Whether it’s desktops, phones or tablets, your staff may well use company-owned and personal devices to access your business data, applications and networks for their work.

If you need to keep your company data safe, manage staff devices and applications, and deploy devices to new starters then Microsoft Intune could be just what you need.

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). Control how your organization’s devices are used, including mobile phones, tablets, and laptops, and configure specific policies to control applications.

And if you’re already using Office 365 or Microsoft 365, it’s simply an add-on license.

Managing Devices

It’s easy for devices to be compromised, if they have out-of-date version of the operating system or if they don’t have anti-virus software installed. Users may have turned off the firewall, have a weak password, a virus or spyware on their device. All of these present a potential risk to your business, so it’s vital that any devices connecting to your company data and systems are protected and locked down to your requirements.

Managing Business Applications

Business applications will be deployed on any device that a member of staff uses for work. You also need to manage the lifecycle of your applications – deploying, updating and eventually retiring them.

You also need to control any applications that are accessing company data. You might want to allow users to do this, without being able to copy content from their work account in Outlook and paste it anywhere else for example. You may also want to be able to remove a work-related email account and its data from a member of staff’s personal phone without affecting their personal email account and data.

  • What does it give you?

      Microsoft Intune allows you to manage all your devices and the data stored on them in one, secure place in the cloud.

      As a mobile device management (MDM) and mobile application management (MAM) solution, it means that you can control how your organisation’s devices are used, whether they are Windows PC, Mac, iOS or Android. In MDM, you manage the device and its settings. In MAM, you manage applications that are used to access company data such as the Outlook app.

      For company owned devices, you normally use MDM and MAM. For personally owned devices, you tend to use MAM as it’s unlikely that users would be happy to have their personal phone fully controlled by their company. Knowing which Bring Your Own Devices (BYOD) are being used to access company data is important.

      With Intune, you can set rules and configure settings on personal and organization-owned devices to access data and networks.

      • Deploy and authenticate apps on all on-premise and mobile devices.
      • Protect your company information by controlling the way users access and share information.
      • Be sure devices and apps are compliant with your security requirements.

      All from a self-service portal.

  • What does it cost?

      Intune can be licensed per user in several ways depending on different customer needs and the size of your organisation:

      • Intune Standalone License
      • M365 plans such as M365 Business Premium (but not O365 plans)
      • Enterprise Mobility + Security (EMS) Plans




  • How does it work?

      Intune has a broad range of capabilities and is used to deploy applications to users’ devices and configure settings on them.

      Applications can be defined as a required install, which means that Intune will install them on the devices of specific users. Alternatively, applications can be made available for install, which means that users can choose to install from the Intune Company portal.

      Intune allows the set-up of conditional access policies to control the devices and apps that connect to your email and company resources, based on group membership, IP location or device details.

      On user log-in, Intune applies the device configuration profiles such as the firewall settings and install the applications including the Office Suite, Chrome Browser, Line of Business Applications etc.

      Day-to-day management

      Device and application management and monitoring is controlled from the Endpoint Manager admin portal, including common tasks such as:

      New starters

      Create O365 account, licence and add new starters to the relevant Azure AD groups.

      They can then enrol their devices in Intune and their device settings will be applied and applications deployed. The Windows Autopilot service works in conjunction with Intune, allowing you to have a Windows 10 PC shipped directly from your supplier to the user without your intervention.


      Re-assign a leavers company owned devices, such as their PC, to another user. Use Intune to wipe all the data remotely and restore the device back to its default factory settings.

      Where leavers have been using their own devices such as an iPhone to access company data, use the Retire action to remove managed app data, settings and email profiles while leaving their personal data intact.

      Deploy New Applications

      Deploy new applications, update existing ones and un-install those that you no longer want to use

In Summary

Microsoft Intune protects your organisation’s data and helps you control how your team access and share business information. This is important for today’s workforce, who use flexible working and more devices than ever before. Even if you think you’re on top of your cybersecurity strategy, there can be gaps. Microsoft Intune will give you the peace of mind that your business data is secure – wherever and however your team work.

Read our recent Case Study which explains how we provided expert InTune advice to Smythson.

If you’d like to discuss Intune and how it might work for your organisation, then please contact us for a free discussion with one of our certified M365 technical consultants.