Describe the endpoint management capabilities of Microsoft 365


In today’s workplace, IT departments support different devices configured in different ways. Your organization might have Android and iOS mobile phones, Windows and macOS PCs, and custom devices your users bring to work. Microsoft 365 provides the tools and services to enable you to simplify the management of all these devices through Microsoft Endpoint Manager (MEM).

MEM is a secure and intelligent management solution that improves productivity and collaboration with the familiar experiences users expect. MEM gives IT the flexibility to support diverse scenarios for both bring your own device (BYOD) and corporate-owned devices. MEM helps you solve the challenge of device management in today’s mobile and remote work environment.

Endpoint Manager combines services you may know and already be using. These services include Microsoft Intune, Configuration Manager, Desktop Analytics, co-management, and Windows Autopilot. These services are part of the Microsoft 365 stack to help secure access, protect data, and manage risk.

Microsoft Endpoint Manager includes the following service and capabilities:

  • Microsoft Intune. Intune is a 100% cloud-based mobile device management (MDM) and mobile application management (MAM) provider for your apps and devices. It lets you control features and settings on Android, Android Enterprise, iOS/iPadOS, macOS, and Windows devices. It integrates with other services, including Azure Active Directory (Azure AD), mobile threat defenders, ADMX templates, Win32 and custom LOB apps, and more. Create and check for compliance, deploy apps, features, and settings to your devices using the cloud.
  • Configuration Manager. Configuration Manager is an on-premises management solution to manage desktops, servers, and laptops that are on your network or internet-based. You can cloud-enable it to integrate with Intune, Azure AD, Microsoft Defender for Endpoint, and other cloud services. Use Configuration Manager to deploy apps, software updates, operating systems, monitor compliance, act on clients in real time and more.
  • Co-management. Co-management combines your existing on-premises Configuration Manager investment with the cloud using Intune and other Microsoft 365 cloud services. You choose whether Configuration Manager or Intune is the management authority for the seven different workload groups. As part of Endpoint Manager, co-management uses cloud features, including conditional access.
  • Desktop Analytics. Desktop Analytics is a cloud-based service that integrates with Configuration Manager. It provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows clients. The service combines data from your organization with data aggregated from millions of devices connected to the Microsoft cloud. It provides information on security updates, apps, and devices in your organization, and identifies compatibility issues with apps and drivers.
  • Windows Autopilot. Windows Autopilot sets up and pre-configures new devices, getting them ready for use. It's designed to simplify the lifecycle of Windows devices, for both IT and end-users, from initial deployment through end of life. You can use Autopilot to preconfigure devices, and automatically enroll devices in Intune. You can also integrate Autopilot with Configuration Manager and co-management for more complex device configurations (in preview).
  • Azure AD. Azure AD is used by Endpoint Manager for identity of devices, users, groups, and multi-factor authentication (MFA). Azure AD Premium, which may be an extra cost, has other features to help protect devices, apps, and data, including dynamic groups, auto-enrollment, and conditional access.
  • Endpoint Manager admin center. This admin center is a one-stop web site to create policies and manage your devices. It plugs-in other key device management services, including groups, security, conditional access, and reporting. This admin center also shows devices managed by Configuration Manager and Intune (in preview).

Manage devices with Microsoft Endpoint Manager

Follow the interactive walkthrough to learn how to manage and protect mobile desktop applications through Microsoft Endpoint Manager admin center.