Migrating to Microsoft Intune

Eduards 771 Reputation points
2020-10-22T04:31:59.513+00:00

Hello,

We want to move from Mobile Iron to intune and want to know if intune will support all the things that we are using now.

Our configuration now (iOS + Android)

Encrypted Container
email client support (Verse, Email+)
apps (can install application based on policy)
Docs (work with documents in encrypted container)
Web application (can access internal work resources using kerberos auth)

Endpoint Security (road warriors microsoft + mac os notebooks)
Full disk encryption (if intune intune MDM supports it how can i manage encrypted devices) ?
Antivirus with behaviour detection, exploit prevention, HIDS
device control (usb)
WEB control
VPN for internal resources.

Question - could we do all this stuf using MS intune?

Thank you

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,079 questions
0 comments No comments
{count} votes

Accepted answer
  1. Crystal-MSFT 40,706 Reputation points Microsoft Vendor
    2020-10-23T02:28:12.39+00:00

    @Eduards , Based on my research, I have listed the reference features in Intune as below which is related to the features you listed in Mobile Iron.

    -Encrypted Container, Docs (work with documents in encrypted container)
    Based on the description, it seems to be a feature to protect app . In Intune, it is accomplished by app protection policy, here is the article for the reference:
    https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policies

    -email client support (Verse, Email+)
    Currently, Mobileiron email++ is not in the protected app list. We can see more details in the following link:
    https://learn.microsoft.com/en-us/mem/intune/apps/apps-supported-intune-apps

    -apps (can install application based on policy)
    Intune supports a wide range of app types. such as Apps from the store, Apps written in-house (line-of-business) and etc We can see more details in the following link:
    https://learn.microsoft.com/en-us/mem/intune/apps/apps-add

    -Web application (can access internal work resources using kerberos auth)
    Based as I know, For the browser in Microsft, there's an app named edge. For the authentication method supporton Edge, we can see the folloing link:
    https://learn.microsoft.com/en-us/deployedge/microsoft-edge-security-identity

    -Endpoint Security (road warriors microsoft + mac os notebooks)
    the Endpoint security node in Intune to configure device security and to manage security tasks for devices when those devices are at risk. The Endpoint security policies are designed to help you focus on the security of your devices and mitigate risk. We can see more details in the following link:
    https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security

    -Full disk encryption
    Based as i know for windows, the disk encrption is done by Bitlocker and for MacOS, it is done by FileVault. Here ia an article for the two profiles we can refer to:
    https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-disk-encryption-profile-settings

    -Antivirus with behaviour detection, exploit prevention, HIDS
    We can refer to Antivirus policy for endpoint security in intune:which needs to intergrate with Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) as a Mobile Threat Defense solution.
    https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-antivirus-policy

    -device control (usb)
    Fro device control in Intune, we can refer to the following link:
    https://learn.microsoft.com/en-us/windows/security/threat-protection/device-control/control-usb-devices-using-intune#allow-or-block-removable-devices

    -WEB control
    Protect your enterprise data, we can use Windows Information Protection (WIP) for windows device
    https://learn.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip

    -VPN for internal resources.
    This can be done by dedicated app. Intune can only push some configuration file to them.

    In general, Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). You control how your organization’s devices are used, We can know more information about inturn in the following article
    https://learn.microsoft.com/en-us/mem/intune/

    Hope it can help.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Eduards 771 Reputation points
    2020-10-23T05:47:18.857+00:00

    Thank you for the answer!

    Last question - so basicaly to migrate to intune we need EMS licence and if need to use Microsoft ATP, we need buy additional licenses?

    What are licenses that we need?