MS EMS Blog 

Sharing real life experience with day to  day my working with Microsoft EMS, Windows 10, Office365, Apple, Android, Mac...
by Pratik Dave.

Make most of Intune

Check list to make most of Microsoft Intune MDM and MAM

In this post, I would decode Intune MDM and MAM features that can help enterprises to make most of it. I have seen multiple MDM setups where its utilisation becomes limited to email profile deployment and password policies. I hope this checklist will help to enhance the capabilities and make most of the Microsoft Intune.

This checklist may help to leverage all components and utilise the full capability of the suite. Please note that this checklist might not complete due to fluid nature of the cloud services, I will keep adding link of the existing resources that might help you to kick start with design, deployment and Testing. I will keep revising this list on frequent basis, please review latest Microsoft Documentation for new Intune features.  
1. Identity
- Configure Azure AD & AD Connect : Required to provision users and assign licenses

2. Device and Application Management
Intune Standalone vs Intune Hybrid with SCCM Integration
- Recommended to configure Intune Standalone to avoid delays with SCCM/Intune Sync
- Leverage latest feature of Intune Standalone
- Intune Hybrid support ending on 1st Sep 2019.

3. Unified Device Management and Platform Integration
3.1 iOS Device Enrollment
- APN certificate
- Apple Business Manager (aka Apple Deployment Manager)
- Apple Volume Purchase Program
3.2 Android Device Enrollment :
- Android Enterprise (Android for Work)
- Samsung Knox
3.3 Mac Device Enrollment
- Apple Configurator Profile
3.4 Windows Device Enrollment :
- Windows AutoPilot
- Windows Store for Business

4. Device configuration and compliance policies for all device Platforms :
- Password Policies
- Device Profiles and Configuration
- Security Policies i.e. Minimum OS version, block jailbroken device.
- Compliance Policies Threat level

5. Configure Intune MAM policies :
- To protect Enlightened iOS and Android Apps
- Windows 10 Information Protection Policies

6.Configure Azure AD Conditional Access
- Exchange Online
- Exchange On-Premises
- SharePoint
- Skype Online
- Office 365 Apps - SharePoint, OneDrive, Teams, OneDrive etc.
- Identify Exchange Active Sync Users and lock down Exchange Active Sync
- Enforce Device Enrolment or Application requirements i.e. Outlook App

7. Deploy Profiles:
- VPN Profile
- Wi-Fi Profile
- Email Profiles

8. Applications & Services
- Deploy Apps for public store to users with App Configuration Policies
- Enforce mobile devices to use approved apps or enroll device.
- Define Compulsory Apps and Option App
- Deploy Corporate Apps to users : Outlook, Word, OneDrive, Skype, Teams etc.
- Configure Apps Configuration Policies to pre-populate information : i.e. Server, User email etc.
- Configure NetScaler to provide seamless experience to Mobile Users - Provided ability to users to configure Citrix Receive with Email !

9. Network & Security
- Configure & Deploy SCEP & NDES Infrastructure
- Deploy Certificates to Mobile Devices
- Deploy Wi-Fi Service with Certificate based authentication (seamless experience to users)
- Configure Mobile Threat Mgt Solution with Intune Integration
- Provision Mobile Threat client on Mobile Devices
- Configure compliance polices
- Configure Wi-Fi hotspot for Mobile Devices
- Configure Cisco ISE Intune Integration (Optional)
- Provision & Deploy VPN solution for Mobile Devices
- Configure Firewalls to allow access corporate systems hosted on-premise.
Please stay tuned for more updates to above list with useful links to get started quickly ! 
Please feel free to email your feedback or message on Twitter.

Dave Infotech acknowledges Aboriginal Traditional Owners of Country throughout Victoria and pays respect to their cultures and Elders past, present and emerging.