Microsoft's enterprise mobility management strategy can be summed up in one word: Intune.
Microsoft Intune is a cloud-based service for managing computers and mobile devices as well as their applications. It's also part of Microsoft's Enterprise Mobility Suite (EMS), which also includes Azure Active Directory Premium and Azure Rights Management.
Organizations can use Intune as a standalone service or in conjunction with System Center 2012 Configuration Manager (SCCM). Microsoft Intune features integrated management capabilities for Office mobile apps and Office 365.
With all of these Intune integration points, Microsoft is a serious player in enterprise mobility management (EMM). Intune's ever-expanding set of features will likely fuel Microsoft's growth in the EMM market.
Mobile device management
Microsoft Intune features full mobile device management (MDM) capabilities for devices running iOS, Android and various Windows systems. Intune can also manage Windows computers, using either the Intune client or by enrolling PCs as mobile devices. Intune supports up to five devices per user.
The process for setting up mobile devices varies depending on the platform. For example, Windows RT 8.1 devices require sideloading keys and a code-signing certificate. On the other hand, iOS devices require an Apple Push Notification service certificate to connect. Microsoft Intune features Apple Configurator to enroll iOS devices in bulk.
Once administrators have enrolled users' mobile devices, they can perform a number of management tasks with Intune, including deploying the profiles that define certificates, emailing, VPN and Wi-Fi usage. Admins can also remotely reset passcodes, lock or wipe devices and encrypt data. In addition, administrators can require device encryption and prevent users from accessing device features such as cameras, voice dialing or cellular network roaming.
Users can enroll their own devices and install corporate apps from Intune's self-service Company Portal. In addition, Intune includes the Easy Assist agent, which lets users request administrative assistance if they're using a managed computer. Administrators can also configure policies that grant conditional access to corporate resources such as Exchange, SharePoint Online or OneDrive for Business documents.
Mobile application management
Microsoft is also active in mobile application management (MAM). Administrators can specify which app stores users can access on their devices or configure an app to only open Web links in a managed browser. Microsoft Intune features mobile apps that facilitate secure data access on mobile devices.
Intune provides administrators with the tools to manage Microsoft and non-Microsoft apps from a centralized console. They can push apps automatically during enrollment or selectively wipe managed apps and their data when a device is lost or stolen. Plus, they can separate corporate apps and data from personal assets.
Microsoft Intune also lets administrators implement Wi-Fi profiles with pre-shared keys and resolve certificate chains without deploying certificates individually. In addition, they can deny access to specific apps or URLs. For example, they can restrict access to Exchange Online with device enrollment and compliance policies.
App wrapping with Intune protects and manages line-of-business apps running on mobile devices. For apps with the Microsoft Intune App Software Development Kit built in, administrators can use policies to manage and protect them instead.
The biggest news, however, in terms of app administration, is that Intune now manages Office mobile apps. For instance, administrators can restrict actions such as copy and paste, even if a user is trying to paste something into a personal app IT has no jurisdiction over.
In addition to handling mobile devices, administrators can use Microsoft Intune management to control computers running any version of Windows dating back to Vista, including Windows 10. With Intune, they can deploy software, control updates and track licensing. They can also collect information about hardware configurations and software installations on managed computers.
Administrators can deploy software to computers in a variety of formats, such as Windows Installer or Windows application package files. Microsoft Intune features Endpoint Protection for managing security and malware threats on computers as well. Administrators can configure antimalware and firewall policies, update virus definitions and use the Intune console to take action if they detect attacks. They can also automatically scan managed computers and require any device that supports BitLocker encryption to use it.
Intune supports the same management features for Windows 10 as Windows 8.1, including enrollment, policy enforcement, application management and resource access control. Plus, Microsoft Intune features support specific to Windows 10.
Intune also offers full integration with SCCM, extending management capabilities to a wide range of Windows, Macs and Unix/Linux computers. SCCM integration makes it possible for administrators to manage all their PCs and mobile devices from a single interface.
The Intune difference
Microsoft has only been serious about MDM for a short time and will no doubt continue to be aggressive with mobility management. The integration with Office could be a game changer, especially with Office 365 now in the equation. Microsoft Intune also has the advantage of being part of EMS, providing a level of integration separate products cannot easily achieve. SCCM integration only adds to the appeal.
Will all this be enough to convince organizations to give up on their existing MDM and MAM investments or bring new organizations into the Microsoft mobility fold? It's too soon to say. It's also too soon to say whether customers will want to lock themselves into a single vendor in this way, especially when Microsoft has so much at stake with its own mobile devices.
Protect mobile data with EMM
How the EMM market has taken shape
How Microsoft EMM compares to the competition
Find the best possible EMM tool