By: Kumar BK, Program Architect

Today, end-user device management has become complicated with the increase of remote and BYOD devices needing access to organizational data and apps. While there are many endpoint management options available for managing workstations, PCs, and mobile devices, Microsoft Intune is one of the leading UEM (Unified Endpoint Management) solutions and has been highly rated in the Gartner Magic Quadrant for UEM solution.

The initial release of Microsoft Intune focused on MDM (Mobile Device Management); however, customers’ needs, demand for additional features, and enhancement progress have widened its capability to manage Windows 10 and Windows 11 systems as well. As more customers are adopting cloud solutions and looking for cloud-based endpoint management, Microsoft Intune has become a leading UEM solution for the modern workplace, especially because of its tight integration with Azure AD and Windows 10/11.

The Modern Way of Managing Devices from a Cloud Solution

Moving device management to the cloud has several benefits. Many organizations have already realized this and either started the journey or aim to start their high-priority digital transformations. Among all cloud-based device management solutions, Microsoft Intune stands the more attractive because of its modesty, cost effective-license strategy, and its ability for seamless integration with Microsoft cloud technologies.

How is it different from MECM (Microsoft Endpoint Configuration Manager)?

While MECM is an on-premises-based solution primarily focused on Windows PCs and workstations, Microsoft Intune is a cloud-based service that focuses on managing all popular device types and is not limited to Windows PCs and workstations. Microsoft Intune is available in different license bundles that are suitable for organizations of all sizes, from simple usage to advanced functionalities, as required by enterprise customers, which has been documented in this article: Microsoft Intune licensing.

Because of its tight integration with Azure Active Directory and Azure Information Protection, Microsoft Intune can control how an organization’s company-owned devices and personal devices (BYOD) are accessed, configured, and protected via a separate set of policies that are specifically designed for each device platform and device type.

Initially, Microsoft Intune was launched as a replacement for MECM. However, it was more of an MDM and MAM solution and didn’t have the features or configurations available in the MECM. It took many years for Microsoft to develop these functions and integrate them with Microsoft Cloud Apps and Windows 10/11 OS before making this a powerful UEM solution. Still, there are many organizations that are operating on a hybrid model using both MECM and Intune. This is an expensive model and requires more time and effort to manage the environment.

Microsoft Intune brings mobile devices, PCs, and workstations into a single management platform. It makes end-to-end device management more straightforward. By moving the device management to Microsoft Intune, the MECM infrastructure can sunset. The costs and complications associated with managing an on-premises or hybrid model can be driven out.

To further its value proposition, Microsoft Intune is well integrated with Windows 10/11 for Autopilot-driven end-to-end hardware life cycle management. A new laptop, already registered with Autopilot, can get corresponding organizational settings and policies pushed from the cloud during the provisioning process. Microsoft Intune will further push the applications targeted to the user and PC, making it an end-to-end cloud-based solution without needing on-premises IT infrastructure.

The Modern Way of Managing Devices via Microsoft Intune

The pandemic has taught us that users are more productive when they can do their work from anywhere, anytime, on any device. The rise of the remote workforce is a challenge for IT to protect and control the different device platforms, applications, and organization data on both company-owned devices and personal devices.

Microsoft Intune has evolved over a period of time to eliminate the challenges of managing a remote workforce via an on-premises-based traditional model. MDM and MAM serve two different needs – while the first one is suitable for company-owned devices, the latter works best with personal devices (BYOD). Microsoft Intune is designed with features for both needs, and all of them can be managed easily from the cloud. Each portion of the device lifecycle can be operated remotely without an administrator ever needing to touch or see a device that they are managing.

Many organizations and their end users use different makes and models of devices, notably for iOS, Android, and Windows. Microsoft Intune is compatible with all these device types. The solution can be further tailored to meet the diverse needs of departments and locations, although they are registered/enrolled into a single Microsoft Intune tenant.

Modern Way of Managing Applications with Microsoft Intune

Along with managing the devices, application management strategy is also equally important. Modern devices have the latest applications and require a novel way to manage them. Not all applications may need to be moved to Microsoft Intune, either because they are legacy and not compatible, or because there are better alternatives available as a cloud SaaS offering. Once a decision is made about what applications should be moved to Microsoft Intune, they need repackaging and conversion to a compatible format for better performance when deployed and managed via Microsoft Intune.

Although Microsoft Intune supports a variety of application types (like store or in-house applications), several considerations need to be made while adding them to Microsoft Intune. Each application needs configuration, protection, and monitoring. After the applications are added to Microsoft Intune, they are deployed and assigned to users and devices using Azure AD. The IT admin can further modify the functionality of the applications while deploying and aligning them with the organization’s security and compliance policies. Once the direction has been set for Intune, the following activities begin simultaneously:

• Identify the applications that support modernization
• Assess the right applications for conversion to the necessary formats
• Convert and repackage the applications
• Perform pilot, technical, and business verification tests
• Build the application migration plan
• Plan user communication
• Proceed with phased deployment/rollout.

Although it is a challenging and time-consuming task, it is necessary to start the journey towards modernizing the applications and moving them to a cloud management solution like Microsoft Intune. This will lessen the operating cost over a period of time and also help to strengthen the device and application security by utilizing the latest features that are available only on the SaaS model.

Summary

With the rise of the remote workforce and the demand for flexibility, cyber-crime and security violations are also on the rise. That means corporate IT needs a solid solution to address an organization’s compliance policies and security requirements.

Microsoft Intune is the go-to solution for a Modern Workplace Platform for most organizations that aim to provide their end users with a flexible workspace that is available anytime, from anywhere, and on any device. Being a service delivered from the cloud, it is evolving at a high speed with a lot of features and management capabilities introduced on a regular basis. It is a single solution for all devices – desktops, laptops, VDI, virtual machines, and mobile devices. Due to its integration with Microsoft Cloud services and given the fact that it is part of the Enterprise Mobility + Security (EMS) suite offering, the value proposition is even higher for an organization that uses Microsoft Technology Stack for the majority of workloads.

At LTIMindtree, we have led various Microsoft Intune transformation projects for many of our customers and have been their trusted partner in their cloud adoption journey – aimed at better productivity with higher security.