What Is Microsoft Intune? (Microsoft Endpoint Manager)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so i want to spend a little bit of time talking about what is microsoft intune i think simply put microsoft intune is a cloud-based solution that allows you to ensure that your employees can use any device that they know and love from their mobile devices from ios to android or on their computer from windows to mac and then still have access to all the applications and the company data that they need to be able to do their day-to-day work and then from the other side of the house from it for example how do we then ensure all that devices and all the company data is secured and protected and then with microsoft intune we want to ensure that you can manage these devices an approach that makes sense for you so for example a company owned device you're probably going to want to ensure that that is enrolled and then you can can fully control it from the settings to the features to the security configurations for example deploying vpns or applications or setting passwords and pins on that device but then when we think about a personal device often most people don't want a company administrator to have full access to their device so you know they could enroll but also we could just say that they have access to their email or microsoft teams and we're just going to protect that application so with that that brings us into a little bit of terminology that i want to talk about so with microsoft intune we have mobile device management or mdm and then we have mobile application management or mam so with that let's just double click into these and talk a little bit more about them so firstly let's talk about mobile device management and with mobile device management it really allows you as you're taking kind of full access of a device to look after the complete life cycle but what do we really mean by that well imagine you've just purchased a new iphone for a user so before we can do anything on that device when it comes to managing it we first need to enroll the device into the microsoft intune service and we're not going to talk about all the different enrollment types here but just know firstly the device needs to be enrolled and now at this point we can configure it to meet our organization's needs so for example we can deploy an email profile we could deploy certificates maybe that's needed for wi-fi for example or we can deploy mandatory applications like microsoft teams or different security tools that you might have so once we've got the device configured and set up the way that it's going to be productive for the user now we need to make sure that we can protect that device so we're going to ensure that the device meets all your security and compliance standards so for example you might want to put a pin on the device so every time somebody tries to get access to it they have to put a pin in in case they lose the device for example but also we want to make sure that we can report on things like compliance and protect our environment from for example if this iphone happened to be jailbroken we don't want it to be seeing any of our company data so once you've protected all your corporate data and so on and the device now and the last stage is support there's one part of it so how do we if somebody has an issue with device how do we remote support it but also on the other side is how do we retire the device so maybe this device is now a warranty and we don't need it anymore how would we go ahead and wipe it do we need to wipe all the data or select amount of data like just all the data in the applications or if somebody's lost the device they're on the train and suddenly they've forgotten their device and they've got out well we don't want anyone to have access to anything on that so we want to ensure that we can remotely wipe that device and protect it so as you can see we're really going through the full life cycle of that device from when we've purchased it to enroll it all the way through to when that device is no longer in service so that's mobile device management and then we come onto mobile application management and this is somewhat probably what you expect it allows us to publish and push and configure and protect applications on a device but the other side which i think is really interesting is actually how do we protect applications and the data within them so as part of our mobile application management there's a couple of ways that you can actually protect a device and one of those is using conditional access so we can secure on who has access and how they can access applications for example if they're not coming from a compliant device or an enrolled device for example then we don't want to have access to our corporate data so that's one part of it but the other side of it is using app protection policies and i've made a whole video about this and i'll put the link in the description if you're interested but this allows you to then protect the application and what happens with that data so for example if you have an email that's in outlook on your on your mobile phone well you want to probably be able to move some of that data to other office applications but you wouldn't want to be able to move that corporate information into gmail or the notes application on your iphone so with app protection policies we can control what users can do with the data within these applications and we can have a set other security boundaries like needing a pin and things like that so mobile application management allows you to really configure the full life cycle of your applications and then really allow you to be flexible with different protection policies as well the next thing i want to show is a high-level reference architecture for microsoft intune and this is we're looking at just from the microsoft documentation they've done a great job of putting this together so when we look at this at the top we've got all of our cloud-based applications and then we have the device and the web console at the bottom but let's just spend a little bit of time talking a little bit deeper into this so on the right hand side at the top here we have azure active directory and this really allows us to do all of our authentication and authorization and that can be from our device whether it's office 365 applications so for example outlook teams onedrive so on and so forth or cloud-based applications that your company uses and your users need to access the other thing we can do in azure active directory is make use of conditional access policies but what's really neat with microsoft intune is we can create what we call device compliance policies so we can put things for like what's a minimum version of ios is this device jailbroken is the device deemed to have a low threat protection score and so on and so forth but then what we can do with conditional access policies is based on the compliance of that device so if it comes back as non-compliant we can now block it to have access to different resources within our organization so a really great integration there as well and then when we come across the microsoft intune this gets to the bits we've already been talking about so it allows you to configure your devices it allows us to protect data so the applications and all the data on our devices and then it allows us to manage applications as we've seen earlier with our application life cycle and then in the middle we've got all our different connectors and we're not going to spend too much time on that but that's things like mobile fret telecom so on and so forth and then at the bottom we have our device which is connecting to all these different pieces and on the left hand side really we're showing that and as we talked about at the beginning that microsoft intune is a cloud-based service and therefore from an administration point of view we pretty much do all of our work in the web console and that does connect through what we call graph api and we're not going to talk about too much of that today but this allows us to do some really interesting things as well from a programmatic point of view so that's the high level architecture design of microsoft intune the next thing i want to spend a little bit of time talking about is microsoft intune is actually part of what we call microsoft endpoint manager so what microsoft endpoint manager is is really a way for us to be able to bring all these fantastic microsoft endpoint management tools and combine services together so for example from microsoft intune that we've already been talking about to configuration manager which you may already have investments in and be using it within your environment but then also things like desktop analytics endpoint analytics to autopilot and the security tooling so with microsoft endpoint manager you can really make use of these tools in ways that make sense for your organization where you are today and then also plan for the future so for example you can make use of maybe configuration manager that you're running on premises and you might be doing device management there but you then can bring that into the microsoft endpoint manager to make use of things like desktop analytics to really start understanding your environment or you might want to be able to move workloads from configuration manager to microsoft intune for example you might want to just do your windows updates in microsoft intune instead of configuration manager so this is really a fantastic combination of these endpoint tools and this is really just simplified naming conventions and how we think about some of the licensing as well so just worth knowing that microsoft intune squarely fits within the microsoft endpoint manager so lastly then when we come to microsoft intune let's just take a second just to look at the licensing of the platform you can get this in many different ways so as you could either be in the microsoft 365 suite so e3 e5 for example or some frontline workers here as well you can also get it in education government or part of the enterprise mobility plus security suites e3 and e5 and lastly here you could also get it as part of the microsoft 365 business premium well that's all i wanted to share today on an overview of microsoft intune i think this is a fantastic mobile device and application management platform and really can give great business benefits when you start looking at that full microsoft endpoint management suite but for now if you have any questions or anything you need guidance on let me know in the comments and if you've enjoyed this make sure you subscribe and we'll see you next week for another video

Info

Channel: Harry Lowton

Views: 18,723

Rating: 4.9643917 out of 5

Keywords: intune, intune training, intune microsoft, Microsoft intune, intune tutorial for beginners, what is intune, microsoft endpoint manager, microsoft endpoint manager overview, microsoft intune tutorial, intune mdm, microsoft intune for beginners, microsoft intune mobile device management, microsoft intune application deployment, what is intune and how it works, intune training series, Sc-900, Ms-900

Id: ildHLspps7M

Channel Id: undefined

Length: 11min 12sec (672 seconds)

Published: Fri May 21 2021