You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/fundamentals/get-started-with-intune.md
+15-10Lines changed: 15 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ keywords:
7
7
author: MandiOhlinger
8
8
ms.author: mandia
9
9
manager: dougeby
10
-
ms.date: 10/04/2022
10
+
ms.date: 10/05/2022
11
11
ms.topic: overview
12
12
ms.service: mem
13
13
ms.subservice: fundamentals
@@ -48,15 +48,13 @@ This article provides an overview of the steps to start using Intune, including:
48
48
- Protect organization app data on personal devices
49
49
- Cloud-attach with Configuration Manager
50
50
51
-
It's also a good practice to review the [Planning guide to move to Microsoft Intune](intune-planning-guide.md) before you get started.
52
-
53
51
## Step 1 - Plan your Intune deployment
54
52
55
53
A successful adoption or migration to Microsoft Intune starts with a plan. Your plan depends on your organization's current device management solution, business goals, and technical requirements.
56
54
57
55
Intune gives you options to manage access to your organization using Mobile Device Management (MDM) or Mobile Application Management (MAM). MDM is when users "enroll" their devices in Intune. Once enrolled, they're managed devices, and can receive any policies, rules, and settings used by your organization. For example, you can install specifics apps, create a password policy, install a VPN connection, and more.
58
56
59
-
If users with their own personal devices will access organization resources, then you need to protect any apps that access your organization data using MAM, at a minimum. You can create MAM policies for Outlook, Teams, SharePoint, and other apps.
57
+
If users with their own personal devices will access organization resources, then you need to protect any apps that access your organization data using mobile application management (MAM), at a minimum. You can create MAM policies for Outlook, Teams, SharePoint, and other apps. MAM policies are discussed more later in this article ([Protect organization app data on personal devices](#protect-organization-app-data-on-personal-devices)).
60
58
61
59
To help you plan your Intune deployment, use the [Planning guide to move to Microsoft Intune](intune-planning-guide.md). It covers personal devices, licensing considerations, creating a rollout plan, communicating changes to your users, and more.
62
60
@@ -112,7 +110,9 @@ This step focuses on setting up Intune and getting it ready for you to manage yo
112
110
113
111
You can manually add users or use hybrid identity and Azure AD Connect to sync your on-premises user accounts with Intune. You can also give admin roles to specific users. Users are required unless your devices are "userless" devices, such as kiosk or dedicated devices commonly used by frontline workers.
114
112
115
-
Azure AD groups can simplify how you manage devices and users in Intune. For example, your organization wants to require a specific app on Android devices. You can create an Android devices group and deploy a policy with this app to your group.
113
+
Azure AD groups can simplify how you manage devices and users in Intune.
114
+
115
+
For example, your organization wants to require a specific app on Android devices. You can create an Android devices group and deploy a policy with this app to your group.
116
116
117
117
6.**[Assign licenses](licenses-assign.md)**. For users or devices to enroll in Intune, they require an Intune license.
118
118
@@ -128,7 +128,9 @@ MDM solutions like Intune can set rules that devices should meet, and can report
128
128
129
129
For example, you can choose an acceptable (or unacceptable) threat level, block jailbroken or rooted devices, require a password length, and more. If these devices don't meet your rules, meaning they aren't compliant, then you can use conditional access to block access to your resources.
130
130
131
-
If you prefer, you can enroll your devices before checking compliance. It's up to you. When users enroll their devices in Intune, then enrollment process can automatically deploy your compliance policies. When enrollment completes, admins can check the compliance status and get a list of devices that don't meet your rules. Microsoft recommends creating compliance and conditional access policies baseline, and then deploying these policies during enrollment.
131
+
If you prefer, you can enroll your devices before checking compliance. It's up to you. When users enroll their devices in Intune, then enrollment process can automatically deploy your compliance policies. When enrollment completes, admins can check the compliance status and get a list of devices that don't meet your rules.
132
+
133
+
Microsoft recommends creating a baseline of compliance and conditional access policies, and then deploying these policies during enrollment.
132
134
133
135
In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), you create your policies and assign them to your groups. As a best practice, start small, and use a staged approach. For example, create an iOS/iPadOS policy that blocks jailbroken devices. Apply the policy to a pilot or test group. After initial testing, add more users to the pilot group. For more guidance, go to the [Microsoft Intune planning guide](intune-planning-guide.md).
134
136
@@ -143,23 +145,26 @@ The following articles are good resources:
143
145
144
146
Every organization has a base set of apps that should be installed on devices. Your organization may require a specific email app, web browser, or VPN app. You can use Intune to deploy these apps to your users before they enroll their devices. When users enroll their devices, these apps can be automatically installed during the enrollment process.
145
147
146
-
If you prefer, you can enroll your devices before installing apps. It's up to you. When users enroll their devices in Intune, the enrollment process can automatically deploy your app policies. When enrollment completes, the apps are ready to use. For key productivity apps, Microsoft recommends creating a baseline of app policies and then deploying these policies during enrollment.
148
+
If you prefer, you can enroll your devices before installing apps. It's up to you. When users enroll their devices in Intune, the enrollment process can automatically deploy your app policies. When enrollment completes, the apps are ready to use.
149
+
150
+
For key productivity apps, Microsoft recommends creating a baseline of app policies and then deploying these policies during enrollment.
147
151
148
152
Intune supports a wide range of apps, including store apps, line-of-business (LOB) apps, Win32 apps, and more. You can manage app deployment using the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). Also, you can connect to your managed Google Play, the Apple App Store, and the Microsoft Store to deploy apps from these locations.
149
153
150
154
The following articles are good resources:
151
155
152
-
-[What is app management in Microsoft Intune](../apps/app-management.md)
156
+
-[What is app management in Microsoft Intune?](../apps/app-management.md)
153
157
-[Windows 10/11 app deployment using Microsoft Intune](../apps/apps-windows-10-app-deploy.md)
154
-
-[Protect your company app data with Microsoft Intune and Microsoft Graph](/graph/api/resources/intune-app-conceptual)
155
158
156
159
## Step 6 - Configure device features
157
160
158
161
Your organization may have a base set of device features that should be configured or should be blocked. These settings are added to device configuration policies. You can create device configuration policies that add a VPN connection, block access to personal cloud storage, turn off bluetooth discovery, and more. You can also configure device features that help protect your organization's devices, including requiring device encryption and requiring strong passcodes.
159
162
160
163
You can use Intune to configure these device features before users enroll their devices. When users enroll their devices, these device features can be automatically configured, and ready to use.
161
164
162
-
If you prefer, you can enroll your devices before creating device configuration policies. It's up to you. When users enroll their devices in Intune, the enrollment process can install your device configuration policies, like a VPN connection. When enrollment completes, the feature is ready to use. For key device configuration features, such as VPN or Wi-Fi, Microsoft recommends creating the policies and then deploying these policies during enrollment.
165
+
If you prefer, you can enroll your devices before creating device configuration policies. It's up to you. When users enroll their devices in Intune, the enrollment process can install your device configuration policies, like a VPN connection. When enrollment completes, the feature is ready to use.
166
+
167
+
For key device configuration features, such as VPN or Wi-Fi, Microsoft recommends creating the policies and then deploying these policies during enrollment.
163
168
164
169
In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), you can create different policies based on your device platform - Android, iOS/iPadOS, macOS, and Windows. For example, you can:
0 commit comments