Endpoint management at Microsoft

This article provides an overview of endpoint management solutions at Microsoft.

Microsoft Intune

Microsoft Intune is a family of products and services. The Intune family includes:

• Microsoft Intune service
• Configuration Manager and co-management
• Endpoint Analytics
• Windows Autopilot
• Intune admin center

These products and services offer a cloud-based unified endpoint management solution. It simplifies management across multiple operating systems, cloud, on-premises, mobile, desktop, and virtualized endpoints. It also:

• Supports data protection on company-owned and bring your own devices through non-intrusive mobile application management.
• Empowers organizations to provide data protection and endpoint compliance that support a Zero Trust security model.
• Brings together device visibility, endpoint security, and data-driven insights to increase IT efficiency. In hybrid work environments, admin tasks and end user experiences are improved.

Intune integrates with other services, including Azure Active Directory (AD), on-premises Configuration Manager, mobile threat defense (MTD) apps & services, Win32 & custom LOB apps, and more.

If you're moving to the cloud or are adopting more cloud-based services, Intune is a great place to start.

For more information, go to:

• What is Microsoft Intune?
• Get started with Microsoft Intune

Configuration Manager and co-management

Configuration Manager is an on-premises management solution that can manage desktops, Windows servers, and laptops that are on your network or are internet-based. You can use Configuration Manager to manage data centers, apps, software updates, and operating systems.

To benefit from all that's happening in Microsoft Intune, connect to the cloud with co-management. Co-management combines your existing on-premises Configuration Manager investment with some of the cloud-based features in Intune, including using the web-based Microsoft Intune admin center.

Co-management is a great way to get started with Intune and to start moving some workloads to the cloud.

For more information, go to:

• What is Configuration Manager?
• What is co-management?
• Tenant attach: Prerequisites

Endpoint analytics

Endpoint analytics is a cloud-native service that provides metrics and recommendations on the health and performance of your Windows client devices. If you use Configuration Manager, you can benefit from Endpoint Analytics insights by connecting to the cloud.

You can get data on:

• Startup performance
• How frequently devices restart
• A list of apps that affect end-user productivity
• Recommendations on how to improve performance

This information and more is shown in the Microsoft Intune admin center.

You can use Endpoint Analytics on devices that are managed with Intune or Configuration Manager connected to the cloud.

For more information, go to:

• What is Endpoint analytics?
• Endpoint analytics scores, baselines, and insights
• Tutorial: Walkthrough the Microsoft Intune admin center
• Quickstart - Enroll Configuration Manager devices

Windows Autopilot

Windows Autopilot is a cloud-native service that sets up and pre-configures new devices, getting them ready for use. It can also reset and repurpose existing devices. It's designed to simplify the lifecycle of Windows devices from initial deployment through end of life, benefitting IT and end users.

Use Windows Autopilot to pre-configure devices, automatically join devices to Azure AD, automatically enroll the devices in Intune, customize the out of box experience (OOBE), and more. You can also integrate Windows Autopilot with Configuration Manager and co-management for more device configurations.

If you constantly provision new devices or repurpose existing devices, then use Windows Autopilot.

For more information, go to:

• Windows Autopilot overview
• Enroll Windows devices in Intune

Azure Active Directory (AD)

Azure Active Directory (Azure AD) is a cloud-native service that's used by Intune to manage the identities of users, devices, and groups. The Intune policies you create are assigned to these users, devices, and groups. When devices are enrolled in Intune, your users sign in to their devices with their Azure AD accounts (user@contoso.com).

Azure AD Premium, which may be an extra cost, has more features to help protect devices, apps, and data, including dynamic groups, automatic enrollment in Intune, and conditional access.

For more information, go to:

• Add users
• Set up auto-enrollment
• Learn about conditional access and Intune

Intune admin center

The Intune admin center is a one-stop web site. Use the admin center to add users & groups, create & manage policies, and monitor your policies using report data. If you use Configuration Manager tenant-attach or co-management, you can see your on-premises devices and run some actions on these devices.

The admin center also plugs-in other key device management services, including:

• Azure AD Privileged Identity Management to monitor access to important resources
• Microsoft Tunnel VPN gateway solution that runs on Linux
• Mobile threat defense partners
• Remote Help for remote assistance
• TeamViewer for remote administration
• Windows 365 for your Windows virtual machines
• Windows Autopatch to automate updates

Next steps

• Learn more about cloud-native endpoints
• Microsoft 365 Feature comparison and licensing
• Microsoft Intune licensing
• Get started with Microsoft Intune