What is Microsoft Intune
Intune enables organizations to manage and secure their employees’ devices, applications, and data Device like desktop computers, laptops, smartphones, or tablets
Key features and capabilities
Mobile Device Management (MDM)
Mobile Application Management
Endpoint Security
Device and App Configuration
Conditional Access
Endpoint Security
Reporting and Analytic
License Support
Microsoft 365 E3 ,Microsoft 365 E5 ,Microsoft 365 F1 ,Microsoft 365 F3 ,Microsoft 365 A3,A5 (Education Only), Microsoft Business Premium, Enterprise Mobility + Security E3,Enterprise Mobility + Security E5 , Add on Microsoft Intune Plan 1 , Microsoft Intune Plan 2
Role
Cloud Device Administrator ,Intune Administrator ,Windows 365 Administrator
Basic Steps Device Intune Enrollment
Create a device group
Create a user group
Allow users to join devices to Microsoft Entra ID
Configuring Entra ID MDM/WIP scopes
Allow users to join devices to Microsoft Entra ID (Entra admin > Device > device Setting )
Users may join devices to Microsoft Entra
All – all user can join
Selected – selected user or Group
None – no one
Require Multifactor Authentication to register or join devices with Microsoft Entra
No if you use a Conditional Access policy to require multifactor authentication
Manage Additional local administrators on Microsoft Entra joined devices
Select the users who are granted local administrator rights on a device These users are added to the Device Administrators role in Microsoft Entra ID
Enable Microsoft Entra Local Administrator Password Solution(LAPS)
Management of local account passwords on Windows devices
Restrict non-admin users from recovering the BitLocker key(s) for their owned devices
Admins can block self-service BitLocker key access to the registered owner of the device
Configuring Entra ID MDM/WIP scopes (Entra admin >Settings > Mobility > Microsoft Intune)
MDM (Mobile Device Management) and WIP (Windows Information Protection) set of policies and configurations in Microsoft Entra that allow organizations to control and manage how devices and applications access corporate resources
MDM Scope:
Device-level policies and settings
Organizations can manage the entire device, including device settings, apps, and data. This scope allows organizations to enforce device compliance, deploy device configurations, manage apps, and control access to corporate resources
WIP Scope:
Data protection feature that helps prevent accidental data leakage by separating personal and corporate data
Previous Article