also
What Is the Intune Company Portal and How Is It Used?

For more information, go to:

  • Use compliance policies to set rules for devices you manage
  • Monitor results of your device compliance policies
  • Learn about Conditional Access and Intune

Control device features and assign policies to device groups

All devices have features that you can control and manage using policies. For example, you can block the built-in camera, allow Bluetooth pairing, manage the power button, and more.

For many organizations, it's common to create device groups. Device groups are Microsoft Entra groups that only include devices. They don't include user identities.

When you have device groups, you create policies that focus on the device experience or task, like running a single app or scanning bar codes. You can also create policies that include settings that you want to always be on the device, regardless of who's using the device.

You can group devices by OS platform, by function, by location, and other features you prefer.

Device groups can also include devices that are shared with many users or aren't associated with a specific user. These dedicated or kiosk devices are typically used by frontline workers (FLW) and can also be managed by Intune.

When the groups are ready, you can assign your policies to these device groups.

For more information, go to:

  • FLW device management in Intune
  • Get started with Microsoft 365 for frontline workers
  • Windows device settings to run as a dedicated kiosk using Intune
  • Control access, accounts, and power features on shared PC or multi-user devices using Intune

Secure your devices

To help secure your devices, you can install antivirus, scan & react to malicious activity, and enable security features.

In Intune, some common security tasks include:

  • Integrate with Mobile Threat Defense (MTD) partners to help protect organization owned devices and personally owned devices. These MTD services scan the devices and can help remediate vulnerabilities.

    The MTD partners support different platforms, including Android, iOS/iPadOS, macOS, and Windows.

    For more specific information, go to Mobile Threat Defense integration with Intune

  • Use security baselines on your Windows devices. Security baselines are preconfigured settings that you can deploy to your devices. These baseline settings focus on security at a granular level and can also be changed to meet any organization specific requirements.

    If you're not sure where to start, then look at security baseline and the built-in guided scenarios.

    For more specific information, go to:

    • Use security baselines to configure Windows devices in Intune
    • Guided scenarios overview

  • Manage software updates, encrypt hard disks, configure built-in firewalls, and more using built-in policy settings. You can also use Windows Autopatch for automatic patching of Windows, including Windows quality updates and Windows feature updates.

    For more information, go to:

    • Manage endpoint security in Microsoft Intune
    • Manage device security with endpoint security policies in Microsoft Intune
    • Windows Autopatch overview

  • Manage devices remotely using the Intune admin center. You can remotely lock, restart, locate a lost device, restore a device to its factory settings, and more. These tasks are helpful if a device is lost or stolen, or if you're remotely troubleshooting a device.

    For more information, go to Remote actions in Intune.

Next steps

  • Manage identities in Intune
  • Manage apps
Manage and secure devices in Intune - Microsoft Intune (2024)
Top Articles
Here’s the Average CPP Benefit at Age 70
Best Second Chance Credit Cards With No Security Deposit Of September 2024
Jazmen Jafar Linkedin
Nco Leadership Center Of Excellence
Kristine Leahy Spouse
Autobell Car Wash Hickory Reviews
Aces Fmc Charting
Achivr Visb Verizon
Morgan Wallen Pnc Park Seating Chart
Best Pawn Shops Near Me
Simple Steamed Purple Sweet Potatoes
zopiclon | Apotheek.nl
Meritas Health Patient Portal
Stihl Km 131 R Parts Diagram
SXSW Film & TV Alumni Releases – July & August 2024
Vistatech Quadcopter Drone With Camera Reviews
St Maries Idaho Craigslist
Ibukunore
SF bay area cars & trucks "chevrolet 50" - craigslist
Football - 2024/2025 Women’s Super League: Preview, schedule and how to watch
Sodium azide 1% in aqueous solution
THE FINALS Best Settings and Options Guide
Roane County Arrests Today
Dark Entreaty Ffxiv
Boise Craigslist Cars And Trucks - By Owner
Harrison County Wv Arrests This Week
Dr Seuss Star Bellied Sneetches Pdf
Buhl Park Summer Concert Series 2023 Schedule
Annapolis Md Craigslist
Noaa Marine Forecast Florida By Zone
United E Gift Card
Pokemmo Level Caps
Rvtrader Com Florida
Why Gas Prices Are So High (Published 2022)
Cl Bellingham
Vivek Flowers Chantilly
NHL training camps open with Swayman's status with the Bruins among the many questions
Davis Fire Friday live updates: Community meeting set for 7 p.m. with Lombardo
The best specialist spirits store | Spirituosengalerie Stuttgart
Powerboat P1 Unveils 2024 P1 Offshore And Class 1 Race Calendar
Juiced Banned Ad
National Weather Service Richmond Va
The Horn Of Plenty Figgerits
Copd Active Learning Template
Random Animal Hybrid Generator Wheel
Tacos Diego Hugoton Ks
Wpne Tv Schedule
Waco.craigslist
Premiumbukkake Tour
Rheumatoid Arthritis Statpearls
Walmart Front Door Wreaths
Tanger Outlets Sevierville Directory Map
Latest Posts
Buy Binance Coin (BNB) with Credit Card or Bank Account - How to buy BNB no verification or KYC
The 7 essential components of a business strategy - Resonate
Article information

Author: Horacio Brakus JD

Last Updated:

Views: 6199

Rating: 4 / 5 (71 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Horacio Brakus JD

Birthday: 1999-08-21

Address: Apt. 524 43384 Minnie Prairie, South Edda, MA 62804

Phone: +5931039998219

Job: Sales Strategist

Hobby: Sculling, Kitesurfing, Orienteering, Painting, Computer programming, Creative writing, Scuba diving

Introduction: My name is Horacio Brakus JD, I am a lively, splendid, jolly, vivacious, vast, cheerful, agreeable person who loves writing and wants to share my knowledge and understanding with you.