- Microsoft Graph: A single (PowerShell) API for Microsoft’s cloud services - Tue, Aug 23 2022
- Exchange impersonation: Grant permissions to service accounts - Mon, Aug 8 2022
- Send Microsoft Teams meeting invitations in multiple languages - Thu, Jul 21 2022
The cloud service for managing client systems went online under the name Windows Intune in 2011. During this time, it not only received numerous new features but also acquired the new name Microsoft Intune. This aims to show that Intune supports other platforms in addition to Windows.
MDM features also available for Office 365
Microsoft calls it one of the tools for "modern management." It encompasses the concept of mobile device management (MDM) for every device type, including PCs running Windows 10.
The functions for MDM are not only available via the standalone version of Intune but also are in some Office 365 subscriptions. However, the latter do not offer all features; for example, support for mobile application management (MAM) is missing.
Comparison of features between MDM in Office 365 and standalone Intune. Source Microsoft
You can find a comparison of the available functions on this Microsoft support page.
End of hybrid mode with SCCM
Intune is not yet a fully fledged replacement for System Center Configuration Manager (SCCM), but it is catching up to the on-prem tool. Since the end of last year, for example, this cloud tool can distribute all Win32 applications. However, it is not able to deploy images of Windows 10; hence an additional cloud service called Autopilot serves for performing this task.
Intune can distribute Win32 applications not just as MSI packages
The reduced dependence on the Configuration Manager is also evident from the fact that in September 2019, they'll discontinue the hybrid MDM mode, in which SCCM played the leading role.
Some of Intune's most important functions are:
- Hardware and software inventory
- Patch management
- Software distribution
- Malware protection (endpoint protection)
- MDM for iOS, Android, and Windows Phone
- Helpdesk support through remote control
- Security policies, such as for firewall settings
Registering a test account
Microsoft offers a free 30-day trial for Intune that includes a license for 25 users. The following instructions show how to log in to the service and register users.
The first step is to go to the Intune registration page and enter some personal information such as name, email address, and company.
First registration page for Microsoft Intune
If you are already using Office 365, simply log in here and continue creating users as described below.
On the next page, you create a user ID and define the password. If you do not want Microsoft to contact you, you can leave the box to allow marketing activities empty.
Creating a user ID for Intune
After that, you have to verify via SMS or a phone call that you are not a robot. To conclude, a page appears that displays the newly generated user ID and contains a link to the Office portal.
Completion of Intune registration
Creating a user
As mentioned above, the test account contains licenses for 25 users. To create the latter, follow the link from the last registration page or go directly to https://portal.office.com. There you will find a tile for user administration on the start page.
User administration in the admin portal of Microsoft 365
In the first step, you enter a name and define a username. You can create a password yourself or have it generate one automatically.
Creating a new user in the Office portal
The following page lets you assign the user one license out of the pool of 25.
Assigning an Intune license to a new user
In the following step, you define the user role for the account and enter profile information similar to that of Active Directory (department, address, telephone, etc.).
Defining the user role for the new account
Finally, you will receive a summary of the data entered, and you can complete the process if everything is in order.
Management via the Azure portal
As shown, user management typically occurs via the Office portal. In the background, it requires Azure Active Directory (AAD). It is therefore also possible to manage accounts directly via AAD. If you acquire Intune via the Enterprise Mobility + Security suite, it includes licenses for AAD Premium and Azure Rights Management.
For actual device administration, you use the Intune console in the Azure portal under All Services > Intune.
In a new environment, an orange bar indicates you haven't enabled device management yet.
The first time you open the Intune console, you get a warning that you haven't enabled device management yet
If you follow this link to register the first device, you have to make another decision about the usage mode of Intune, namely the MDM authority.
Setting the MDM authority in the Intune console
Here you will most likely choose Intune because "Configuration Manager MDM Authority" activates the deprecated hybrid mode. However, if you select "None," MDM will not be available as an option.
This completes the setup and basic configuration for the time being. It is now possible to start creating policies and distributing software or updates.
Expiration of test phase
Microsoft periodically sends out status emails about the test setup and its progress. After the trial period is over, Microsoft usually keeps the configuration data for a few more days.
Subscribe to 4sysops newsletter!
If you would like to continue using Intune after this period, it is advisable to book a subscription before the end of the test period to avoid data loss.
