Preface

Microsoft Intune is a market-leading Mobile Device Management (MDM) tool for securely managing your Apple iOS, macOS, Android, and Windows devices anywhere in the world.

With the rapid move to hybrid working and more employees now wanting flexibility, traditional device management tools such as Active Directory are limited for staff working outside of the office, without implementing complicated Always On VPN.

As Microsoft Intune is fully cloud-based, devices can be managed comprehensively from any location. This can be further improved by implementing Windows Autopilot for machine provisioning, and devices can be shipped directly to end users with no input required from the IT department.

Configuring your new environment to work reliably can be a daunting task with multiple options to configure settings, and this is where can help, running through every stage, from purchasing your licenses to enrolling your devices in a working environment.

On top of this, automation is a key part of working with IT systems; automating a repeatable task reduces the risk of user error as well as significantly improving productivity. As well as demonstrating how to configure your environment in the web portal, this book will also show you how to leverage Microsoft PowerShell and Microsoft Graph to automate your daily tasks. For this purpose, several recipes have an section included.

Included at the following URL are links to some excellent community resources, which are worth reading and following as you embark on your Intune journey:

https://github.com/PacktPublishing/Microsoft-Intune-Cookbook/blob/main/blogs-links-communities.md

Note that during the writing of this book, Microsoft renamed to , so there may be occasions where the old Azure Active Directory naming is used, especially in screenshots where the portals had not been updated.

Who this book is for

This book is ideal for anyone either starting out on their Intune journey or existing Intune users who want to learn Microsoft Graph for automation.

This could be system administrators, end-user computer administrators, cloud administrators, or even support staff looking to take the next step up the ladder.

As it is a hands-on cookbook, while it touches on architectural considerations, the primary demographic is technical staff who are implementing a solution.

While the book does not cover the basics of PowerShell scripting, you should be able to follow the scripts with a limited knowledge of PowerShell commands.

What this book covers

, , is an introduction to Intune. It takes a look at licensing requirements and setting up the first tenant. It then moves onto Entra ID, covering MDM and Mobile Application Management (MAM) enrollment scopes, the creation of both static and dynamic groups, and then assigning roles and looking at device settings.

, , looks at the policy options available for Windows devices and how to use them to comprehensively manage your Windows fleet.

, , covers all the important security policies available for Windows devices and how to best configure them for your environment.

, , looks at Windows Update and autopatch, configuring Windows Hello for Business, before finally looking at the enrollment of devices using Autopilot and the Enrollment Status Page (ESP).

, , covers the management of your Android devices using Google Play. It runs through the full end-to-end process of configuring your managed Google Play account, connecting it to Intune, and using it to deploy applications. After configuring the connections, the chapter will run through configuring your enrollment profiles for different use cases and then move on to the policies themselves, including looking at Original Equipment Manufacturer (OEM) specific policies. Finally, it will cover the use of app protection policies for Bring your Own Device (BYOD) scenarios.

, , looks at the management of both iOS and macOS devices from Apple, with devices managed by Apple Business Manager and Apple Volume Purchase Program for applications. After running through configuring Apple Business Manager, the chapter then demonstrates how to connect it to Intune, add the required certificates, and set up enrollment profile tokens. Once the basic environment is configured, it moves on to configuring policies and deploying (and protecting) applications from the app store for iOS.

, , continues the Apple journey with macOS devices. It covers configuring your first policy and then deploying scripts and applications to your devices, before finally looking at keeping your macOS up to date.

, , explores the very important, but often overlooked, area of compliance. When tied to Conditional access, it is the best way to secure your environment against risky/infected machines. The chapter covers configuring compliance policies for all currently supported operating systems and the various settings available for each. For Windows devices, it also dives into the more complex but powerful custom compliance policies. Finally, it demonstrates how to link your compliance policies to a Conditional access policy.

, , runs through the monitoring options available within Intune. It looks at monitoring your applications (both installed and detected) and your critical app protection policies and then moves on to the devices. In device monitoring, you can learn how to review the success of your configuration profiles, device compliance, and device enrollment successes and failures. The chapter will then look at checking your device update status and, finally, review any admin tasks within the portal itself, including device actions and audit logs for policy/app changes.

, , covers all of the available reports within Intune initially, including security and Endpoint analytics. It then moves beyond Intune, covering connecting PowerBI to the Intune Data Warehouse and deploying Windows Update for Business Reports within an Azure Log Analytics Workspace. Finally, it will cover how to export your diagnostics events to Azure for further alerting or management.

, , examines application packaging and deployment, which can be a blocker to many. The chapter runs through deploying all Windows applications, starting with your straightforward Microsoft Store apps and then covering packaging in the MSIX or Win32 format, using the official Microsoft tools. It also covers application dependencies and supersedence for Win32 applications.

, , looks at all of the available scripts inside Intune, starting with the basic device scripts. It will then move on to the very useful proactive remediations before looking at how they can be used when deploying apps – in particular, during detection and requirement checking.

, , runs through the options within the Tenant Administrative menu within Intune, including your day-to-day admin tasks (monitoring connectors, troubleshooting, and version checking). It also covers the more set-once options such as terms and conditions, setting roles, and customizing. Finally, it covers using filters to manage assignments, sending organizational messages, and looking at multi-admin approval.

, , looks at the additional licensed features currently included in the Intune Suite. We will look at Remote Help, Microsoft Tunnel for Android/iOS, device anomalies, and Endpoint Privilege Management.

To get the most out of this book

For the sections on automation, you will need a machine capable of running PowerShell; version 5 or version 7 will work fine. While you can simply download and run the scripts, using an editor will aid in following the steps.