Microsoft Intune for mobile devices

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM).

Intune allows you to control how your organization's devices are used, including cell phones, tablets and laptops. If you are on your personal device, your organization's data remains protected and isolated from personal data.

Manage devices

For organizationally owned devices, you can have complete control, including settings, features and security. Once devices are enrolled, they receive your rules and settings through policies configured in Intune. This allows you to set password and PIN requirements, create a VPN connection, configure threat protection, and more.

In the case of personal devices, users choose whether to give full control to administrators. Users enroll their devices if they want full access to your organization's resources. If these users only want access to email or Microsoft Teams, use application protection policies that require multi-factor authentication (MFA) to use these applications.

Administrator access allows you to:

• View enrolled devices and their access
• Configure devices to meet your security and health standards.
• Send certificates to devices so users can easily access your Wi-Fi network or use a VPN to connect to your network.
• View reports on user and device compliance
• Delete data from the organization if a device is lost, stolen or no longer in use.

Manage apps

Mobile application management (MAM) in Intune is designed to protect enterprise data at the application level, including custom applications and store apps. It can also be used on personal devices.

Administrator access allows you to:

• Add and assign mobile apps to user groups and devices.
• Configure apps to start or run with specific settings enabled.
• View reports on used apps and track their usage.
• Perform selective cleanup by deleting only organizational data from apps

App protection policies :

• Use Azure AD identity to isolate organizational data from personal data. 
• Helps secure access on personal devices by limiting the actions users can perform, such as copy and paste, save and view.

The organization may allow the user to access data that is denied to their personal identity. When corporate data is used, application protection policies control how data is stored and shared. When users log in with their personal identity, these same protections are not applied. In this way, IT controls corporate data, while end users retain control and privacy of their personal data.

Intune is part of Microsoft's Enterprise Mobility + Security (EMS) suite. It integrates with Azure Active Directory (Azure AD) to control who has access and what they can access. It also integrates with Azure Information Protection for data protection. It can be used with the Microsoft 365 suite of products. For example, you can deploy Microsoft Teams, OneNote, and other Microsoft 365 apps to devices. This feature enables people in your organization to be productive on all of their devices while keeping your organization’s information protected with the policies you create.