Ms Intune

Posted : admin On 1/3/2022

The Microsoft Evaluation Center brings you full-featured Microsoft product evaluation software available for download or trial on Microsoft Azure. Intune + Microsoft 365 Education. Get everything you need to set up, configure, and manage your Windows 10 devices with Intune, included in every Microsoft 365 Education device license. Collaboration and tools for teaching. By Jon Lynn – Sr. Service Engineer Microsoft Endpoint Manager – Intune In our 2102 (February) Microsoft Intune service release we are enabling a public preview of the Windows 10 Device diagnostics feature. We’ve listened to your feedback and understand that troubleshooting, especially with the. A Microsoft volume licensing agreement or other Microsoft cloud services subscription like Microsoft 365 usually includes a work or school account. If you already have a work or school account, sign in with that account and add Intune to your subscription. Otherwise, you can sign up for a new account to use Intune for your organization.

-->

This topic tells system administrators how you can sign up for an Intune account.

Before you sign up for Intune, determine whether you already have a Microsoft Online Services account, Enterprise Agreement, or equivalent volume licensing agreement. A Microsoft volume licensing agreement or other Microsoft cloud services subscription like Microsoft 365 usually includes a work or school account.

If you already have a work or school account, sign in with that account and add Intune to your subscription. Otherwise, you can sign up for a new account to use Intune for your organization.

Warning

You can't combine an existing work or school account after you sign up for a new account.

Ms IntuneIntune

How to sign up for Intune

  1. Visit the Intune Sign-up page.
  1. On the Sign-up page, sign in or sign up to manage a new subscription of Intune.

Post sign up considerations

After you sign up for a new subscription, you receive an email message that contains your account information at the email address that you provided during the sign-up process. This email confirms your subscription is active.

After completing the sign-up process you are directed to the Microsoft 365 admin center, used to add users and assign them licenses. If you only have cloud-based accounts using your default onmicrosoft.com domain name, then you can go ahead and add users and assign licenses at this point. However, if you plan to use your organization's custom domain name or synchronize user account information from on-premises Active Directory, then you can close that browser window.

Sign in to Microsoft Intune

Once you have signed up for Intune, you can use any device with a supported browser to sign in to Intune to administer the service.

By default, your account must have one of the following permissions in Azure AD:

  • Global Administrator
  • Intune Service Administrator (also known as Intune Administrator)

To grant access to administer the service for users with other permissions, then See Role Based Access Control

Intune Admin portal URL

Microsoft Endpoint Manager admin center: https://endpoint.microsoft.com

Intune for Education: https://intuneeducation.portal.azure.com

URLs for Intune services provided by Microsoft 365

Microsoft 365 Business: https://portal.microsoft.com/adminportal

Intune

Microsoft 365 Mobile Device Management: https://admin.microsoft.com/adminportal/home#/MifoDevices

See also

-->

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). You control how your organization’s devices are used, including mobile phones, tablets, and laptops. You can also configure specific policies to control applications. For example, you can prevent emails from being sent to people outside your organization. Intune also allows people in your organization to use their personal devices for school or work. On personal devices, Intune helps make sure your organization data stays protected, and can isolate organization data from personal data.

Intune is part of Microsoft's Enterprise Mobility + Security (EMS) suite. Intune integrates with Azure Active Directory (Azure AD) to control who has access, and what they can access. It also integrates with Azure Information Protection for data protection. It can be used with the Microsoft 365 suite of products. For example, you can deploy Microsoft Teams, OneNote, and other Microsoft 365 apps to devices. This feature enables people in your organization to be productive on all of their devices, while keeping your organization’s information protected with policies you create.

With Intune, you can:

  • Choose to be 100% cloud with Intune, or be co-managed with Configuration Manager and Intune.
  • Set rules and configure settings on personal and organization-owned devices to access data and networks.
  • Deploy and authenticate apps on devices -- on-premises and mobile.
  • Protect your company information by controlling the way users access and share information.
  • Be sure devices and apps are compliant with your security requirements.

