This webinar covered device management with Microsoft 365. It discussed using Azure Active Directory, Intune, and other mobile device management solutions to manage devices across BYOD, corporate-owned, and education scenarios. It also provided an overview of the new end user experience for enrolling devices and applying management policies through Intune, including guided device enrollment and app protection policies. The webinar concluded by providing resources for additional Microsoft 365 and cloud training from the presenter.
9. News
• Microsoft365 Dark Mode
• https://medium.com/microsoft-design/designing-dark-mode-31400530787a
• Office 365 Outlook connector: Important upcoming changes
• https://flow.microsoft.com/en-us/blog/office-365-outlook-connector-important-upcoming-changes/
• Revamped student learning with Teams
• https://news.microsoft.com/features/high-tech-for-higher-ed-an-australian-engineering-professor-
revamps-student-learning-with-teams/
• MFA and End user Impacts
• https://c7solutions.com/2019/08/mfa-and-end-user-impacts
• What’s new in Teams
• https://techcommunity.microsoft.com/t5/Microsoft-Teams-Blog/What-s-New-in-Microsoft-Teams-July-
2019/ba-p/779946
11. Azure Active Directory
Azure AD Join
MDM Policies
Microsoft Intune
and other MDM
Traditional on-premCloud
Active Directory
Domain Join
Group Policy
System Center Configuration
Manager
12. Knowledge Workers
Productive on company-owned
and personal devices
Firstline Workers
Productive on shared/Kiosk
devices
SMB Employee
Productive personal devices
Simplified admin experience in
Teachers / Students
Productive on lab or school devices
Grouped based on classes/labs/carts
Customized console, policies for EDU
Intune and ConfigManager in Microsoft
365 Enterprise
Intune in Microsoft 365 F1 Microsoft 365 Business
powered by Intune
Intune for Education in
Microsoft 365 Education
M365 Flexible Device Management for all Organizations & Users
13. Mobile application
management
PC managementMobile device
management
Intune helps organizations provide their employees with access to corporate applications, data, and
resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
User IT
14. Mobile devices and PCs Mobile devices
System Center
Configuration
Manager
Domain joined PCs
Configuration Manager integrated with Intune (hybrid)Intune standalone (cloud only)
IT IT
Intune web console Configuration Manager console
22. Introduction to Intune App Protection Policies (APP)
Personal apps
Corporate apps
MDM
policies
Familiar Office experience
• Seamless “enrollment” into app management
• Use for personal and corporate accounts
Comprehensive protection
• App encryption at rest
• App access control – PIN or credentials
• Save as/copy/paste restrictions
• App-level selective wipe
MDM mgmt. by Intune or third-party is optional
Might be a good solution for these scenarios:
• BYOD when MDM is not required
• Extending app access to vendors and partners
• Already have an existing MDM solution
MAM
policies
MDM – optional
(Intune or 3rd-party)
24. Modern Provisioning
Hardware Vendor
Windows
Autopilot Service
Employee unboxes device,
self-deploys
Ship Deliver direct to Employee
Self-deploy
IT Admin
Existing
DevicesRegister
devices
Intune and AAD
Register devices,
configure
profiles
25. Microsoft Cloud
3rd Party SaaS Apps
On Premises Apps
Microsoft Azure
Monitor users /
prevent data leak
Block various actions
Restrict download
Enforce MFA
Block sign-in
Allow sign-in
Access Control
Session Restrictions
OS Platform
Is Compliant / Domain joined
Is lost or stolen
Device Risk
Device
User identity
Group membership
Session Risk
User
Mobile or Cloud app
Per app policy
App
Location
IP range
Country / Region
ApplicationsPolicy Controls
Conditional Access
Policy Conditions
Windows
Defender
Azure AD
Identity
Protection
Service
Microsoft
Cloud App
Security
ODSP limited
access
26. Personal apps
Managed apps Company Portal
Are you sure you want to wipe
corporate data and applications
from the user’s device?
OK Cancel
Perform selective wipe via self-service company portal or admin console
Remove managed apps and data
Keep personal apps and data intact
ITIT
27. Personal apps
Managed apps
Maximize productivity while preventing leakage of company
data by restricting actions such as copy/cut/paste/save in
your managed app ecosystem
User
28. Enforce corporate data
access requirements
Prevent data leakage
on the device
Enforce encryption
of app data at rest
App-level
selective wipe
29. CIAOPS Resources
• Blog – http://blog.ciaops.com
• Free SharePoint Training via email – http://bit.ly/cia-gs-spo
• Free Office 365, Azure Administration newsletter – http://bit.ly/cia-o365-tech
• Free Office 365, Azure video tutorials – http://www.youtube.com/directorciaops
• Free documents, presentations, eBooks – http://slideshare.net/directorcia
• Office 365, Azure, Cloud podcast – http://ciaops.podbean.com
• Office 365, Azure online training courses – http://www.ciaopsacademy.com
• Office 365 and Azure community – http://www.ciaopspatron.com
Twitter
@directorcia
Facebook
https://www.facebook.com/ciaops
Email
director@ciaops.com
Skype for Business
admin@ciaops365.com
30. Get access to the latest
information by becoming a
Patron
http://www.ciaopspatron.com