Share via

need help clarifying intune for MDM

tommy soo 81 Reputation points
2021-07-28T22:44:47.71+00:00

Hi,

I am currently working on setting up intune as our MDM solution for both our iOS and Android devices and would like to get some help / clarification on the setup and configuration of intune. I know that there is a lot more than just MDM for intune however this is what we are going with at the moment. Licensing wise, all our users are on M365 E3, so using intune is kinda a no brainer since its part of the package :)

The MDM model we are going with is COPE. The design is quite straightforward

  1. Enroll intune to iOS and Android devices
  2. Manage devices via Compliance and Configuration policies
  3. Ensure iOS devices are kept up-to-date via Update policies for iOS/iPadOS
  4. Manage apps via App protection policies and App configuration policies

My questions are as below:

  1. Group assignments for device policies - do you target the user group or device group? currently i have both the user and device group targeted
  2. Group assignments for app policies - do you target the user group or device group? currently i have both the user and device group targeted
  3. App configuration policies - some apps like M$ Authenticator and OneDrive have very different type of configuration options available if compared to outlook for example. Authenticator uses a configuration key while OneDrive uses a Name and Value configuration setting which i have no clue what to enter
  4. App updates - how are managed iOS apps updated? is it automatic?
  5. The current enrollment is targeted to only company-owned devices however we may look at a BYOD model for user who don't own a company-owned device. What do i need to do to achieve this?

These are the items i need help clarifying for now but will definitely post more once i hit a road block

Thanks again for your time and i hope to hear from anyone soon

Kind Regards :)

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,927 questions
Microsoft Intune Application management
Microsoft Intune Application management
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Application management: The process of creating, configuring, managing, and monitoring applications.
961 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,225 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nick Hogarth 3,436 Reputation points
    2021-07-29T02:29:45.543+00:00

    For questions 1 and 2, see https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-assign#user-groups-vs-device-groups

    for question 5 - you can look at using app protection policies https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy . if you did want to limit to only enrolled Intune devices, you can use conditional access to require compliant devices

    0 comments
  2. Lu Dai-MSFT 28,421 Reputation points
    2021-07-29T02:56:13.07+00:00

    @tommy soo Thanks for posting in our Q&A.

    For these questions, I will share some information with you.
    1.Device policies can be assigned to user groups or device groups. When the policy is assigned to device groups, the devices in the device groups will apply these policies. When the policy is assigned to user groups, this policy is applied to all the devices that these users login to.

    2.For app policy, it is similar with device policy. However, for app protection policy, it is needed to be assigned to user groups. If it is assigned to device groups, it will not work.

    3.For App configuration policy about OneDrive, the configuartion key is provided by the app vender. So, it is suggested to contact OndDrive for more accurate help:
    https://support.microsoft.com/en-us/onedrive

    4.For iOS apps update, update is different in different types of apps.
    For volume-purchased iOS apps, we can configure the "Automatic app updates" setting to enable automatic updates.
    https://learn.microsoft.com/en-us/mem/intune/apps/vpp-apps-ios#upload-an-apple-vpp-or-apple-business-manager-location-token
    For line-of-business apps, it is needed to deploy an update package file.
    https://learn.microsoft.com/en-us/mem/intune/apps/lob-apps-ios#step-5-update-a-line-of-business-app
    For other iOS apps, these app updates are automatic by app themselves and their updates not controlled by intune. The following article describes app types in intune.
    https://learn.microsoft.com/en-us/mem/intune/apps/apps-add#app-types-in-microsoft-intune

    5.For BYOD enrollment, the steps are easy.
    Step1:Make sure the iOS device is the supported OS:
    https://learn.microsoft.com/en-us/mem/intune/fundamentals/supported-devices-browsers#apple
    Step2:Get an Apple MDM push certificate
    https://learn.microsoft.com/en-us/mem/intune/enrollment/apple-mdm-push-certificate-get
    Step3:Enroll the iOS device. We can refer to the video in the following article.
    https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-your-device-in-intune-ios

    Hope the above information will help.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.