Why do I need Intune? 

Microsoft Intune is a cloud-based endpoint management solution that can manage multiple devices across multiple platforms. 

The average business user uses several devices to consume corporate applications and data that must be controlled and managed. Those devices could be combinations, including personal & corporate devices, iPads, iPhones, Windows, MacOS, and multiple varieties.  

Without Intune, there is no way to manage and track those devices centrally.  The devices would have to be independently operated using their relevant management consoles, which adds time and complexity.  

Intune allows you to centrally manage compliance and reporting that support a zero-security trust model. Using Intune you can apply policies across all your devices that enforce compliance and security, regardless of the device type.  

What are the typical use cases for Microsoft Intune?  

Intune is like the Swiss army knife of the IT World; it has many functions.  Some of the most valuable and popular features are: 

Centralized Device Management and Control  

Intune provides a central web-based console where we can manage and control our devices. Using Intune, we can configure compliance policies where the devices must meet a minimum-security standard before accessing the corporate network, data, or applications. 

Application Management and Deployment 

Intune is commonly used to deploy applications to multiple device types. Intune can push applications out to Android, iPhone/iPad/macOS Devices, and Windows Devices. 

Secure Corporate and Personal Devices 

Using Intune, we can create policies that control the device’s features like security rules and configuration settings. Historically we have controlled these on corporate devices using features like Group Policies, but for Azure AD, we need to use Intune to achieve the same functionality.  

Compliance and Security 

Intune integrates with other Microsoft security solutions, such as Azure Active Directory (Azure AD) and Microsoft Defender for Endpoint, to provide comprehensive security and compliance management. Thus, organizations can monitor and manage devices, detect threats, and respond to incidents efficiently. 

Remote Work Support 

Intune facilitates remote work by enabling secure access to corporate resources from any device, regardless of location or type of device. This is particularly important as remote and hybrid work models become increasingly common.  

What are the current challenges when using Intune today, and what could mitigate those challenges for IT admins and MSPs?  

Intune was initially designed for MDM (mobile device management) capabilities and has grown to support more device types and services. If the admin does not have much experience with Intune, it will likely be difficult to deploy and manage.   

RBAC Model  

Intune has an RBAC (roles based access controls) model that allows you to assign permissions to users and groups based on their organizational roles and responsibilities. RBAC in Intune is based on Azure AD and will enable you to create accustomed roles and assign them to specific users and groups.  

With Intune RBAC, you can control access to Intune features and data, such as device management, app management, compliance policies, and more. We recommend creating custom roles within Intune and mapping them only to the relevant Azure AD groups to provide admins with access only to what they need.

Complexity of Operations  

Intune has many features and can become very complex very quickly. Intune management can become challenging. Managing device configurations, policies, and updates for many devices can be time-consuming and require significant planning.

It is recommended to carefully plan your production operations and try to automate as much as possible. Intune has a unified console that can simply device management and reduce complexity.  

Console Complexity 

The Intune console can be very complex and daunting for new Intune admins. There are many features in the console which admins may never use and therefore appears more complicated than it initially seems.   

The complexity of the console can be managed through careful planning, training, and support. It’s also advisable to manage the RBAC roles effectively, so the users only see what they need to see, which makes the console much less complex.  

Conflicting Assignments 

Intune can do many things, including deploying software, configuring devices, protecting data, etc.  Due to the high number of configurable settings, if you have a large environment, you will run the risk of conflicting assignments between devices and users.   

To mitigate this risk, we recommend controlling access to assignments by using well-structured and identifiable Azure AD Groups. Enabling you to quickly identify relevant settings that are being applied.

Conclusion

In conclusion, businesses require Microsoft Intune for centralized device management, application deployment, and secure corporate and personal device management. Without Intune, managing and tracking multiple devices across different platforms would be complex and time-consuming. However, Intune’s many features can also pose challenges for IT admins and MSPs, such as console complexity, and conflicting assignments. Mitigating these challenges requires careful planning, RBAC management, and automation.