From the course: Career Essentials in System Administration by Microsoft and LinkedIn

Intune

From the course: Career Essentials in System Administration by Microsoft and LinkedIn

Start my 1-month free trial

Intune

- [Instructor] Let's talk about Microsoft Intune. What is Intune? It's a combination of multiple Microsoft products that are in the Azure Cloud. And Intune requires a license for each user and device, and that license needs to be renewed every 30 days. It includes the ability to do what's called mobile device management. So you can manage the devices that are connected into Intune, and that includes Android, Apple, as well as Windows 10 and 11 laptops. There's also integration with an application called Microsoft Configuration Manager. Now, this is a very large application that is installed on premises on a Windows server, and what it does is it allows you to manage applications, manage devices, things like that, and it links in to Microsoft Intune. So anything that you add in through Configuration Manager will show up in the Intune console. Another really great use for Intune is it does device analytics and monitoring. So it's going to monitor your devices to let you know are they compliant, are they connected, are they working properly, and give you analytics on all the data that's going on between the Intune console as well as the devices themselves. It includes also Windows Autopilot. Now, this is a really interesting product. Prior to Autopilot, if a CIS admin wanted to send a laptop off to a staff user, they would have to have the laptop shipped to the CIS admin. The CIS admin or desktop admin would then configure the laptop and then send it off to the staff user. But that doesn't have to happen anymore. You can now use what's called Windows Autopilot. So Windows autopilot allows the CIS admin or desktop admin to just send that computer directly from the vendor right to the home of the user. And as soon as they turn it on, it will automatically configure all the different applications. It will download everything that needs to be downloaded, and it will make it work for that user without the CIS admin ever having to touch that computer. And it does that by registering the device ID, which comes from the manufacturer into Microsoft Intune. So when it does connect up into the internet, then Autopilot automatically starts to work. There's also Azure Entra ID integration. Now, this used to be called Azure Active Directory, but now it's called Entra ID. So what this means is that if you have on-premises Active Directory, it can sync with Entra ID. And so if you've joined your computers into on-premises Active Directory and you've synced the active directory that's on-premises into the Azure Cloud into Entra ID, then you're going to see all that information in Microsoft Intune. I'm in the Microsoft Intune console, this is the admin center for Intune. And I'm going to click on the dashboard and you can see that my one device is compliant. So that means everything is good to go. I'm going to click on devices and you'll see all the different kinds of devices that you can add. So here we see Windows, which is going to be Windows 10 and 11, and various different versions of the iOS and iPad OS for Apple, Macintosh, Android, and Linux. In order to enroll a device, you can go down to where it says device onboarding and enrollment, and you've got multiple different ways to do this, and you create policies to make this happen. One popular way of doing that for a Windows computer is automatic enrollment if that computer has joined in to Entra ID. So you can join your computer to Entra ID, which is really just a registration that you do from your Windows settings. And you can also open up this URL, and that will also take you into Entra ID from the client computer. From there, you can sign in and roll, and then it will show up in Intune as my device has done here. So I'll go back to devices and there's my Windows device. And it says that computer is compliant. Now, besides doing this for Windows computers, of course, you can do it for these other types of operating systems such as Android. Now, enrollment for Android's going to be a little bit different. It's going to be different for every different operating system. Here you can see you can link your managed Google Play account to Intune and then join your device that way. And you can also use Zero-touch enrollment, personally owned devices with work profile, multiple different ways to join that Android device into Intune. Now, of course, you have to have already purchased your license from admin.microsoft.com. And then, after that you can go ahead, log in as that user with a licensed account, and add your device in. Another interesting thing about the Intune Admin Center registration is, it also allows you to manage applications that are going to be installed on those various different operating systems. One operating systems that is missing from this section of course, is going to be Linux because there's no way for it to manage the applications that get installed on Linux, but it does work on the other operating systems. So here you can see all the different applications by clicking on one of the policies. This is all the applications that are going to be allowed to be installed on a Windows 10 or 11 computer. Now, it only says Windows 10, but it actually includes Windows 11 as well. So in this case, it allows all Microsoft 365 apps, such as Word, Excel, PowerPoint. Those are all going to be allowed to be installed on the Windows device. We can also create a new policy that will allow other applications as needed. So take a look at the app type. Here you can see many different operating systems and different options. So for instance, you can allow applications to be installed only from the Microsoft store if you'd like, and that will keep users from downloading and installing applications that might do harm to their computer or possibly the network. And if I scroll down, you can see all the other options that you can set up for these various different policies. Intune can maintain and monitor your mobile device through control and management from the Intune Management console.

Contents