What is Microsoft Intune and how does it work?
Microsoft Intune is a cloud-based service that helps organizations manage devices, applications, and security policies from a central location. Instead of relying on on-premises servers, Intune stores configuration data and policy definitions in the cloud, and managed endpoints communicate over the internet.
What does Intune manage?
Intune uses two complementary approaches:
- Mobile device management (MDM) applies settings and policies directly to devices. This method gives administrators control over device configuration, operating system updates, security settings, and inventory.
- Mobile application management (MAM) focuses on protecting corporate data within apps instead of controlling the entire device. MAM policies work even on devices that aren’t enrolled, making it a good fit for BYOD scenarios.
Many organizations use both MDM and MAM together; for example, corporate-owned phones might be fully enrolled with MDM while employees’ personal tablets receive only app protection policies.
How does the Intune architecture work?
Intune runs in the Microsoft 365 cloud and connects to other services such as Microsoft Entra ID (for identity and device registration), and the Microsoft Intune admin center (for configuration). Devices communicate with Intune through secure HTTPS channels. When a device enrolls, it registers itself and downloads a management profile that establishes a trust relationship.
Policies and configurations are created in the admin center, assigned to user or device groups in Entra ID, and then delivered to the appropriate endpoints. Intune keeps track of compliance status, reports inventory data, and can take remote actions such as wipe or lock.
Roles and responsibilities
Administrators work in the Microsoft Intune admin center. Common roles include:
- Global administrator – full access to all Intune and Azure AD settings.
- Intune administrator – manages policies, apps, and devices but has no access to billing or user licenses.
- Device compliance administrator – focuses on building and monitoring compliance policies.
Role-based access control (RBAC) lets you restrict permissions so that each administrator sees only the sections relevant to their job. For example, help desk staff can have rights to wipe lost devices without seeing user licensing details.
Why Intune matters
With more people working remotely and using multiple devices, centralizing management in a cloud service reduces complexity and costs. Intune’s integration with the wider Microsoft 365 ecosystem means you can enforce security, deploy apps, and monitor health across Windows, macOS, iOS/iPadOS, and Android—all without a VPN or on-premises infrastructure.
By the end of this unit, you should be able to describe the basic components of Intune, the difference between MDM and MAM, and who performs which tasks in the service.