Microsoft Intune

What is Microsoft Intune?

Microsoft Intune is a cloud-based endpoint management solution, sometimes described as an Enterprise Mobility Management (EMM) solution. It manages user access to organizational resources and simplifies app and device management across many devices, including mobile devices, thin clients, desktop computers, and virtual endpoints. Microsoft Intune provides mobile device management (MDM) and mobile application management (MAM).

Microsoft Intune is frequently used together with Azure services delivering virtualized apps and desktops such as AVD (Azure Virtual Desktop) and Windows 365 Cloud PC.

Through integration with Azure Active Directory (now called Entra ID), Intune plays a role in managing identity and access for users and devices. It helps organizations implement secure and efficient access to resources. The Entra ID / Azure Active Directory integration also provides conditional access policies. This allows organizations to control access to corporate resources based on conditions such as the user's device compliance, location, or other factors.

Intune offers reporting and monitoring capabilities that allow administrators to track the compliance status of devices, monitor security events, and generate reports to assess the overall health of the managed environment.

Tools such as Microsoft Intune reduce the total cost of ownership (TCO) of desktops and apps by removing the effort and resources needed for their lifecycle management via features that help deploy, configure, and secure devices and applications on new or re-imaged devices.

Is Intune part of Office 365 / Microsoft 365?

Microsoft Intune is a standalone product included with certain Microsoft 365 plans, while Basic Mobility and Security is part of the Microsoft 365 plans. Details of Intune availability within Microsoft 365 are available, here: Choose between Basic Mobility and Security and Intune - Microsoft 365 admin | Microsoft Learn.

Can i use Intune for hybrid environments?

Microsoft recommends deploying new devices as cloud-native using Microsoft Entra join. Deploying new devices as Microsoft Entra hybrid join devices isn't recommended, including through Autopilot. For more information, see Microsoft Entra joined vs. Microsoft Entra hybrid joined in cloud-native endpoints: Which option is right for your organization. For information on when and how to use Microsoft Entra Hybrid join, please see: Enrollment for Microsoft Entra hybrid joined devices - Windows Autopilot | Microsoft Learn and Understanding Microsoft Entra hybrid join and co-management.

Is Microsoft Intune a monitoring tool?

Microsoft Intune is not a monitoring tool but a management tool. As such some functionality is provided to allow you to manage and understand the status of applications. Information on how to do this via the Apps Overview Pane is provided, here: Monitor app information and assignments - Microsoft Intune | Microsoft Learn. To monitor, troubleshoot and understand the performance of applications a monitoring tool should be selected.

Monitoring and auditing of Microsoft Intune

For organizations relying on Microsoft Intune, it becomes a critical component of their IT landscape and as such many monitor the performance and availability of this cloud-based service.

Intune relies on various connectors, certificates and enrollment profiles to operate. Connectors must be healthy and functioning, certificates must not have expired as must any authentication tokens that enrollment profiles depend on. As such, monitoring certificates and tokens is an essential task.

Monitoring the connectivity of the Intune Admin Center is advisable.

Microsoft Intune audit logs can be used to track and monitor events in Intune. Audit logs include a record of activities that generate a change in Microsoft Intune. Create, update (edit), delete, assign, and remote actions all create audit events that administrators can review for most Intune workloads. By default, auditing is enabled for all customers. It can't be disabled. Intune audit logs and operational logs can also be routed to Azure Monitor.

How is Intune used together with Azure Virtual Desktop?

Microsoft Intune is often used with Azure Virtual Desktop (AVD) to provide comprehensive management and security for virtualized desktop environments. Intune facilitates device enrollment, policy enforcement, and application management for virtual machines used in AVD. It ensures compliance, implements conditional access, and integrates with Azure Active Directory / Entra ID for identity and access management. Intune also manages software updates, deploys applications, and enforces data protection policies, contributing to a secure and compliant virtual desktop experience.

Intune is not a monitoring tool and as such additional monitoring tools are usually used in AVD environments.