Intune is a really cool tool! “What is Intune? What does it do?” I hear you ask. Well, I could tell you that Intune is “a cloud-based endpoint management solution. It manages user access to organizational resources and simplifies app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints.” You can thank Microsoft’s for that one.
But what does the word salad actually mean? Depending on the definitions used, it could very well be explaining a website dashboard, possibly a container or remote support service of some kind. Well, that’s what we are going to clarify today.
Defining the Terms
There are some key words in Microsoft’s definition that I think are important to understand. Words like “manage” and “solution” and “endpoints” and probably the most important keyword, “cloud-based.”
Lets go down the list:
- What does it mean to “manage” a device according to Microsoft. Essentially, managing a device means to touch it. It means having the ability to reach the device, access it, and administer changes to it to varying degrees. The degree to which you can administer changes is dictated by the sites global administrator or owner. Which leads us into our next definition…
- “User access,” literally means how it sounds and luckily is not much more complex. Its the system that applies how much “access” a “user” has. Whether that access be to sites, services, computers, or other resources. It is like when you save a password in your browser to automatically log into an email. Except in this case, instead of YOU saving the password to the browser, the admin assigns the password to your account. The difference maker is when you are trying to sign into a resource like a special server that you have no business being in, the administrator will make sure there is no password associated with your user account.
- What is a “solution?” What does Microsoft mean when they use the word “solution?” They mean a marketable offering or product. An app, service, or device, etc. that can be packaged and sold to a consumer. So, in this context, Intune is a cloud-based product that provides the service of managing endpoints. Speaking of endpoints that’s out next definition!
- Endpoints. “Endpoint” is just another word for devices. They can be physical devices like desktop computers, laptops, servers, tablets, or cell phones. They can also be digital devices like virtual machines (VM’s). They are called endpoints because if you look at a network, the computers and such devices are an extremity of the core of the network. Like finger tips to a hand. If you were to pick any cable and follow it to see what it was connected to, there are two scenarios likely to happen. A. you reach a node that is connected to at least one or perhaps many other nodes. Or, B. The end of the cable leads to a device and its not connected to anything else. In this case B. would be an endpoint because B. is at the end of that cable and its a dead end road. However, the word “endpoint” has become short-hand for “a device.” Technically incorrect but it doesn’t hurt anything to use it in that way.
- Finally, “Cloud-based.” It just means the thing, whatever it may be (VM, service, resource), is housed and lives on the internet and NOT at your house or business. Simple. In regards to Intune, it mostly is talking about itself.
Already sold? Learn more about Intune, here.
Intune Is Buff
Have you ever played Sim City? Where you have to build complex interlinked interdependent systems in order to make the population happy?
Its a lucky thing you had a Birdseye view and god-like control over everything isn’t it? I mean, just imagine trying to plan and organize the city from ground level and having to move from one area of development to the other by physically…just…going there. That game would SUCK. You know what doesn’t suck? Intune. Its just like Sim City, but instead of buildings there are endpoints. And instead of people, there are user accounts.
The Nitty-Gritty
In Intune you have a dashboard with things called “Blades.” Basically they are expandable and collapsible columns that change based on what tab you select. Looks like this.
Check out the options in the far left blade. The main options when first getting started are Devices, Apps, Users, and groups. Endpoint security, Reports, and Tenant administration require a bit more familiarity with Intune so we can save those for a later date.
Below is your Dashboard. This is the first thing you will see. Its actually pretty simple once you get used to it and know what everything does.
Devices
This is the blade that allows you to “manage” all your devices. You can do things like: Add/remove devices, change settings and configurations, and even restart or wipe the device. This is all done remotely from your browser on your computer.
Apps
Here is where you can add apps to all your devices remotely! Just add the app, and then assign it to a computer. Intune will do the rest for you.
Users
It goes without saying that here is where you manage users. You can add/remove user accounts, reset passwords, add users to groups and see all kinds of account telemetry. Licensing is super important to a user account as well as assigned roles because that helps dictate what resources that user can access.
Groups
Here is a picture of the Sim City toolbar. See how its organized by type and pairs down and gets more specific the deeper you go? This is a lot like how you should treat Groups in Intune.
An Intune example would be something like: Create a group called BananaSlamma.local (Your domain) which contains all your devices. Next, it could pair down into two sub-groups DEV and PROD indicating what devices are in development and which ones are in production. If we click into the Production group you could create even more sub-groups based on department lets say, Sales, HR, Maintenance for example. You can keep going and get even more specific! You can make completely independent groups not associated or contained within other groups to control special permissions as well. The level of customizability is insane. When first starting out I recommend trying as best you can to keep it simple and logical.
More on Groups…
What is really great about groups is that it passes down whatever permissions it has, to the devices that are assigned to it. So, even though it is cool you can assign permissions to individual accounts, imagine having thousands of accounts to manage the permissions for! It would be an impossible task to keep up with and still function as a well rounded I.T. That’s why groups are so awesome! Just assign the user to a group and it inherits all the permissions associated with that group. What’s more, this can all be configured to happen automatically. But that is for another day.
Thank you
I hope this makes your understanding of the capabilities of Intune deeper and whets your appetite to learn even more. This little article has barely even scratched the surface. If you want more content simplifying Intune, let me know in the comments.