Microsoft Intune is a Cloud-based endpoint management solution. It helps to manage user access to organization resources, applications and devices.
We can protect access and data on organization owned and user personal devices. Microsoft Intune supports Android, Android Open Source Project (AOSP), iOS/iPadOS, Ubuntu Desktop, Mac and windows client devices. We can securely access organization resources and can be manage the devices as per the company policies.
Simple diagram of Microsoft Intune
Setup Microsoft Intune
Now, we are in the first step to setup your Intune environment. This article is to help you get a better understanding of Intune’s support configurations.
Prerequisites:-
- Validate custom Domain and Update DNS settings. By Logging into Portal.office.com (M365 Admin Center) -> Setup -> Custom Domain -> validate Domain healthy status.
- Check Microsoft Intune License/Subscription on M365 ( Microsoft Intune Plan1 or Plan2)
- Identify and Note BYOD and Company devices
- Validate OS on all the devices (Android, Mac, Ubuntu and Windows)
- Prepare for the Configuration, Compliance and infrastructure policies
Sign into Portal.azure.com to create the Users and groups.
You should have the Microsoft Online Service account, Enterprise Agreement, Volume licensing agreement. A Microsoft volume licensing agreement or Microsoft cloud service subscription like M365 usually includes a work or school account to log in.
Create the Users in Azure and Assign the product license
Assign the product license to all the users
Add Intune Users in the M365 admin Center
Create the security group
Login to O365 admin centre -> Groups -> Add a group
Select the Group Type -> Security and click Next
Give the Security Group Name and click Next
Review and finish adding group
Add the members
Intune portal :- https://intune.microsoft.com/
You can be able to see Microsoft Intune Home Page:-
Note: Administrator should have the access of Global Admin or Intune Service Administrator to manage Microsoft Intune.
Configure Mobile device Management (MDM) Authority:-
- Sign in to the Azure portal, and select Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune.
- Configure MDM User scope. Specify which users’ devices should be managed by Microsoft Intune. These Windows 10 devices can automatically enroll for management with Microsoft Intune.
- None - MDM automatic enrollment disabled
- Some - Select the Groups that can automatically enroll their Windows 10 devices
- All - All users can automatically enroll their Windows 10 devices
Important
For Windows BYOD devices, the MAM user scope takes precedence if both the MAM user scope and the MDM user scope (automatic MDM enrollment) are enabled for all users (or the same groups of users). The device will not be MDM enrolled, and Windows Information Protection (WIP) Policies will be applied if you have configured them.
If your intent is to enable automatic enrollment for Windows BYOD devices to an MDM: configure the MDM user scope to All (or Some, and specify a group) and configure the MAM user scope to None (or Some, and specify a group – ensuring that users are not members of a group targeted by both MDM and MAM user scopes).
For corporate devices, the MDM user scope takes precedence if both MDM and MAM user scopes are enabled. The device will get automatically enrolled in the configured MDM.
MDM user scope must be set to an Azure AD group that contains user objects.
- Sign in to the Microsoft Intune Admin center -> Go to Device -> Select Enrollment
- Go to Windows Tab -> Select Automatic Enrollment -> Click Microsoft Intune
- Configure MDM user scope -> recommended to use default URLs
- Click Save.
Customize the Intune Company Portal:-
- Sign in to the Microsoft Intune Admin center -> Tenant Admin
- Expand End user experience -> Customization -> Edit
Modify the details as per your company needs
Review and Save.