Managed MDM (Intune)

Following the transfer or initial implementation described in the Onboarding section, managed mobile device management MDM services are provided utilizing Microsoft Intune to support continuous management and security of mobile device fleets across corporate owned, BYOD, and kiosk devices.

Ongoing oversight includes device enrollment, configuration profile management, application deployment, and security compliance policy enforcement to help support secure, compliant, and operational endpoints on a 24/7 basis.

Services include:

• Configuration of Intune tenant settings and enrollment restrictions, including platform controls, minimum operating system version requirements, and ownership type classifications for corporate owned, BYOD, and kiosk devices
• Enrollment and registration of devices across iOS and Android platforms using automated enrollment workflows such as Apple Automated Device Enrollment ADE and Android Enterprise
• Implementation of conditional access rules enforcing enrollment and compliance prior to access to corporate resources
• Management of device retirement and remote wipe procedures for lost, stolen, or decommissioned devices in accordance with applicable policies
• Deployment and maintenance of managed applications through Intune, including the Microsoft 365 mobile suite and approved third party applications, using both device based and app based management policies
• Management of licensing distribution, application versioning, and update approvals
• Configuration of application protection policies APP to enforce data loss prevention controls, such as restricting copy and paste, requiring PIN access, and preventing data transfer to unmanaged applications, on both enrolled and unenrolled devices where applicable
• Third party application management for Windows applications requires Intune Suite licensing, and applications must be listed in the Enterprise App catalog
• Configuration and maintenance of Intune compliance policies to help ensure managed devices meet security standards prior to accessing corporate resources
• Enforcement of device encryption requirements, minimum operating system version thresholds, screen lock and PIN policies, jailbreak and root detection, and integration with Microsoft Defender for Endpoint or equivalent mobile threat defense solutions where applicable
• Non compliant devices may be flagged and subject to conditional access restrictions until compliance is restored, and notification may be provided for persistent or unresolved compliance violations