The Intune cloud-based management service is a solution that helps you to manage your computers and mobile devices and to secure your company’s information.
With the proliferation of BYOD and BYOID’s, I wanted to “kick the tires” so here we go for a discovery. Cooking time: 1 day.
My Microsoft ID’s had already been synced from On premise AD via AADSync. See my previous post on this topic here.
I subscribed for a 30 Intune trial here which is for 30 days for 30 test licenses.
Then to utalise the Intune console I had to update my Silverlight version on my Microsoft Surface 3. I logged in and I was presented with this console. The Dashboard provides shortcuts to the initial tasks which are required. I selected Add users.
I select several users and applied the Intune license as shown below.
Then I created a Group with all my licensed users.
Next we need to create a policy that we wish to push out to the users BYOD (Group).
I selected Computer Management, Windows Firewall Settings, Create and Deploy a Custom Policy.
It prompted me to deploy the policy.
Then I applied the Policy to a group
Then I downloaded my Client Software and attempted to apply it to my MSDN Windows 10 running in Azure.
It appeared to install but unfortunately Intune is not compatible with Windows 10 yet. I received an error in the console and the agent was not running on the OS. See this compatibility list here.
After I successfully loaded the agent on a Windows 8.1 machine in Azure, I loaded my firewall to see my Policy changes had applied.
Then I decided to scan using the Intune Endpoint Protection. All of the definitions are defined within my Intune portal.
Next I wanted to remotely push some software. I downloaded and run the Intune Software Publisher plugin.
Then I ran the wizard.
I selected SpotifySetup.exe and also selected a Spotify Icon.
I left everything else as default.
Then I selected upload.
I then applied the Software All Users.
Here is a summary of all my deployed software.
Back on the Windows 8.1 machine I opened the Intune Center tool from the right hand corner near the clock.
Then I selected Get Applications from the Company Portal. Here I had to authenicate (only the first time). It even allowed me to reset my expired password. Here you can see my Azure Active Directory Premium portal customisations have loaded.
I selected YES to the primary user of this computer.
Here you can see that Spotify was advertised on the main portal page.
If I select All Apps, Spotify is also advertised inside here and ready to install.
I selected Spotify and Install.
It now displays as installing.
Next I wanted to apply a minimum in Microsoft patches to my non domain devices. This would be useful for a company that wants to ensure that a minimum level of patches are running on all machines that access their corporate data. I approved all patches to All Devices back in the Intune console under groups.
Then back on the Windows 8.1 machine I immediately prompted to install the newly approved patches.
Then I decided that I wanted to manage BYO mobile devices as well. So i went to admin within the console, I selected Set Mobile Device Management Authority.
Then I Added a Device Enrollment Manager.
This is where I stopped. I did not have a spare mobile device that I wished to wipe.
The Administrators Console dashboard has great visibility into the fleet’s health. You can see the 1 error, this is my failed Windows 10 installation. Clicking on each alert takes you straight to the reported area.
So as you can see there are a lot of great management features within Intune. It has certainly come a long way in the last few years. There are many features and perhaps your company will find this tool suitable for only 1 or 2 specific tasks, rather than using every feature that is available. This is a very feature rich tool which does everything except refill your coffee cup.
Aaron Whittaker @AaronW2003