Picture this: an employee sends you a frantic email at the end of your day. They took the bus home from the office and left their work laptop on the seat beside them when they got off at their stop. Now the device is nowhere to be found, and you have no way of knowing whether company information on that device has been breached. Are you panicking? If the device is enrolled in Microsoft Intune for the organization and you have a managed device policy, you won’t need to.
Microsoft Intune provides a method of managing and securing both your organization and personally owned devices. Users “enroll” their devices in Intune, which enables you to ensure the device adheres to your organizational rules and policies. You can also use Intune to wipe devices that have been lost, stolen, or otherwise compromised. No panic needed!
In this blog, we will outline how to set up Intune and a managed device policy at your organization.
What is Microsoft Intune?
Microsoft Intune is a service that allows you to manage organization and personally owned devices that access your business resources. You can apply policies on these devices to ensure that your team is using authentication. For example, you can guarantee authentication is used when accessing your company Teams environment, even if that access is happening on a personal device. Intune integrates with other security services in Microsoft 365, including Azure Active Directory and Azure Information Protection. This way, you can determine who has access to what content in your organizational environment.
Adding Devices to Microsoft Intune
To add devices to Microsoft Intune, follow these steps:
- Go to https://endpoint.microsoft.com
The Endpoint Manager Admin Centre is where you will find all device-management related settings.
- Select Devices, then All Devices
Devices will list all your current devices in the organization.
- Select Windows enrollment, then Automatic enrollment.
Automate enrollment enables an easy, single step process for end users to enroll their device in Microsoft Intune.
- Configure
Configure the device to automatically enroll in Microsoft Intune when a user logs into the device with their work account. This step requires that the user scope is configured. We use security groups with designated users to set the user scope; otherwise, it is set to all users by default.
Note that you can only configure devices where the user is licensed for Intune and the device is registered or joined to Azure.
Performing Actions on a Managed Device
Once a device has been added to Microsoft Intune, you can perform actions on the device, such as restarting it or wiping its content, by following these steps:
- Go to https://endpoint.microsoft.com
The Endpoint Manager Admin Centre is where you’ll find all device-management related settings.
- Select Devices, then All Devices
Devices will list all your current devices in the organization.
- Click on the device in question
Select the user’s device from the list (you’ll need to know the device name to proceed).
- Select an action from the toolbar at the top of the screen.
Retire will remove the device from Intune and remove data, settings, and profiles that have been associated with the machine. However, it will leave personal data on the device.
Wipe will remove all user accounts, data, policies, and other settings that the user has configured on the device (factory reset).
Delete will remove the device from the Intune portal.
Reset passcode will reset the passcode for accessing the device.
Restart will restart the device.
Remote lock will lock the device.
Reviewing a Managed Device
Once you have selected a device from the Admin Centre, you can view information about that device by selecting one of the options under Monitor:
- Hardware – view information about the device itself, including operating system.
- Discovered apps – view applications installed on the device.
- Device compliance – view compliance policies for the device.
- Device configuration – view configuration policies for the device.
- App configuration – view app configuration policies for the device.
Implementing Security Best Practices
If your organization is using Microsoft 365, managed devices through Microsoft Intune is just one of the security best practices that we recommend implementing to protect your company data. Others include:
- Multifactor authentication
- Guest access controls
- Security training for end users
- Microsoft Defender
- And more!
If you’re looking to improve your organization’s security best practices or set up a managed device policy, get in touch with us. We can help protect your end users and resources with Microsoft 365!