Export (0) Print
Expand All

Microsoft Intune features

 

Updated: April 24, 2015

Applies To: Microsoft Intune

Microsoft Intune provides a cloud-based service that can help your business protect and manage devices. Because it is cloud-based, it can be administered from any Silverlight-enabled web browser. Intune can manage:

  • Mobile devices (including phones and tablets running Android, iOS, Windows Phone and Windows RT operating systems). Computers running Windows 8.1 can be managed as mobile devices, or can be managed as computers using the Intune client software.

  • Computers running a professional edition of Windows Vista, Windows 7, Windows 8 or Windows 8.1.

For more information on mobile devices and computers that you can manage with Intune, see Mobile device management capabilities in Microsoft Intune and Computer management capabilities in Microsoft Intune.

This evaluation guide covers the following:

General capabilities:

  • Manage mobile devices and computers, no servers or intranet required. You can manage mobile devices and computers, even if those devices are not joined to a domain or brought on-site. This makes Intune ideal for a company with a mobile or geographically-distributed workforce.

  • Require encryption of mobile devices and computers. Mobile devices that support encryption can be required to use it. You can also require computers that support Bitlocker drive encryption to use it. If a mobile device or computer with encryption is lost or stolen, the data on the device’s storage media is unreadable, helping to secure that data it from theft.

  • Generate hardware and software inventories and reports. You can gather information on the hardware and software used by your company, helping you to plan your hardware upgrade cycle or determine if unwanted software is installed on managed devices.

  • Monitor mobile devices and computers. You can create alerts to notify you when there is a problem with a mobile device or a computer, and also have alerts trigger e-mail notifications so that the right people are informed of the problem.

  • Provide a “self-service” model for IT. Users can use the company portal to enroll devices, to install site-licensed software, or to find contact information for IT administrators.

  • Support multi-factor authentication.  Intune now supports multi-factor authentication. For details, see Use multi-factor authentication in Microsoft Intune.

  • Available in multiple languages. Intune is now available in the following languages:

    • Chinese (Simplified and Traditional)

    • Czech

    • Danish

    • Dutch

    • English

    • Finnish

    • French

    • German

    • Greek

    • Hungarian

    • Italian

    • Japanese

    • Korean

    • Norwegian

    • Polish

    • Portuguese

    • Romanian

    • Russian

    • Spanish

    • Swedish

    • Turkish

For a list of the countries where the Intune service is supported, see International availability.

Mobile device management (MDM) capabilities:

  • Configure passwords. Password management differs across mobile device platforms, but all supported platforms allow you to require a password, limit the number of failed sign-in attempts, limit the minutes of activity before the screen locks, set the time for password expiration, and prevent the use of previously-used passwords.

  • Control system and cloud storage settings for mobile devices. These differ across mobile device platforms, but highlights include the ability to block the iOS lock screen notifications view (to keep meeting details confidential), and the ability to collect diagnostic data from Windows Phone 8.1 and iOS devices.

  • Manage e-mail access for mobile devices using Exchange ActiveSync. You can control e-mail access settings such as whether devices can download attachments, or how much of an e-mail folder is synchronized with a mobile device.

  • Application settings. You can control browser settings, and also such application settings as whether app stores can be used on mobile devices.

  • Device capabilities, cellular and voice. You can allow or deny the use of a camera, control roaming settings, and enable or disable iOS voice assistant and voice dialing features.

  • Reset passcodes, lock or wipe. You can reset passcodes if users lose access to their device, lock missing or stolen devices, or even wipe data off of missing or stolen devices.

  • Certificate, email, VPN and Wifi profiles. You can deploy certificate profiles to mobile devices, and also deploy e-mail, VPN and Wifi profiles. See Enable access to company resources with Microsoft Intune.

  • Manage corporate-owned iOS devices. You can set up devices for enrollment and then distribute them to specific users, or you can enroll devices so that they can be shared by multiple users. See Enroll corporate-owned iOS devices in Microsoft Intune.

  • Mobile application management. Managed mobile apps can be configured to restrict certain app operations, such as copy and paste, to help protect your organization’s data. You can also use the managed browser to control the sites that users are allowed to visit. See Control apps using mobile application management policies with Microsoft Intune and Manage Internet access using managed browser policies with Microsoft Intune.

  • Conditional access. Use Intune conditional access policies to control access to on-premises Microsoft Exchange email from mobile devices, even when the device is not managed by Intune. See Manage access to email and services with conditional access for Microsoft Intune.

For a complete list of MDM capabilities, see Mobile device management capabilities in Microsoft Intune.

Intune computer management capabilities:

  • Manage software updates. You can keep computers up-to-date, and manage when updates are applied.

  • Set Windows firewall policy. This helps to ensure that no computer used by your company has an inactive or improperly-configured firewall.

  • Anti-malware protection. Intune includes Intune Endpoint Protection, and allows you to set policies to ensure that computers are kept up-to-date with the latest anti-malware definition updates.

  • Remote assistance. Intune allows users to contact IT support staff, who can then provide assistance using a remote desktop feature that is included with Intune.

  • Software license management. Track how many software licenses are available, and how many available licenses are being used.

For a complete list of computer management capabilities, see Computer management capabilities in Microsoft Intune.

Intune has a wide array of administrative workspaces that provide you with capabilities that you can use to manage mobile devices and computers. The walkthrough guide will introduce you to the basics. For more details see Reference for the Microsoft Intune administrative consoles.

