In today’s day and age, especially with the struggles we’re facing the past year, having the ability to conduct your work remotely is becoming more relevant and for some even required. For example, this is reflected in company policies regarding remote working. Budgets are being freed up for home work spaces. Proposing this company-wide would have been somewhat unthinkable last year. Your company’s CFO would have looked at you like you’ve had lost your mind if discussed in 2019.
Luckily for IT, and everyone working in this sector, this has been a growing norm for the last couple years regardless. Imagine how the employees and organizations would be impacted if everyone would have to work from home to our current extent with roaming profiles, local exchange servers or multiple network shares/login scripts. I can’t imagine how somebody’s day would look like if they would have to replace their computer remotely. Painful would be an understatement. Luckily, something as critical as device management remotely has been made easy with Intune.
The issues
One of the first things that pops into my head when somebody discusses remote working is Device management; How will my PC’s be updated with the latest patches? What if my employees just postpone updates for months on end? What if my Group Policies do not take effect, because people simply do not connect to VPN? What if I want to push out new software, but half my company is working from home?
All the problems above can be taken care of with Intune. Intune works together with Azure Active Directory to manage:
- Device settings/Defaults
- Policies
- Anti-Virus
- Windows Updates
- Run scripts
- Deploy software
And this is only a few of the features Intune provides. This goes for both laptops and mobile devices; all policies and settings can be enforced on both device level and user level. Whatever is easier for your organization! Feel the need to enforce policies on specific Security Groups? Deploy Windows Updates for your developers specifically on Wednesday at 13:05? Or push three specific applications to your Finance team once they log onto a laptop? Not a problem. See the image below for an overview of how Intune and Azure AD works together.
Intune
Intune, in my eyes, serves as a replacement for on-prem Active Directory and SCCM.
(SCCM (Microsoft System Center Configuration Manager) allows for device and software deployment via your company network or remotely if setup correctly. In the past I’ve been asked to mimic our policies and software deployment provided by GPO + SCCM, with Intune. If you’re asked to do the same, I’d advise you go through your On-prem Policies and write down anything that is important, on both user and device level. Most relevant settings can be mimicked by Intune, with the exceptions of some settings. Something you’ll notice with Intune policies is that they might not go as deep as GPO for some settings. But most of that can be overcome easily. For example, you could deploy specific Registry Keys as a file or run a Script via Intune instead. In my next blog, I’ll dive a bit deeper into the policies of Microsoft Intune.
So…
Intune is being developed rapidly and is certainly worth keeping an eye on.
This will likely be Microsoft’s way forward and the more I personally experiment with it, the more excited I get. In this blog I talked mainly about how Intune can solve your challenges, but in my next I will dive deeper into the policies that Intune has. So, stay (In)tuned for more!