What this book covers
Chapter 1, Getting Started with Microsoft Intune, is an introduction to Intune. It takes a look at licensing requirements and setting up the first tenant. It then moves onto Entra ID, covering MDM and Mobile Application Management (MAM) enrollment scopes, the creation of both static and dynamic groups, and then assigning roles and looking at device settings.
Chapter 2, Configuring Your New Tenant for Windows Devices, looks at the policy options available for Windows devices and how to use them to comprehensively manage your Windows fleet.
Chapter 3, Securing Your Windows Devices with Security Policies, covers all the important security policies available for Windows devices and how to best configure them for your environment.
Chapter 4, Setting Up Enrollment and Updates for Windows, looks at Windows Update and autopatch, configuring Windows Hello for Business, before finally looking at the enrollment of devices using Autopilot and the Enrollment Status Page (ESP).
Chapter 5, Android Device Management, covers the management of your Android devices using Google Play. It runs through the full end-to-end process of configuring your managed Google Play account, connecting it to Intune, and using it to deploy applications. After configuring the connections, the chapter will run through configuring your enrollment profiles for different use cases and then move on to the policies themselves, including looking at Original Equipment Manufacturer (OEM) specific policies. Finally, it will cover the use of app protection policies for Bring your Own Device (BYOD) scenarios.
Chapter 6, Apple iOS Device Management, looks at the management of both iOS and macOS devices from Apple, with devices managed by Apple Business Manager and Apple Volume Purchase Program for applications. After running through configuring Apple Business Manager, the chapter then demonstrates how to connect it to Intune, add the required certificates, and set up enrollment profile tokens. Once the basic environment is configured, it moves on to configuring policies and deploying (and protecting) applications from the app store for iOS.
Chapter 7, macOS Device Management, continues the Apple journey with macOS devices. It covers configuring your first policy and then deploying scripts and applications to your devices, before finally looking at keeping your macOS up to date.
Chapter 8, Setting Up Your Compliance Policies, explores the very important, but often overlooked, area of compliance. When tied to Conditional access, it is the best way to secure your environment against risky/infected machines. The chapter covers configuring compliance policies for all currently supported operating systems and the various settings available for each. For Windows devices, it also dives into the more complex but powerful custom compliance policies. Finally, it demonstrates how to link your compliance policies to a Conditional access policy.
Chapter 9, Monitoring Your New Environment, runs through the monitoring options available within Intune. It looks at monitoring your applications (both installed and detected) and your critical app protection policies and then moves on to the devices. In device monitoring, you can learn how to review the success of your configuration profiles, device compliance, and device enrollment successes and failures. The chapter will then look at checking your device update status and, finally, review any admin tasks within the portal itself, including device actions and audit logs for policy/app changes.
Chapter 10, Looking at Reporting, covers all of the available reports within Intune initially, including security and Endpoint analytics. It then moves beyond Intune, covering connecting PowerBI to the Intune Data Warehouse and deploying Windows Update for Business Reports within an Azure Log Analytics Workspace. Finally, it will cover how to export your diagnostics events to Azure for further alerting or management.
Chapter 11, Packaging Your Windows Applications, examines application packaging and deployment, which can be a blocker to many. The chapter runs through deploying all Windows applications, starting with your straightforward Microsoft Store apps and then covering packaging in the MSIX or Win32 format, using the official Microsoft tools. It also covers application dependencies and supersedence for Win32 applications.
Chapter 12, PowerShell Scripting across Intune, looks at all of the available scripts inside Intune, starting with the basic device scripts. It will then move on to the very useful proactive remediations before looking at how they can be used when deploying apps – in particular, during detection and requirement checking.
Chapter 13, Tenant Administration, runs through the options within the Tenant Administrative menu within Intune, including your day-to-day admin tasks (monitoring connectors, troubleshooting, and version checking). It also covers the more set-once options such as terms and conditions, setting roles, and customizing. Finally, it covers using filters to manage assignments, sending organizational messages, and looking at multi-admin approval.
Chapter 14, Looking at Intune Suite, looks at the additional licensed features currently included in the Intune Suite. We will look at Remote Help, Microsoft Tunnel for Android/iOS, device anomalies, and Endpoint Privilege Management.