Manage devices

In Intune, you manage devices using an approach that's right for you. For organization-owned devices, you may want full control on the devices, including settings, features, and security. In this approach, devices and users of these devices 'enroll' in Intune. Once enrolled, they receive your rules and settings through policies configured in Intune. For example, you can set password and PIN requirements, create a VPN connection, set up threat protection, and more.

For personal devices, or bring-your-own devices (BYOD), users may not want their organization administrators to have full control. In this approach, give users options. For example, users enroll their devices if they want full access to your organization resources. Or, if these users only want access to email or Microsoft Teams, then use app protection policies that require multi-factor authentication (MFA) to use these apps.

Ms Intune License

When devices are enrolled and managed in Intune, administrators can:

  • See the devices enrolled, and get an inventory of devices accessing organization resources.
  • Configure devices so they meet your security and health standards. For example, you probably want to block jailbroken devices.
  • Push certificates to devices so users can easily access your Wi-Fi network, or use a VPN to connect to your network.
  • See reports on users and devices that are compliant, and not compliant.
  • Remove organization data if a device is lost, stolen, or not used anymore.

Online resources:

Try the interactive guide

The Manage devices with Microsoft Endpoint Manager interactive guide steps you through the Microsoft Endpoint Manager admin center to show you how to manage and protect mobile and desktop applications.

Manage apps

Mobile application management (MAM) in Intune is designed to protect organization data at the application level, including custom apps and store apps. App management can be used on organization-owned devices, and personal devices.

When apps are managed in Intune, administrators can:

  • Add and assign mobile apps to user groups and devices, including users in specific groups, devices in specific groups, and more.
  • Configure apps to start or run with specific settings enabled, and update existing apps already on the device.
  • See reports on which apps are used, and track their usage.
  • Do a selective wipe by removing only organization data from apps.

Ms Intune Mdm

One way that Intune provides mobile app security is through app protection policies. App protection policies:

  • Use Azure AD identity to isolate organization data from personal data. So personal information is isolated from organizational IT awareness. Data accessed using organization credentials are given additional security protection.
  • Help secure access on personal devices by restricting actions users can take, such as copy-and-paste, save, and view.
  • Can be created and deployed on devices that are enrolled in Intune, enrolled in another MDM service, or not enrolled in any MDM service. On enrolled devices, app protection policies can add an extra layer of protection.

For example, a user signs in to a device with their organization credentials. Their organization identity allows access to data that's denied to their personal identity. As that organization data is used, app protection policies control how the data is saved and shared. When users sign in with their personal identity, those same protections aren't applied. In this way, IT has control of organization data, while end users maintain control and privacy over their personal data.

And, you can use Intune with the other services in EMS. This feature provides your organization mobile app security beyond what's included with the operating system and any apps. Apps managed with EMS have access to a broader set of mobile app and data protection features.

Compliance and conditional access

Intune integrates with Azure AD to enable a broad set of access control scenarios. For example, require mobile devices be compliant with organization standards defined in Intune before accessing network resources, such as email or SharePoint. Likewise, you can lock down services so they're only available to a specific set of mobile apps. For example, you can lock down Exchange Online so it's only accessed by Outlook or Outlook Mobile.

Online resources:

Ms Itunes

How to get Intune

Intune is available:

Ms Intune Endpoint Manager

  • As a stand-alone Azure service
  • Included with Microsoft 365 and Microsoft 365 government
  • As Mobile Device Management in Microsoft 365, which consists of some limited Intune features

Intune is used in many sectors, including government, education, kiosk or dedicated device for manufacturing and retail, and more.

Next steps

Ms Intune Login

  • Read some of the common business problems that Intune helps solve.
  • Start with a 30-day trial of Intune.
  • Plan your migration to Intune.
  • Using your free trial or subscription, step through the Quickstart: Create an email device profile for iOS.