Microsoft Intune is a comprehensive device and application management tool, included within Microsoft 365 and the Enterprise Mobility + Security suite. Intune enables you to manage the mobile and BYOD (Bring-Your-Own-Device) devices that have access to your network and data – verifying their security compliance, controlling their access to data and managing the rollout of updates.

How you can manage devices with Microsoft Intune

Intune can verify whether a device complies with your security policy and determine whether it can be allowed to access the network. Intune also enables you to manage devices on a case-by-case basis. This could, for example, include different levels of management for company-owned devices compared with personal devices, or providing higher level permissions for more senior staff.

Full control of a device, including settings, features and security, might be appropriate for the devices your company owns. In this approach, users of these devices ‘enrol’ with Intune, and receive the rules and settings via the company policies you have configured. For example, you can set password and PIN requirements, create a VPN connection, set up threat protection, and more.

For personal or BYOD devices, users may only want access to email or Microsoft Teams. Intune enables you to put in place app protection policies that require for example, multi-factor authentication (MFA) to use these apps.

When devices are enrolled and managed in Intune, administrators can:

View all devices enrolled and reports on all data being accessed
Configure devices so they meet your security and health standards
Push certificates to devices so users can easily access your Wi-Fi network, or use a VPN to connect to your network
See reports on users and devices that are compliant, and not compliant
Remove organisation data if a device is lost, stolen, or not used anymore
It’s worth noting that Intune and the Microsoft Enterprise Mobility + Security suite also distinguishes between company data and an employee’s personal data – providing digital privacy to information that is not part of your company