BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Microsoft Intune is a cloud-based enterprise mobility management tool that aims to help organizations manage the mobile devices employees use to access corporate data and applications, such as email.
It is a component of Microsoft's Enterprise Mobility + Security (EMS) offering, a mobile device management and application management platform. Microsoft's Intune app is designed to integrate with other parts of the EMS platform, including Azure Active Directory and Azure Information Protection. The app protection policy component of Microsoft Intune uses Azure Active Directory identity to maintain separation between corporate and personal data.
Microsoft Intune launched in 2011 as Windows Intune. The name change to Microsoft Intune was announced in 2014.
A key development since the name change has been the migration of Microsoft Intune to the Microsoft Azure public cloud. In December 2016, Microsoft unveiled a preview in which administrators could access and manage Microsoft Intune using the Azure portal. In June 2017, Microsoft announced the general availability of Intune management through the Azure portal.
Microsoft's conditional access solution also became available via the Azure portal in 2017. Conditional access works across the EMS suite, letting organizations control access to enterprise data based on considerations such as location and the sensitivity of a given application.
In 2018, Microsoft said its Intune Managed Browser application on iOS and Android can utilize single sign-on to access all web applications, both SaaS and on premises, provided those applications are connected to Azure Active Directory.
What Intune does
Microsoft has identified a number of business issues that Intune can address. Those include the ability to protect on-premises email and data -- including Office 365 mail and data -- so mobile devices can safely access them. The company said the Intune app also helps organizations issue corporate-owned phones, offer a BYOD or personal device program and provide limited-use shared tablet PCs to task-oriented workers.
How it works
In Microsoft's approach to managing mobile devices, Intune uses protocols or APIs available in mobile operating systems to execute tasks, such as enrolling devices. Enrollment lets IT personnel maintain an inventory of devices able to access enterprise services. Other tasks include configuring mobile devices, providing certificates and Wi-Fi and virtual private network profiles, and compliance reporting with regard to corporate standards. Intune integrates with Azure Active Directory to provide access control capabilities.
Microsoft's Intune app management approach, meanwhile, covers areas such as assigning mobile apps to the workforce, configuring those apps with standard settings and removing enterprise data from mobile apps. Intune, when used in conjunction with other EMS suite services, lets an organization provide apps that can access additional mobile app and data security features, such as single sign-on and multifactor authentication.
Microsoft Intune subscriptions are licensed on a per-user, per-month basis. The product may be purchased as a stand-alone offering or as part of EMS.