Enrolled device management capabilities of Microsoft Intune

Rob Stack
Contributors

Microsoft Intune lets you manage a range of devices by enrolling them into the service. You can enroll some device types yourself, or users can enroll using the company portal app. This also lets them perform operations like browsing and installing apps, ensuring that their devices are compliant with company policies, and contacting their IT support.

This topic gives a full list of the capabilities that you get after you enroll your device.

Management, inventory, app deployment, provisioning, and retirement are all handled through the Intune administration console. Users gain access to the company portal, which enables them to install apps, enroll and remove devices, and contact their IT department or helpdesk.

Device security and configuration

Capability Details More information
Configuration policies

Custom policies
Lets you manage many settings and features on mobile devices in your organization. For example, you can require a password, limit the number of failed attempts, limit the amount of time before the screen locks, set password expiration, and prevent previously used passwords. You can also control the use of hardware and software features such as the device camera or the web browser.

Use custom polices when configuration policies do not contain the settings that you require. For iOS devices, you can import settings that you exported from the Apple Configurator tool. For other devices, you can use Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings to configure settings and features on the device.
Manage settings and features on your devices with Microsoft Intune policies
Remote Wipe, Remote Lock, and Passcode Reset Erases sensitive data when a device is lost or stolen. For example, you can remotely lock the device, restore it to factory settings, or wipe only corporate data.

You can reset passcodes if users lose access to their device, lock missing or stolen devices, or even wipe data off of missing or stolen devices.
Help protect your devices with remote lock and passcode reset and Retire devices from Intune management
Kiosk mode Lets you lock down certain features of mobile devices such as screen captures and power switches. Also lets you restrict devices to run a single app that you specify. iOS configuration policy settings in Microsoft Intune

App management

Capability Details More information
App deployment and management Provides a range of tools to help you manage mobile apps through their lifecycle, including app deployment from installation files and app stores, detailed monitoring of app status, and app removal. Deploy apps in Microsoft Intune
Compliant and noncompliant apps Lets you specify lists of compliant apps (that users are allowed to install) and noncompliant apps (that users aren't allowed to install). iOS policy settings in Microsoft Intune
Mobile application management Configures restrictions for apps by using mobile application management for all devices that are both managed with Intune and not managed with Intune. This helps you to increase the security of your company data by restricting operations such as copy and paste, external backup of data, and the transfer of data between apps. Configure and deploy mobile application management policies in the Microsoft Intune console

Create and deploy mobile app management policies with Microsoft Intune

Prepare iOS apps for mobile application management with the Microsoft Intune App Wrapping Tool

Prepare Android apps for mobile application management with the Microsoft Intune App Wrapping Tool
iOS mobile app configuration Uses mobile app configuration policies to supply settings for iOS apps that might be required when the user runs the app. For example, an app might require the user to specify a port number or logon information. This can help streamline app configuration and reduce the number of support calls. Configure iOS apps with mobile app configuration policies in Microsoft Intune
iOS mobile app provisioning profiles Helps you deploy provisioning profiles to iOS apps that are nearing expiration. Use iOS mobile provisioning profile policies to prevent your apps from expiring
Managed browser Configures managed browser policies to control the websites that device users can visit. In addition, you can also apply mobile application management policies to the managed browser. Manage Internet access using managed browser policies with Microsoft Intune
Microsoft Passport Lets you integrate with Microsoft Passport for Work, which is an alternative sign-in method for Windows 10 that uses on-premises Active Directory or Azure Active Directory to replace a passwords, smart cards, or virtual smart cards. Control Microsoft Passport settings on devices with Microsoft Intune

Company resource access

Capability Details More information
Certificate profiles Creates and deploys trusted certificate profiles and Simple Certificate Enrollment Protocol (SCEP) certificates, which can be used to secure and authenticate Wi-Fi, VPN, and email profiles. Secure resource access with certificate profiles in Microsoft Intune
Wi-Fi profiles Deploys wireless network settings to your users. By deploying these settings, you minimize the user effort that's required to connect to the corporate network. Wi-Fi connections in Microsoft Intune
Email profiles Creates and deploys email settings to devices. This means that users can access corporate email on their personal devices without any required setup on their part. Configure access to corporate email using email profiles with Microsoft Intune
VPN profiles Deploys VPN settings to users and devices in your organization. By deploying these settings, you minimize the user effort that's required to connect to resources on the company network. VPN connections in Microsoft Intune
Conditional access policies Manages access to Microsoft Exchange email and SharePoint Online from devices that are not managed by Intune. Restrict access to email and SharePoint with Microsoft Intune

Inventory and reporting

Capability Details More information
Inventory and reporting Finds information about the devices that you manage and the software that the devices are using. Understand your devices with inventory in Microsoft Intune

See also

Windows PC management capabilities in Microsoft Intune

To submit product feedback, please visit Intune Feedback