Unified endpoint management to

secure the modern workplace

Microsoft Intune product overview

ANDREA PERNA
MICROSOFT CLOUD ENDPOINT
TECHNICAL SPECIALIST
Technology needs are evolving in the modern workplace

Fragmented Integrated

Closed Perimeter Cloud

Less Regulated More Regulated

Manual Automated

Insourced Managed
 Proliferation of endpoints, apps and threats

On-premises /
Private cloud
 IT challenges of the modern workplace
How do you empower users while
protecting your most important assets?

Employee goals IT goals

Collaborate Protect data

Easy access Manage access

Work Stay
anywhere innovative
 Transformative device management and security
Microsoft Flexible Device Management

Enable Protect
your users your data

PC desktop
management

Mobile device Mobile application

management management
 System Center
Configuration Manager
and
Microsoft Intune

Most complete Most secure Fastest time to value

Why choose Microsoft?

Most complete Most secure Fastest time to value

Transform how you Apply conditional Maximize user productivity

manage iOS, Android, access and security with fast roll-out of new
macOS, and Windows controls for all apps services and out-of-box
devices, powered by the and data, on corporate integration with Microsoft
Microsoft intelligent cloud and personal devices architecture and apps
Transform IT delivery and
device management

Zero-touch IT provisioning for all

devices using Windows Autopilot,
Apple Business Manager, or Android
Enterprise

App lifecycle management for

in-house (LOB) apps, public store
apps, and traditional Win32 apps

Depth of configuration and security

controls across any device
Secure apps and data in the
modern workplace

Respond to internal and external

threats with real-time risk-analysis
before access to company data

Protect corporate data before, during

and after they are shared, even outside
the company

Extensive visibility and intelligent

cloud-powered insights to improve
end-to-end security posture
Maximize user productivity

Deliver native app experiences that

work and feel natural on any platform

Simplify access to resources

employees need with single sign-on,
for faster service roll-out

Enable Office apps that users

love on mobile devices, without
compromising data security
Transform Device
Management

Most complete
Microsoft simplifies mobile and PC management

Modernize device
and OS provisioning

Simplify app lifecycle

Complete management
Management
Platform
Consolidate security
policies and settings
 Modern desktop provisioning with Windows Autopilot

Register devices Autopilot profile sync

Existing PC estate Autopilot Service Intune and Azure AD

IT Admin Register devices, Self-deploy

configure profiles

New PC vendor New Devices User

Deliver direct to Employee

Provision new devices direct Upgrade existing devices, Lower IT effort and cost;
to employees, ready for use reimaged with Autopilot user gets productive faster
 Modern device provisioning for iOS, macOS, Android

EMS +

Apple iOS macOS macOS Android

(with Jamf)

Device Enrollment Program Deploying cert and settings Intune MDM features + Android Enterprise (ZTE)
Apple School Manager Zero-touch (DEP) Extensive inventory Samsung Knox (KME)
Apple Business Manager Conditional access Scripting support Kiosk mode
Supervised Mode Device wipe, encryption Depth of security controls Work Profiles
Intune APP managed Self-service controls Intune APP managed
 Simplify Windows application lifecycle management

Deploy Win32 apps, line- Application compatibility Intune leverages Windows

of-business (LOB) apps, assurance using desktop 10 cloud management
and Microsoft store apps analytics capabilities
from the cloud
 Simplify Managed Google Play store integration

IT control over what Managed app Consistent end user

apps end users can configuration; including experience for LoB (in-
install in work context silent installs for house) and Store apps; app
‘required’ apps badging in Work Profile
 Simplify Managed Google Play store integration

IT control over what Managed app Consistent end user

apps end users can configuration; including experience for LoB (in-
install in work context silent installs for house) and Store apps; app
‘required’ apps badging in Work Profile
 Simplify managed app lifecycle for iOS and macOS

Distribute purchased apps Revoke assigned VPP Simplified setup for EDU
from the app store (VPP) licenses for target app, with Apple School
device, or token Manager
 On managed devices, Intune can
manage hundreds of 3rd party apps
Most Trusted
Workplace

Most secure
Protect your data on virtually any device with Intune

Mobile Device Enroll devices for

management
Provision settings,
certs, profiles
Management (MDM)
Conditional Access: Report & measure Remove corporate
Restrict access to managed device compliance data from devices
and compliant devices

Mobile Application Publish mobile

apps to users
Configure and
update apps
Management (MAM)
Conditional Access: Report app Secure & remove
inventory & usage corporate data within
Restrict which apps can be mobile apps
used to access email or files
Corporate data
Multi-identity
App protection policies
Personal data
policy
for personal devices

Enables bring-your-own (BYO) and

Managed apps
personal devices at work where users
may be reluctant to “enroll” their device

Ensures corporate data cannot be

copied and pasted to personal apps
within the device
Personal apps

Intune App Protection policies are

useful to protect Office 365 apps where
devices are unmanaged or managed by
3rd party
 Intune-enlightened apps
provide the best control, with
or without enrollment.

