Microsoft Intune Configuration Check List
Make most of Microsoft Intune
Check list to make most of Microsoft Intune MDM and MAM features/
In this post, I have cover the Intune MDM and MAM features that can help enterprises to improve user experience and security. I have seen multiple MDM setups where its utilisation becomes limited to email profile deployment and password policies. I hope this checklist will help to enhance the capabilities and make most of the Microsoft Intune/EMS.
Please note that this checklist might not complete due to fluid nature of the cloud services, I will keep adding link of the existing resources that might help you to kick start with design, deployment and Testing. I will keep revising this list on frequent basis, please review latest Microsoft Documentation for new Intune features.
o Configure Azure AD & AD Connect : Required to provision users and assign licenses
· Device and Application Management
o Intune Standalone vs Intune Hybrid with SCCM Integration
o Recommended to configure Intune Standalone to avoid delays with SCCM/Intune Sync
o Leverage latest feature of Intune Standalone
o Intune Hybrid support ending on 1st Sep 2019.
· Unified Device Management and Platform Integration
o iOS Device Enrollment
o APN certificate
o Apple Business Manager (aka Apple Deployment Manager)
o Apple Volume Purchase Program
o Android Device Enrollment :
o Android Enterprise (Android for Work)
o Samsung Knox
o Mac Device Enrollment
o Apple Configurator Profile
o Windows Device Enrollment :
o Windows AutoPilot
o Windows Store for Business
· Device configuration and compliance policies for all device Platforms:
o Password Policies
o Device Profiles and Configuration
o Security Policies i.e. Minimum OS version, block jailbroken device.
o Compliance Policies Threat level
· Configure Intune MAM policies:
o To protect Enlightened iOS and Android Apps
o Windows 10 Information Protection Policies
· Configure Azure AD Conditional Access
o Exchange Online
o Exchange On-Premises
o Skype Online
o Office 365 Apps - Sharepoint, OneDrive, Teams, OneDrive etc.
o Identify Exchange Active Sync Users and lock down Exchange Active Sync
o Enforce Device Enrolment or Application requirements i.e. Outlook App
· Deploy Profiles:
o VPN Profile
o WiFi Profile
o Email Profiles
· Applications & Services
o Deploy Apps for public store to users with App Configuration Policies
o Enforce mobile devices to use approved apps or enroll device.
o Define Compulsory Apps and Option App
o Deploy Corporate Apps to users : Outlook, Word, OneDrive, Skype, Teams etc.
o Configure Apps Configuration Policies to pre-populate information : i.e. Server, User email etc.
o Configure NetScaler to provide seamless experience to Mobile Users - Provided ability to users to configure Citrix Receive with Email !
· Network & Security
o Configure & Deploy SCEP & NDES Infrastructure
o Deploy Certificates to Mobile Devices
o Deploy WiFi Service with Certificate based authentication (seamless experience to users)
o Configure Mobile Threat Mgt Solution with Intune Integration
o Provision Mobile Threat client on Mobile Devices
o Configure compliance polices
o Configure Wi-Fi hotspot for Mobile Devices
o Configure Cisco ISE Intune Integration (Optional)
o Provision & Deploy VPN solution for Mobile Devices
o Configure Firewalls to allow access corporate systems hosted on-premise.
Please stay tuned for more updates to above list with useful links to get started quickly! Please feel free to email your feedback or message on Twitter.