Microsoft Intune¶

Intune provides mobile device management (MDM) and mobile application management (MAM) for Windows, macOS, iOS, and Android devices.

Portal: Microsoft Intune admin center (intune.microsoft.com)

Checklist¶

• MDM authority set to Intune
• Auto-enrolment enabled in Entra ID (for Windows)
• Windows Autopilot configured (for new device provisioning)
• iOS/Android enrolment configured
• Compliance policies created for each platform
• Conditional Access policy requiring compliant devices (links to Entra ID)
• Windows security baseline applied
• BitLocker policy configured for Windows
• Windows Update rings configured
• App protection policies (MAM) for iOS and Android
• Required apps deployed

Architecture Overview¶

flowchart TD
    A[Device enrols] --> B[Compliance policy evaluated]
    B --> C{Compliant?}
    C -->|Yes| D[CA grants access to M365]
    C -->|No| E[CA blocks access / Grace period]
    B --> F[Configuration profiles applied]
    B --> G[Required apps deployed]

Sections¶

• Device Enrolment
• Compliance Policies
• Device Configuration
• App Management