Feature

Capabilities

Account Portal

The Intune account portal lets you manage your Intune subscription and specify the users who can access Intune. From the account portal, you can manage the service and users by adding user accounts and security groups, setting up and managing service settings, and checking the status of the Intune service. You can also contact Microsoft Support and get help from the Microsoft online community. Users can access the account portal to change their password.

For more information about the Microsoft Intune account portal, see the Azure Active Directory Help. The Azure Active Directory Help provides guidance for Microsoft Online Services such as Intune and Microsoft Office 365, and covers: .

  • Signing up for a Microsoft Online Service

  • Administering your account

  • Signing in

  • Assigning administrator roles for Microsoft Online Services

  • Changing users’ passwords

Administrator Console:

Overview workspace

Lets you quickly assess the health of the managed devices across your organization. Top tasks include:

  • view a summary of top alert types

  • check the system status of several key areas

  • view summaries of the devices that you are managing

  • eate a new device or user group

  • view a report

If an issue occurs, links appear in the affected area to take you directly to the appropriate workspace to investigate and resolve the problem.

Administrator Console:

All Users

and
All Devices
workspaces

These workspaces let you manage your devices and users by organizing them into groups. You can organize groups in the way that best suits your organizational needs (for example, by geographic location, by department, or by hardware characteristics). A device or a user can belong to more than one group.

Administrator Console:

Updates workspace

Manage the software update process efficiently for all of the managed devices in your organization. Top tasks include:

  • View pending updates

  • Approve or decline updates

  • Configure automatic approval settings for updates

  • Set a deadline for update installation

Administrator Console:

Protection workspace

Helps you enhance the security of all managed computers in your organization by

  • providing real-time protection against potential threats

  • keeping malicious software definitions up to date

  • automatically running scheduled scans

This workspace provides Endpoint Protection status summaries, so that if malicious software is detected on a managed computer, or if a computer is not protected, you can quickly identify the affected computers and take appropriate action.

Administrator Console:

Alerts workspace

Quickly assess the overall health of managed computers in your organization. Respond to problems so that you can prevent or minimize negative effects on business operations. For example, you can:

  • View all recent alerts to get an overview of the health of all your managed devices

  • Investigate specific issues that are occurring on members of specific groups of managed devices (or, in specific workspaces, such as the Endpoint Protection workspace)

  • Use filters to see all alerts with a specific severity level, or to review the list of active or closed alerts

  • Notify the appropriate people about alerts, using Alert Notification Rules to have Intune send email notifications about specific types of alerts to the right people

Administrator Console:

Software workspace

Detect and manage software for all managed devices. In this workspace, you can:

  • Get an inventory of all software installed on computers (not available for mobile devices)

  • Distribute software to computers, including the option to make software required for installation on computers (and install that software without end-user intervention)

  • Deploy managed software packages

  • Link to a web-based application or an application in the Windows Store for the Windows, Windows RT, Windows Phone 8 and Windows Phone 8.1 platforms; link to an application in the ITunes Store for iOS, or link to an application in Google Play for the Android platform

  • Search, sort and filter the lists of managed software or detected software

Administrator Console:

Licenses workspace

Add and manage license agreement information for software purchased through Microsoft Volume Licensing agreements, and for Microsoft or non-Microsoft software that was purchased by other means. In this workspace you can:

  • Enter and manage licenses

  • Compare the set of Microsoft licenses in the workspace to the inventory of software detected on your managed computers

  • Create license reports to track software installation and license counts

Administrator Console:

Policy workspace

Provide settings that control software updates, Endpoint Protection, Windows Firewall settings, and security settings on mobile devices.

Administrator Console:

Reports workspace

Run reports that provide information about the software, and hardware and software licenses in your organization.

Administrator Console:

Administration workspace

View details about your Intune account (such as account name, status, and active seat count). In this workspace you can manage the following:

  • Updates. Select the products for which you want to manage updates, and determine the types of updates that you want to manage.

  • Alerts and notifications. Enable alert types that are important, disable those that are not important, set alert thresholds for alert types to notify you if a threshold was met or exceeded, and notify you and other users of alerts using e-mail.

  • Administrator Management. Designate Service Administrators who have permissions to view or edit settings in the Administrator Console; and also assign Tenant Administrators who have the same permissions as Service Administrators, and who can also manage administrator accounts using the Intune Account Portal.

  • Client software download. Deploy the Intune client software manually or automatically.

  • Storage use. Manage your use of Intune Cloud Storage, which is used to distribute software to computers.

  • Mobile device management. Configure Intune to directly manage mobile devices in your organization

  • Company portal. Configure the Intune company portal to display your company specific information, such as your company name, contact information for IT support, and URLs for your company privacy statement and internal support website.

You can start using Intune with a 30-day free trial that includes 100 user licenses. With each user able to use up to 5 devices, you can really get an idea what is possible with Intune. To start your free trial, visit the Intune Sign up page.

System_CAPS_noteNote

If your organization has a Microsoft Online Services work or school account, and you might continue with this Intune subscription in production after the trial period ends, click the Sign in option on that page and authenticate by using the Global Administrator account for your organization. This action will ensure that your Intune trial links to your existing work or school account. If your organization has an Enterprise Agreement or equivalent volume licensing agreement, please contact your Microsoft representative to set up your free trial.

To learn about Intune pricing, go to the Intune Buy page, and then click View pricing for Microsoft Intune.

For step-by-step instructions for free trial signup, and for a walkthrough that you can use to evaluate Intune during your 30-day free trial period, see Getting started with Microsoft Intune: walkthrough guide. To purchase a paid subscription, see Move from a Microsoft Intune free trial to a paid subscription.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2015 Microsoft