Enable Your Workforce to Be Productive While Keeping Your Corporate Data Protected
Intune, a cloud-based service in the enterprise mobility management (EMM), is a component of Enterprise Mobility + Security Suite (EMS). It manages an organization’s mobile devices, their applications and the identity profiles found on them. By integrating with the other components of EMS, such as Azure Active Directory (Azure AD) and Azure Information Protection (AIP), your organization’s workforce can be more productive on all their devices while keeping their information protected.
How can Intune help?
- Manages the mobile devices your workforce uses to access company data
- Enable you to offer a secure bring-your-own-device (BYOD) or personal device program to all employees
- Manages the mobile apps your workforce uses
- Protects your company’s information by helping to control the way your workforce accesses and shares it
- Ensures devices and apps are compliant with company security requirements
Intune Architecture
What Intune Offers
Click on each tab to get more details.
Device Management
Intune device management works by using the protocols or APIs (application program interface) that are available in the mobile operating systems. Intune integrates with Azure AD to enable a broad set of access control scenarios.
For example, you can require a mobile device to be compliant with corporate standards that you define within Intune before the device can access a corporate service like Office 365. Likewise, you can further secure a corporate service like Exchange by restricting app access on the mobile device to corporate approved apps like Outlook Mobile.
Mobile Application Management
Mobile Application Management (MAM) policies to applications is built into Microsoft Intune, so from the time devices are enrolled, once deployed, MAM policies will begin to flow to enabled applications such as Microsoft Office apps.
Intune’s Mobile Application Management features allow your organization to:
- Assign mobile apps to employees
- Configure apps with standard settings that are used when the app runs
- Control how corporate data is used and shared within mobile apps, i.e. limiting the ability to paste corporate content into a personal Box or Dropbox account
- Update apps
- Report on mobile app inventory
- Tracking mobile app usage
Data Security
Intune provides app security as a part of app management and safeguards your data by:
- Keeping personal information isolated from corporate IT awareness
- Restricting the actions users can take with corporate information such as copy, cut/paste, save, and view
- Removing corporate data from users’ devices when they retire the device or leave the organization - also known as selective wipe or corporate wipe
EMS + Intune Integration
When using Intune with the other EMS services, your organization’s mobile app security will be above and beyond what is provided by the mobile operating system and the mobile apps themselves. An app that is managed with EMS has access to a broader set of mobile app and data protection capabilities that includes:
- Single sign-on
- Multi-factor authentication / Conditional access
- App conditional access - allow access if the mobile app contains corporate data
- Isolating corporate data from personal data inside the same app
- App protection policy (PIN, encryption, save-as, clipboard, etc.)
- Corporate data wipe from a mobile app
- Information Protection (Rights Management) support
Additional Resources
> Article | Device Management: Comparing System Center Configuration Manager vs. Intune vs. Hybrid
> Article | Microsoft Intune - Cloud-based Mobility Management
> Quick Reference Guide | Intune Features in Azure
> Microsoft Whitepaper | Protect Your Data at The Front Door with Conditional Access