Magazine

Intune is a mobile device management (MDM) and mobile application management (MAM) platform that allows businesses to manage mobile devices, applications, and the associated data.

➡️ With this service, it is possible to define security and compliance policies for devices, protect business data on devices (both corporate and personal), and also distribute and manage company applications.

Here are some key features of Intune:

• Mobile Device Management (MDM): allows you to manage and secure the company’s mobile devices, such as smartphones and tablets. You can configure security policies, deploy applications, and track devices.
• Mobile Application Management (MAM): enables you to manage business apps on your company’s mobile devices. You can deploy internal apps and control access to your business data on these apps.
• Security: Intune offers many security features, such as malware protection, password management, and multifactor authentication.
• Tracking and Reporting: allows you to track the usage of your company’s devices and applications and generate reports on their usage. Different systems are supported: Windows, iOS, macOS, and Android.

Practical Case: Creating a Compliance Strategy

The admin console is available at this address https://endpoint.microsoft.com/

In this practical case, we will see how to create a compliance strategy for a device.

Log in to the admin console, then go to Endpoint Security > Device Compliance > Policy

In the screenshot below, we can see that strategies already exist and are applied to devices running Windows 10 and 11.

To create a strategy:

• Click on Create a policy

Then choose which OS the strategy will apply to:

Name your strategy and, if desired, add a description:

Configure the strategy according to your needs, here we choose a minimum OS version required for the device.

Then, choose the actions to be taken for devices that are not up to date.

The group used is a dynamic group. Devices are automatically added to it during enrollment in Azure AD if, and only if, they are recognized as company-owned devices.