With the increasing volume and diversity of both ‘bring your own device’ (BYOD) and corporate-owned devices being used in organizations today, a growing challenge for IT departments is keeping corporate information secure. Microsoft mobile application management (MAM) and mobile device management (MDM) solutions help minimize this complexity by offering management capabilities both on-premises and in the cloud, all from a single console.
For more information, watch Enterprise Mobility: Mitchells & Butlers boosts service with managed mobile platform:
MANAGE DEVICES AND APPS FROM THE CLOUD
With the proliferation of mobile devices in the workplace, employees can, and do, work from just about anywhere. To stay productive, this mobile workforce demands consistent access to corporate resources and data from any location on any device. This BYOD trend has introduced significant challenges for IT administrators who want to enable enterprise mobility while ensuring that corporate resources are protected from unauthorized access.
Leveraging Microsoft Intune, you can deliver application and device management completely from the cloud, or on-premises through integration with System Center Configuration Manager, all via a single management console.
Microsoft has also incorporated manageability and data protection directly into the Intune-managed Office mobile apps to help maximize productivity while providing the flexibility to extend these same management capabilities to your existing line-of-business apps through the Intune App Wrapping Tool. You can choose to manage the Office mobile apps with or without enrolling the device for management to protect corporate information without the risk of intruding on a user’s personal life.
Intune is included in Microsoft Enterprise Mobility + Security—a cost-effective way to use enterprise mobility cloud services for all of your employees.
BENEFITS
Deliver and manage apps across a broad range of devices, including iOS, Android, Windows and Windows Phone all from a single management console
Simplify administration by deploying required apps automatically during enrollment and allowing users to easily install corporate apps from the self-service Company Portal
Help maximize productivity with the Office mobile apps your employees know and love while preventing the leakage of company data by restricting actions such as copy/cut/paste/save in your managed app ecosystem, and extend these capabilities to existing line-of-business apps
Deploy certificates, WiFi, VPN, and email profiles automatically once a device is enrolled, enabling users to seamlessly access corporate resources with the appropriate security configurations
Provide comprehensive settings management for mobile devices, including remote actions such as passcode reset, device lock, and data encryption
Remove corporate data and applications when a device is unenrolled, noncompliant, lost, stolen, or retired from use
Extend your System Center Configuration Manager infrastructure through integration with Microsoft Intune to provide a consistent management experience across devices located on-premises and in the cloud
For more information, watch the mobile device and application management overview video below:
Microsoft Intune: Mobile Device and Application Management Overview
Configure automatic Microsoft Intune enrollment of Windows 10 devices when joining Azure Active Directory
If your company is evaluating Windows 10, which I assume they are, one of the new features with Windows 10 is that you can have your end users to join their off-the-shelf purchased Windows 10 PC to Azure Active Directory. With this feature, users simply just have to know their email and password to get started. For IT departments, they’re able to configure their Azure Active Directory subscription for automatic enrollment of AAD-joined devices with Microsoft Intune. To me, this capability is simply just brilliant. End-users are now able to simply just log on, get all their settings and apps and automatically be managed by the IT department.
In this post I intend to outline the steps required to setup the Azure subscription with Azure Active Directory for automatic Microsoft Intune enrollment.
Requirements
In order to enable your Azure Active Directory subscription, you’ll need to have purchased Azure Active Directory Premium licenses (or setup a trial for 30-days). As well for the premium licenses, you’ll of course also need a Microsoft Intune tenant. In order to setup a demo environment for the purpose of demonstrating this feature, I’ve performed the following steps:
•Registered a Microsoft Intune tenant by signing up for a 30-day trial
•Signed up for Azure with the tenant created for Microsoft Intune
•Added a 30-day trial of Azure Active Directory Premium
•Assigned an Azure Active Directory Premium license to my Global Administrator account (this is required to be able to configure the Microsoft Intune app through the Azure portal)
At this point, I’ve created a few test users and an All Users group in the Azure Active Directory. This group comes in handy at a later stage when we’re about to configure the Microsoft Intune application through the Azure portal.
It’s also worth mentioning that every user that’s gonna have their Azure Active Directory joined devices automatically enrolled into Microsoft Intune, needs to have an Azure Active Directory Premium license assigned.