Conditional Access for Office 365
Azure Active Directory Conditional Access has been around since 2016. Conditional Access governs...
Intune was born as Microsoft’s Cloud based Mobile Device Management platform. Since then, it has grown into a management platform for both mobile devices and P.C.s. Intune can now manage iPhone, Android, Windows Phone, and some versions of Windows. It’s clear that Microsoft intends to grow Intune into a complete cloud-based device management platform.
The process of planning for an Intune roll out can be difficult. The features and functionality within Intune are ever evolving, so knowing how to deploy Intune effectively takes some studying. In this blog post, we’ll provide an introduction into Intune's current capabilities. We will test out what Intune can do to make your data more secure in a “Cloud First, Mobile First” world.
The acronyms seem nearly endless, don’t they? Mobile Device Management (MDM), Enterprise Mobility Management (EMM), and Mobile Application Management (MAM) are three of the more popular acronyms you’ll see describing what Intune is. Each describes some of the functionality available within Intune, and I see them all used in this space. Whatever the acronym we use, there are three main areas of functionality that Intune currently provides.
Intune is design around the idea that an organization’s workforce needs access to company data around the clock from anywhere and on any device. The modern workforce uses a lot of devices, and most of them tend to be brought from home. Intune gives organizations a way to manage those devices and how they are used to access organizational data.
It’s important to note that Intune is intentionally integrated tightly with the rest of the Enterprise Mobility + Security (EM+S) suite. You’ll quickly find that Intune licenses alone will limit your organization’s management options. I use the EM+S E5 license in my tenant. While this nearly doubles the price of an Office 365 E3 license, the features and functionality provided are impressive.
If we go back to EM+S, there are additional security features that are added from other parts of that stack. When an application is managed though other EM+S features as well as Intune you gain additional features like:
While planning your Intune deployment it’s important to understand what devices Intune can manage. Intune manages phones, tablets, and computers.
Phones/Tablets:Moving to a cloud-based IT infrastructure can be challenging for many reasons. Customers often feel like they are losing control over their organization’s data to some extent during this process. Microsoft is very focused on making the data more available to in as many ways as they can.
Adding Intune to your Microsoft cloud stack gives organization’s the ability to control end-user’s BYOD devices, and how they use those devices to access organizational data. Before you can plan your Intune deployment, you need to understand the capabilities of this product. Customers are rightfully confused by the wide range of features spread out across the EM+S stack, so it’s worthwhile to make sure you understand what you’re getting with the licenses you purchase.
Nathan is a five time former Microsoft MVP and he specializes in Exchange, Microsoft 365, Active Directory, and cloud identity and security.
Azure Active Directory Conditional Access has been around since 2016. Conditional Access governs...
The security perimeter has changed dramatically over the last 5 years. The landscape has gone from...