New iOS Android macOS Device Management Options with Intune

Let’s check the Mobile device management options with Microsoft Endpoint Manager (MEM).

Intune Enrollment options(iOS, Android, macOS Mobile Enrollment) are discussed in the Ignite 2019 sessions.

More details about the Microsoft Ignite sessions are given below.

NOTE! – The following details are taken from What’s new in Microsoft Endpoint Manager, including Microsoft Intune and Configuration Manager (Part 1 of 2) Ignite session by Paul Mayfield, Terrell Cox, and Micro-Scott.

Patch My PC

Ignite 2019 Coverage

  1. Microsoft Endpoint Management SCCM Intune Windows Updates (this post)
  2. Microsoft Endpoint Manager is the future of SCCM Intune MEMMI MEMCM
  3. iOS Android macOS Mobile Enrollment Options with Intune
  4. Basics of Windows Dynamic Update Explained Update Management
  5. WVD End User Experience Availability Updates
  6. MSIX Updates from Ignite Reliability Network Disk-space
  7. Microsoft Learning Certification Exams Updates
  8. On-Prem WVD Options Azure Quantum Qualys Scan Integration
  9. Intune Reporting Strategies Advanced Reporting

Android Enrollment Options

Android management options with Intune.

  • Flexible deployment scenarios
  • Zero-touch and Knox Mobile Enrollment
    • BYOD (Personally Owned)
      • Intune APP (App protection – MAM only scenario) – Corp Data and Apps
      • Android Enrollment (AE) Work Profile – Deploying Certs and WiFi Profiles
    • Company Owned
      • AE Dedicated (KIOS Devices)
      • AE Fully Managed (Knowledge Workers)
  • Management of OEM-specific features beyond the Android platform
  • Customizable end-user experience with Microsoft Launcher
iOS Android macOS Mobile Enrollment
Android Enrollment Options – iOS Android macOS Mobile Enrollment1

Intune Data Protection Policies

  • Comprehensive security and data protection
  • Configurable Enrollment
  • User Enrollment and Intune App Protection Policies (best user experience for office apps)
  • Smart card “derived” credentials give passwordless resource access (advanced scenarios)
Intune APP
New iOS Android macOS Device Management Options with Intune 2

Fully Managed Android Device

  • 11 apps provisioned
  • Factory reset is disabled
  • Android Device Policy – Native Management Client
  • Google Play Provisioned apps – Web applications as well
iOS Android macOS Mobile Enrollment
Fully Managed Android Device – iOS Android macOS Mobile Enrollment 3

Android OEM Configuration Options – Fully Managed

Android App – Associated App – Out of Box Configuration options OEMConfig

Out of Box Cofiguration options OEMConfig  - iOS Android macOS Mobile Enrollment
Out of Box Configuration options OEMConfig – iOS Android macOS Mobile Enrollment 4

Templates are Downloaded Automatically from Vendors

Android configuration Out of Box Options. These Templates are downloaded automatically from vendors.

Adaptiva
knox - iOS Android macOS Mobile Enrollment
Android Management Templates – iOS Android macOS Mobile Enrollment 5

iOS and iPadOS Management

  • Multiple Deployment Options
  • Best-in-class configurable enrollments
    • BYOD
      • Intune APP (App Protection Policies)
      • User Enrollment (Public Preview – Apple released with iOS 13)
    • Company Owned?
      • Device Enrollment (Classic MDM enrollment with Intune Company Portal)
      • Automated Device Enrollment (Apple DEP)
  • Device Configuration and Management
  • Current iOS management applies to iPadOS devices
iPadOS, iOS Android macOS Mobile Enrollment
iOS & iPadOS Management options – iOS Android macOS Mobile Enrollment 6

Settings iOS iPadOS Policies from MEM Intune Portal

The same set of policies for iOS and iPadOS. However, there are some changes in the Intune policy settings UI. See the options below:

  • All Enrollment Types
  • Device Enrollments and Automated Device Enrollments
  • Automated Device Enrollment

NOTE! – Policies can be configured – Groups based on Enrollment type

All Enrollment Types – These settings work for devices enrolled in Intune through device enrollment or user enrollment and devices registered using Apple School Manager or Apple Business Manager with automated device enrollment (formerly DEP). This includes all supervised devices.

Device enrollment and automated device enrollment – These settings work for devices enrolled in Intune through device enrollment and for devices registered using Apple School Manager or Apple Business Manager with automatic device enrollment (formerly DEP). This includes all supervised devices.

Automated device enrollment – These settings work for supervised devices enrolled in Intune using Apple School Manager or Apple Business Manager with automatic device enrollment (formerly DEP). This includes devices supervised through Apple Configurator.

Settings iOS iPadOS Policies from MEM Intune Portal - iOS Android macOS Mobile Enrollment
Settings iOS iPadOS Policies from MEM Intune Portal – iOS Android macOS Mobile Enrollment 7

macOS devises Management with MEM Intune

  • App deployment, device configuration, certificates, VPN, WiFI
  • Protection with device wipe, encryption, Defender ATP
  • Limit access to compliant Macs
  • Complex management support available with Jamf

NOTE! – Two management options for macOS management – Intune & Jamf Management.

macOS management with MEM Intune + Jamf - iOS Android macOS Mobile Enrollment
macOS management with MEM Intune + Jamf – iOS Android macOS Mobile Enrollment 8

Deploy Script to macOS devices with Intune

Microsoft Endpoint Manager team is developing a solution to deploy scripts to macOS devices without using Jamf. This feature is demoed in the Ignite 2019 session (linked below).

NOTE! – The macOS script deployment option will be available next year (2020). I didn’t hear about any concrete timelines.

There will be two agents on macOS devices to enable this macOS scripting feature. This additional agent is almost similar to the framework of “Intune Management Extension for Windows devices.”

  • Intune Company portal
  • macOS Scripting Agent (macOS sidecar agent)
macOS Scripting Agent (macOS sidecar agent)
macOS Scripting Agent (macOS sidecar agent) – iOS Android macOS Mobile Enrollment 9

Office ProPlus Management with Intune

macOS and Windows office proplus management are already available. And Configure Office policies using Intune administrative templates!!

Office ProPlus Management with Intune
Office ProPlus Management with Intune – iOS Android macOS Mobile Enrollment 10

Session – iOS Android macOS Mobile Enrollment

  • Ignite session What’s new in Microsoft Endpoint Manager, including Microsoft Intune and Configuration Manager (Part 1 of 2)

Resources

1 thought on “New iOS Android macOS Device Management Options with Intune”

  1. Anoop, thanks for this blog post but where can I find more info for ‘Zero-touch and Knox Mobile Enrollment’ please. if you can point me in right direction. Thanks

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.