Are You Getting the Most Out of Microsoft Intune?

Deck: To get the most from Microsoft’s powerful cloud-based endpoint management system, here are some of the best ways to leverage the Intune technology

Key Takeaways:
How do we plan the deployment of Intune?
What kinds of control can we have over all the company’s devices?
How are security and compliance issues addressed in Intune?
How can we control and protect data at the app level?

As more organizations turn to Microsoft Intune’s robust cloud-based services for managing and securing devices and applications, the challenge is how to get the most from the technology.

Intune is a cloud-based endpoint management system that controls user access to company resources and simplifies app and device management, including mobile devices, desktop computers, IoT devices, and virtual endpoints.

Read the following Intune best practices to leverage the technology and maximize your operation’s benefits. They cover everything from planning your deployment to learning the best ways to protect your company’s data.

Plan your deployment

A successful Microsoft Intune deployment or migration starts with planning. First, a thorough assessment of existing infrastructure, policies, and security requirements will help determine your objectives, which could include:

  • Access to organizational apps and email
  • Providing secure access on all devices
  • Distributing I.T. administrative control
  • Ensuring company data stays within the company

You also need to inventory your devices, both owned by the organization and the users. This inventory is necessary to formulate a device management strategy covering all your desktop computers, laptops, tablets, hand-held scanners, mobile phones, and operating systems. 

Next, you must determine the costs and licensing for the different Intune services you need. This includes the settings and features you can control on different devices. Features range from basic Intune services to advanced endpoint management and security features. 

Also, as part of planning your deployment, you’ll need to review your existing policies and infrastructure and consider network connectivity requirements for device management. Knowing what you’ve done before allows you to adapt effective strategies when moving to the cloud and change outdated or no longer applicable policies. For efficiency’s sake, you should look for services currently performed in-house that can transition to the cloud.

Finally, you need to create a rollout plan, determining how and when users and devices will receive your policies. This might also involve defining your goals and success metrics and clearly explaining your goals and objectives so all stakeholders understand why you are moving to Intune. 

Use security baseline policies

Windows 10 and Windows 11 devices come preconfigured with recommended security baselines. While these are not specific to Microsoft Intune, you can use them to help protect your devices from common threats and vulnerabilities. You can also customize each baseline you wish, only enforcing those settings and values you require for your company. 

You can also examine insights provided for many baseline settings, which may come from organizations adopting particular configurations. As a default setting, each security baseline is configured to meet the best practices and recommendations affecting security. 

Remember to regularly review and update security baseline policies to adapt to evolving threats.

Set rules with compliance policies

An Intune best practice is using compliance policies to set rules your business must follow. These might cover regulatory matters such as adherence to GDPR, HIPAA, or specific mobile device management (MDM) controls. For example, you could use Intune to encrypt the whole device or make a list of all apps. 

Compliance policies might involve:

  • Requiring a minimum operating system version
  • Use of a password or PIN that meets certain requirements as far as length and complexity
  • The threat level posed to a device as determined by the mobile threat defense software you use 

Set device configuration profiles

You can provide greater security for your organization and its data by using the configuration profiles for the different devices enrolled in Intune. For example, if an employee’s smartphone can access highly secure and sensitive data, you can restrict copy/paste functions, the ability to take screenshots and much more.

You can also wipe or unenroll a device that has been lost, stolen, or is no longer used.

When you create device configuration profiles, you have three different levels to choose from (each with its recommended Microsoft policy):

  • Minimum device configuration
  • Enhanced device configuration
  • High device configuration

Use app protection policies

Intune app protection policies help ensure that data remains safe or contained in any of the apps managed by the system. You can also control how data is accessed and shared on any of your organization’s mobile devices.

Since the app management features work at the user ID level, they can control access to sensitive data on managed and unmanaged devices. 

You can also:

  • Require a PIN to open an app when it’s being used for work
  • Control the sharing of data between different apps
  • Stop company app data from being saved to a personal storage location

Use the Company Portal app

Available for Android, iOS, macOS, and Windows mobile and desktop devices, the Microsoft Intune Company Portal app helps manage access to your internal apps, data, and resources. Employees and students can use the self-service features in the Company Portal app to reset a PIN/password, install apps, join groups, and more.

Its self-service features can help to reduce support calls to your business. With the Company Portal app, you can see all enrolled devices and also:

  • View and manage work apps
  • Store and retrieve recovery keys
  • Remotely lock, rename, and remove devices
  • Reset device passwords and factory settings

Stay up-to-date

One of the best ways to keep your organization’s data secure is to keep your devices and apps updated with the latest software versions and security patches. Intune policies help you to manage updates, including updates to store apps. They cover Windows devices, as well as:

  • Android
  • iOS/iPadOS
  • macOS
  • Personal/BYOD

Intune manages the installation of Windows 10/11 updates from Windows Update for Business. It lets you easily configure update settings and even defer an update. For stability’s sake, you might decide to defer updates of certain features from new versions of Windows while allowing the updates needed for security and quality.

We’ll help you stay in tune with Intune

Microsoft Intune can help you better manage your company network and data. It provides your employees and the devices they use the access they need to do their jobs well while giving you the controls you deem essential to protect sensitive information.

As the leading managed services and cloud services provider in Seattle, Bellevue, Renton, Kent, Auburn, Federal Way, and Kirkland, Attentus technologies managed I.T. services can provide an added level of protection. We can look after all your I.T. services—including Microsoft Intune—for a flat fee, allowing you to focus on what’s really important—running your business.

So whether you want to tune in to Intune, need help with software training and support, or anything else, contact us today to request pricing or book a meeting. We’re confident that we will become your I.T. company of choice.