Microsoft Intune features
Updated: April 24, 2015
Applies To: Microsoft Intune
Microsoft Intune provides a cloud-based service that can help your business protect and manage devices. Because it is cloud-based, it can be administered from any Silverlight-enabled web browser. Intune can manage:
Mobile devices (including phones and tablets running Android, iOS, Windows Phone and Windows RT operating systems). Computers running Windows 8.1 can be managed as mobile devices, or can be managed as computers using the Intune client software.
Computers running a professional edition of Windows Vista, Windows 7, Windows 8 or Windows 8.1.
For more information on mobile devices and computers that you can manage with Intune, see Mobile device management capabilities in Microsoft Intune and Computer management capabilities in Microsoft Intune.
This evaluation guide covers the following:
Manage mobile devices and computers, no servers or intranet required. You can manage mobile devices and computers, even if those devices are not joined to a domain or brought on-site. This makes Intune ideal for a company with a mobile or geographically-distributed workforce.
Require encryption of mobile devices and computers. Mobile devices that support encryption can be required to use it. You can also require computers that support Bitlocker drive encryption to use it. If a mobile device or computer with encryption is lost or stolen, the data on the device’s storage media is unreadable, helping to secure that data it from theft.
Generate hardware and software inventories and reports. You can gather information on the hardware and software used by your company, helping you to plan your hardware upgrade cycle or determine if unwanted software is installed on managed devices.
Monitor mobile devices and computers. You can create alerts to notify you when there is a problem with a mobile device or a computer, and also have alerts trigger e-mail notifications so that the right people are informed of the problem.
Provide a “self-service” model for IT. Users can use the company portal to enroll devices, to install site-licensed software, or to find contact information for IT administrators.
Support multi-factor authentication. Intune now supports multi-factor authentication. For details, see Use multi-factor authentication in Microsoft Intune.
Available in multiple languages. Intune is now available in the following languages:
Chinese (Simplified and Traditional)
For a list of the countries where the Intune service is supported, see International availability.
Mobile device management (MDM) capabilities:
Configure passwords. Password management differs across mobile device platforms, but all supported platforms allow you to require a password, limit the number of failed sign-in attempts, limit the minutes of activity before the screen locks, set the time for password expiration, and prevent the use of previously-used passwords.
Control system and cloud storage settings for mobile devices. These differ across mobile device platforms, but highlights include the ability to block the iOS lock screen notifications view (to keep meeting details confidential), and the ability to collect diagnostic data from Windows Phone 8.1 and iOS devices.
Manage e-mail access for mobile devices using Exchange ActiveSync. You can control e-mail access settings such as whether devices can download attachments, or how much of an e-mail folder is synchronized with a mobile device.
Application settings. You can control browser settings, and also such application settings as whether app stores can be used on mobile devices.
Device capabilities, cellular and voice. You can allow or deny the use of a camera, control roaming settings, and enable or disable iOS voice assistant and voice dialing features.
Reset passcodes, lock or wipe. You can reset passcodes if users lose access to their device, lock missing or stolen devices, or even wipe data off of missing or stolen devices.
Certificate, email, VPN and Wifi profiles. You can deploy certificate profiles to mobile devices, and also deploy e-mail, VPN and Wifi profiles. See Enable access to company resources with Microsoft Intune.
Manage corporate-owned iOS devices. You can set up devices for enrollment and then distribute them to specific users, or you can enroll devices so that they can be shared by multiple users. See Enroll corporate-owned iOS devices in Microsoft Intune.
Mobile application management. Managed mobile apps can be configured to restrict certain app operations, such as copy and paste, to help protect your organization’s data. You can also use the managed browser to control the sites that users are allowed to visit. See Control apps using mobile application management policies with Microsoft Intune and Manage Internet access using managed browser policies with Microsoft Intune.
Conditional access. Use Intune conditional access policies to control access to on-premises Microsoft Exchange email from mobile devices, even when the device is not managed by Intune. See Manage access to email and services with conditional access for Microsoft Intune.
For a complete list of MDM capabilities, see Mobile device management capabilities in Microsoft Intune.
Intune computer management capabilities:
Manage software updates. You can keep computers up-to-date, and manage when updates are applied.
Set Windows firewall policy. This helps to ensure that no computer used by your company has an inactive or improperly-configured firewall.
Anti-malware protection. Intune includes Intune Endpoint Protection, and allows you to set policies to ensure that computers are kept up-to-date with the latest anti-malware definition updates.
Remote assistance. Intune allows users to contact IT support staff, who can then provide assistance using a remote desktop feature that is included with Intune.
Software license management. Track how many software licenses are available, and how many available licenses are being used.
For a complete list of computer management capabilities, see Computer management capabilities in Microsoft Intune.
Intune has a wide array of administrative workspaces that provide you with capabilities that you can use to manage mobile devices and computers. The walkthrough guide will introduce you to the basics. For more details see Reference for the Microsoft Intune administrative consoles.
The Intune account portal lets you manage your Intune subscription and specify the users who can access Intune. From the account portal, you can manage the service and users by adding user accounts and security groups, setting up and managing service settings, and checking the status of the Intune service. You can also contact Microsoft Support and get help from the Microsoft online community. Users can access the account portal to change their password.
For more information about the Microsoft Intune account portal, see the Azure Active Directory Help. The Azure Active Directory Help provides guidance for Microsoft Online Services such as Intune and Microsoft Office 365, and covers: .
Lets you quickly assess the health of the managed devices across your organization. Top tasks include:
If an issue occurs, links appear in the affected area to take you directly to the appropriate workspace to investigate and resolve the problem.
These workspaces let you manage your devices and users by organizing them into groups. You can organize groups in the way that best suits your organizational needs (for example, by geographic location, by department, or by hardware characteristics). A device or a user can belong to more than one group.
Manage the software update process efficiently for all of the managed devices in your organization. Top tasks include:
Helps you enhance the security of all managed computers in your organization by
This workspace provides Endpoint Protection status summaries, so that if malicious software is detected on a managed computer, or if a computer is not protected, you can quickly identify the affected computers and take appropriate action.
Quickly assess the overall health of managed computers in your organization. Respond to problems so that you can prevent or minimize negative effects on business operations. For example, you can:
Detect and manage software for all managed devices. In this workspace, you can:
Add and manage license agreement information for software purchased through Microsoft Volume Licensing agreements, and for Microsoft or non-Microsoft software that was purchased by other means. In this workspace you can:
Provide settings that control software updates, Endpoint Protection, Windows Firewall settings, and security settings on mobile devices.
Run reports that provide information about the software, and hardware and software licenses in your organization.
View details about your Intune account (such as account name, status, and active seat count). In this workspace you can manage the following:
You can start using Intune with a 30-day free trial that includes 100 user licenses. With each user able to use up to 5 devices, you can really get an idea what is possible with Intune. To start your free trial, visit the Intune Sign up page.
If your organization has a Microsoft Online Services work or school account, and you might continue with this Intune subscription in production after the trial period ends, click the Sign in option on that page and authenticate by using the Global Administrator account for your organization. This action will ensure that your Intune trial links to your existing work or school account. If your organization has an Enterprise Agreement or equivalent volume licensing agreement, please contact your Microsoft representative to set up your free trial.
To learn about Intune pricing, go to the Intune Buy page, and then click View pricing for Microsoft Intune.
For step-by-step instructions for free trial signup, and for a walkthrough that you can use to evaluate Intune during your 30-day free trial period, see Getting started with Microsoft Intune: walkthrough guide. To purchase a paid subscription, see Move from a Microsoft Intune free trial to a paid subscription.