How to manage & lock down company owned devices like desktops & laptops via Azure?

Question

I am new to Azure AD and am one band show working for a small company. I'm trying to add company devices to Azure to manage those devices and lock them down for laptops and desktops. We have government contracts, so I don't want laptops lost without the ability to lock them down remotely.

I've read that Intune is the tool to use, but others have said that it's not suitable for desktops or servers etc... Others have said you need to use Microsoft MECM, formally SCCM others have said to use UEM or EMM from other vendors.

I'm trying to find the best solution to get a few company laptops set up for new hires coming on board in a few weeks.

Any help would be greatly appreciated.

Answer 1

It depends - Azure AD Join with Intune will allow you to login with your M365/Azure AD credentials, Intune will allow you to manage the device. This works great - for devices. You can also use the same thing for Azure Virtual Desktop. If you are connecting to a resources on a server, you can still keep Active Directory and connect to resources via AD with an AAD device - as long as you have line of sight from your domain controller - and the AAD account is synced from AD - so you can have the best of both worlds. You COULD Azure AD join your servers, but you may run into compatibility issues with applications it is hosting, so would need to do some testing and investigation - but for Desktops/Laptops - AAD join with Intune can be a good solution.