Check back frequently…

we are constantly adding new apps to this list
Conditional access to data
with real-time risk analysis
Conditions Controls
10TB
Employee and Allow
Define contextual policies at the Partner Users Session
access
Risk
user, location, device, and app levels Machine
Limit
Trusted and learning 3
Compliant Devices access

Controls adapt to real time

conditions based on monitoring Real time
Require
MFA

of perceived risks Evaluation

Engine
Force
password
Risks calculated based on advanced Physical &
Virtual Location
Policies Effective
****** reset

Microsoft machine learning Client apps &

policy
Deny
Auth Method access
Control what happens after data has been accessed

Multi-identity Email
policy attachment

Corporate Personal
data data
Copy Paste Save

Paste to Save to
personal app personal storage

Azure Information Protection Separate company managed Intune APP ensure corporate
(AIP) empowers you to apps from personal apps, and data can’t be copied and
control how data is accessed set policies on how data is pasted to personal apps
from employee devices accessed from managed apps within the device
Intune threat protection for device risk-based conditional access

Threat protection EMS role:

partner detects: Intune evaluates compliance Allow Microsoft Azure
Azure AD enforces Conditional Access Enforce MFA
Malicious Apps Enroll device

Device manipulation

Network exploits
Block access
Wipe device
Data privacy violations

Microsoft Defender ATP integration

Mobile threat defense (MTD)

partners on iOS and Android
Improve security posture with cloud-powered analytics

Get insights from Simplify migration to Monitor device

Microsoft cloud Intune policy settings compliance and automate
machine-learning using security baselines remediation tasks
Stay secure with Microsoft Edge for iOS and Android
Designed for best secure browsing with Microsoft Intune policies

Security
Conditional Access
App Protection Policies

Productivity
Personal & Corporate
Identity Support
App Proxy, SSO

Manageability
Managed Favorites
& Home Shortcut
Blocked Sites
Accelerate Business
Productivity

Fastest time to value

 User-centered design for high user productivity
Comprehensive device settings ensure devices are
productivity-ready with minimal user set-up.

Automatic Configuration Resource

Enrollment app updates & compliance access
 User-centered design in the new Company Portal app

Search apps & books Enhanced filtering Custom branding Native experience
Search history with and without enrollment without Safari WebView
Self-service for more productivity,
fewer support calls

User can enroll or un-enroll devices at their

discretion using the Company Portal

Add SaaS and public store apps required by

your organization

Use self-service password or PIN reset

saving the user time and helpdesk costs

Join and manage groups without needing

to go through IT
Enable more business scenarios

New device-based subscription to

manage ‘things’ like digital signage,
public kiosks, and phone room devices

Enable device management controls for

devices not affiliated with any user-
identity at a lower cost

Works for shared devices used by

multiple users without login
All endpoints managed from a Microsoft 365 console

Microsoft 365 Microsoft 365

Admin Center Device Management
 Microsoft Technology Partners
Intune integrated partners enhance the Microsoft 365
user experience and protect your company resources

MOBILE THREAT DEFENSE SECURE RESOURCE ACCESS MANAGEMENT PARTNERS

Microsoft device management is for all organizations

Knowledge Firstline SMB Teachers/

Workers Workers Employee Students

Microsoft 365 Microsoft 365 Microsoft 365 Microsoft 365 Education

Enterprise F1 Business (Intune for Education)
Microsoft recognized
as a Leader*
175M+ managed devices
worldwide

115M+ seats installed base

* Source: Gartner, Magic Quadrant for Unified Endpoint Management Tools,

Chris Silva, Manjunath Bhat, et al, 6 August 2019
Disclaimer: This graphic was published by Gartner, Inc. as part of a larger
research document and should be evaluated in the context of te entire
document. The Gartner document is available upon request from
https://aka.ms/IntuneMQ
Gartner does not endorse any vendor, product or service depicted in its
research publications, and does not advise technology users to select only
those vendors with the highest ratings or other designation. Gartner research
publications consist of the opinions of Gartner’s research organization and
should not be construed as statements of fact. Gartner disclaims all
warranties, expressed or implied, with respect to this research, including any
warranties of merchantability or fitness for a particular purpose.
Microsoft Intune compliance offerings
Help comply with requirements governing collection and use of individual's data
FastTrack for all Microsoft 365 customers
Team of engineers to help plan your deployment, included with every subscription

Deploy
new cloud
capabilities

Access
engineering
expertise

Gain user
adoption
Key Takeaways

Most complete Most secure Fastest time to value

Intune and ConfigMgr Extensive cloud powered Remove barriers to

deliver most complete insights and policy- productivity on any
management of driven actions for the personal and company-
modern workplace most secure protection owned devices without
of your data compromising security
Next steps

Learn more about Get a free 90-day trial, Plan your deployment with
Microsoft flexible evaluate Enterprise FastTrack experts included
device management Mobility + Security (EMS) in EMS subscription
© Copyright Microsoft Corporation. All rights reserved.
Work Data, Device & User management

Automatic
Enrollment

Manual
Enrollment
Android deployment scenarios
BYOD Corp Owned

Intune App Protection

AE Work Profile AE Dedicated (kiosk) AE Fully managed
Without Enrollment
iOS deployment scenarios

BYOD CORP OWNED