Intune Notes

From Max's Wiki
Jump to navigation Jump to search

Notes

Books: Enterprise Mobility with App Management, Office 365, and Threat Mitigation: Beyond BYOD - https://www.microsoftpressstore.com/store/enterprise-mobility-with-app-management-office-365-9781509301331 Useful Links: Cloud Platform Roadmap - https://www.microsoft.com/en-us/cloud-platform/roadmap - Project Honolulu: https://docs.microsoft.com/en-us/windows-server/manage/honolulu/honolulu Azure AD - https://www.microsoft.com/en-us/cloud-platform/azure-active-directory Azure Cloud Identity and Access Management Map - https://azure.microsoft.com/en-us/resources/infographics/cloud-identity-and-access/ Microsoft 365 Resources - https://fasttrack.microsoft.com/microsoft365/resources?view=ems portal.manage.microsoft.com https://www.microsoft.com/en-us/cloud-platform/microsoft-intune-pricing https://testdrive-fido.azurewebsites.net/ https://docs.microsoft.com/en-us/windows/wsl/about https://www.microsoft.com/en-us/cloud-platform/azure-active-directory-pricing https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis https://azure.microsoft.com/en-us/services/expressroute/ myapps.microsoft.com Azure Updates: https://azure.microsoft.com/en-us/updates/ EMS Blog: https://cloudblogs.microsoft.com/enterprisemobility/ https://blogs.msdn.microsoft.com/powershell/2018/01/10/powershell-core-6-0-generally-available-ga-and-supported/ Things to note: Intune Roles: https://docs.microsoft.com/en-us/intune/groups-add Teamviewer: https://docs.microsoft.com/en-us/intune/device-profile-android-teamviewer Company Portal: https://docs.microsoft.com/en-us/intune/company-portal-app RBAC: https://docs.microsoft.com/en-us/intune/role-based-access-control AD Dynamic Memberships: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-groups-dynamic-membership-azure-portal Managing Devices in Azure Portal: https://docs.microsoft.com/en-us/azure/active-directory/device-management-azure-portal


Azure

  • Intune - Cloud Based -> EMM (Enterprise Mobility Management) Space
    • Mobile Devices & Apps
    • Protects Company Info
    • Ensures Devices & Apps are compliant

In a nutshell:

  1. Protect your on-premises email and data so that it can be accessed by mobile devices
  2. Protect your Office 365 mail and data so that it can be safely accessed by mobile devices
  3. Issue corporate-owned phones to your workforce
  4. Offer a bring-your-own-device (BYOD) or personal device program to all employees
  5. Enable your employees to securely access Office 365 from an unmanaged public kiosk
  6. Issue limited-use shared tablets to your task workers

How does it work?

Map here: https://docs.microsoft.com/en-us/intune/media/intunearchitecture.svg

  • Intune = component of EMS (Enterprise Mobility & Security) that manages mobile devices and apps. Integrates with Azure AD. With O365, you can enable users to be productive on any device, and keeping the organization's information protected.

Intune device management explained

  • Enrolling devices into management so your IT department has an inventory of devices that are accessing corporate services
  • Configuring devices to ensure they meet company security and health standards
  • Providing certificates and Wi-Fi/VPN profiles to access corporate services
  • Reporting on and measuring device compliance to corporate standards
  • Removing corporate data from managed devices

Intune app management explained

  • Assigning mobile apps to employees
  • Configuring apps with standard settings that are used when the app runs
  • Controlling how corporate data is used and shared in mobile apps
  • Removing corporate data from mobile apps
  • Updating apps
  • Reporting on mobile app inventory
  • Tracking mobile app usage

Managing Mobile Apps Explained Map = https://docs.microsoft.com/en-us/intune/media/managing-mobile-apps.png

Managing PCs and Devices with Microsoft Intune

  • MDM & PC management features
  • Intune
  • Enrollment & the company portal
  • Manage mobile devices and PCs

Portal Overview 12/21/17

Main

  • Overview
    • A look over device statuses, device assignments errors, app installation failures, and Quick tasks
  • Quick Start
    • A top level overview of commonly used tasks/details

Manage

  • Device enrollment
    • Enroll devices
  • Device compliance
    • N/A at this time (Not loading)
  • Device configuration
    • N/A at this time (Not loading)
  • Devices
    • Device overview, manage, monitor, and connect with TeamViewer
  • Mobile Apps
    • Manage, Setup, and Monitor apps
  • eBooks
    • Manage, Monitor, and setup eBooks
  • Conditional Access
    • The ability to enforce access requirements when specific conditions occur (Poolcies, Exchange ActiveSync, and Logs)
  • On-premises access
    • Manage, monitor, and setup Exchange the ActiveSync connector
  • Users and Groups
    • Manage, and monitor users, and user groups
  • Intune roles
    • View and manager user roles
  • Software updates
    • Manage and monitor updates for devices

Help and Support

  • Help and Support
    • Troubleshoot a user/device and Get help and support

Three Management Pillars

  • MAM = Mobile Application Management and security
  • MDM = Mobile Device Management and security
  • PC Management = Windows desktops, laptops, tablets and other devices

The Life of a Managed Device:

Enrollment, Configuration, Protection, and Retirement

Managing users for Intune

  • O365 Portal
  • Intune Admin Portal
  • Azure AD Portal
  • Powershell

User Deletion

How to troubleshoot deleted user accounts in Office 365, Azure, and Intune

Object deletions aren't synchronized to Azure AD when using the Azure Active Directory Sync tool

User Roles

Role-based administration control (RBAC) with Intune

Creating Groups for Intune

Parent Groups

  • All groups have a parent
  • Cannot change the parent
  • Deleting the parent deletes the children
  • Parent membership restricts child membership
  • New member added to child group is also added to parent group
  • Unless there's explicit exclusion defined on the parent

Membership types:

  • Assigned to create group with manually assigned members.
  • Dynamic User to create a user group defined with a Dynamic query.
  • Dynamic Device to create a device group defined with a Dynamic query.

Built-In Groups:

  • All Users
  • All Devices

What are Intune Policies

XML Files pushed down from the cloud to the device.

Types of Intune Policies:

  1. Configuration
  2. Compliance
  3. Conditional access
  4. Enrollment
  5. Exchange ActiveSync

Configuration

  1. Main Policies (Platform Specific Features, Functional, Application, Security, Customization)
    1. Also includes RAS (Resource Access Profiles) Wi-Fi, VPN, E-mail, Certificates (Used to secure RAS)

Configuration Policy Templates

  • Android
  • iOS
  • Mac OSX
  • Windows
  • Software
  • Computer Management
  • Common Mobile Device Settings

Please note that Microsoft extends these templates with custom configuration templates and they support the OMA Protocol (Open Mobile Alliance)

Compliance

  • Looks for Device security requires on the device such as:
    • PIN NUmber
    • Device Encryption
    • Rule that doesn't allow Jailbroken devices

Conditional access

  • Control access based on device's complaint state or non-compliant state (Allow or disallow access)
  • Prevent devices who are out of compliant from accessing services like E-mail, Skype, or SharePoint
    • Often works in conjunction with compliance policies

Example:

  • Mnaged by Intune or domain-joined?
  • Target of conditional access policy?
  • Compliant device? (If managed by Intune)

=

Yes

You now have access to Cloud services (Skype, SharePoint, Exchange, O365)

Enrollment

Exchange ActiveSync

Retrieved from "http://manaiakalani.info/wiki/index.php?title=Intune_Notes&oldid=10140"