Microsoft Intune Suite - beyond endpoint management in 2024
Published Feb 02 2024 08:24 PM 8,564 Views
Bronze Contributor

Simplify endpoint management and security with a single, connected experience with the Microsoft Intune Suite. It brings you a broad collection of advanced cross-platform capabilities, with new improvements across application security, secure access to on-prem and private cloud resources, and device operations and support.

 

Enhance application security with Enterprise App Management to streamline deployment, updates, and protection against vulnerabilities. Run approved privileged apps with tailored elevation rules using Endpoint Privilege Management. Ensure secure access to on-prem and private cloud resources using Cloud PKI for streamlined certificate management and Microsoft Tunnel for MAM’s Micro-VPN service for unenrolled devices. Gain insights and real-time device querying through advanced analytics. View and control your PCs and Macs, as well as specialized mobile devices, right from the Intune admin center with Remote Help.

 

Dilip Radhakrishnan, Partner, GPM for Microsoft Intune, give an overview of the Microsoft Intune Suite and its recent updates.

 

Intune Suite Main.jpg

 

 

No more hunting for install packages.

1- No more.png

Or digging up silent install commands. Orr repackaging for Intune deployment. Enterprise App Management provides an app catalog and even manages app updates. Watch here.

 

 

Secure access to on-prem resources.

2-Secure Access.png

Create a PKI infrastructure in the cloud to issue VPN and Wi-Fi certificates to devices. Check it out.

 

 

Real-time device querying.

3- Real-time.png

Pull information, from running processes to installed drivers without the wait. Use Kusto Query Language to directly query the running machine. Check out the Microsoft Intune Suite.

 

 

Watch our full video here:

 


QUICK LINKS:

00:00 — Simplify endpoint management and security
01:38 — Enterprise App Management
02:21 — Updating apps
02:43 — Endpoint Privilege Management
03:45 — Securing access to on-prem resources with Cloud PKI
04:29 — Securing mobile access to on-prem and private cloud resources
05:05 — Advanced Analytics- Device query
06:48 — Remote Help
07:49 — Wrap Up

 

 

Link References:

Check out https://aka.ms/IntuneSuite

 

 

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

 

 

Keep getting this insider knowledge, join us on social:


Video Transcript: 

-If you are using multiple tools for your endpoint management and security, today I’ll show you how you can simplify and consolidate what you are doing now with a single connected and more secure experience with Microsoft Intune Suite. 

 

-In fact, Intune Suite goes beyond unified endpoint management to bring you a broad collection of advanced cross-platform capabilities with a number of new improvements across three areas. 

 

-The first is for application security, where enterprise app management provides you with an application catalog to find the apps you want in your enterprise. Deployment of applications is made simpler with built-in parameters and keeping installed apps updated and protected from risks and threats is a more streamlined process. 

 

-Additionally, Endpoint Privilege Management lets you manage elevation rules on a per-app basis so that even standard users can run approved privileged apps. The second area is secure access to on-prem and private cloud resources. Here, Cloud PKI lets you manage certificates from the cloud to reduce complex on-prem PKI infrastructure. 

 

-And Microsoft Tunnel for MAM provides a micro VPN service, which is perfect for unenrolled personal mobile devices to help brokers secure access to line of business apps. And the third area of improvement is device operations and support. Here advanced analytics gives you data-rich insights across your endpoints, and we’ve extended this to include real time device querying. 

 

-And Remote Help lets you view and control your PCs and Macs, as well as your specialized mobile devices, right from the Intune Admin Center. Let me show these new Intune Suite experiences hands-on, starting with Enterprise App and Privilege Management. 

 

-Enterprise App Management gives you a rich app catalog, allowing you to not only distribute managed apps, but also keep them patched and up to date. It starts with collecting and curating apps you want from a robust catalog of prepackaged applications, including silent install commands and additional rich metadata for managing your apps. 

 

-And from there, it’s just a few clicks to add apps directly from app publishers and later deploy them to devices. This removes the pain of searching the internet to find application install files, their commands, repackaging them, and uploading them into Intune. The process is greatly streamlined. And the process of updating apps is simplified too. 

 

-You can allow the apps you trust to self-update and as new updates for your curated apps become available, details are automatically surfaced in Intune. This means when an update is available, it’s just a few clicks to update your catalog and even supersede previous versions of that app if it’s detected when you deploy the update. 

 

-Next, one of the most powerful ways to improve your security posture is to remove local admin permissions from user accounts to minimize malware risks. With Endpoint Privilege Management, you can allow privilege elevation scope to only your approved apps and processes. 

 

-Then as a user in scope for this policy, you can elevate only the processes and apps that have been approved, provide a business justification if required, and safely run the app so that you’re not blocked. And unlike other approaches, you can selectively allow a user to elevate in a one-off scenario by requesting Intune admin approval without you needing to define the policy ahead of time. 

 

-Importantly, elevation requests and approvals execute in near real-time. Let me show you. When a user runs an app or a process that requires elevation and enters a business justification, the elevation request will land in the Intune Admin Center for approval. And once you’ve reviewed the request, you’ll be prompted to enter a reason and confirm, and from there, the user will be allowed to elevate that process. 

 

-Next, beyond the experience of securing apps, let’s move on to securing access to on-prem resources, starting with Cloud PKI. In the Intune Admin Center, you’ll be able to create a certificate authority, or CA for short, where you can build and manage root and issuing CAs. Intune also supports bring your own CA. 

 

-This lets you anchor Intune’s issuing CA to your own private CA. Once you define the root CA, then the validity period, you can choose how the keys will be used. And along with your organization-specific attributes, you’ll set your required encryption strength. It’s that simple. Within a few moments, you can create a PKI infrastructure in the cloud to issue VPN and Wi-Fi certificates to devices. 

 

-Then moving on to securing mobile access to your on-prem and private cloud resources, Microsoft Tunnel for MAM works with managed mobile devices and even with personal iOS and Android devices which are not enrolled. As a user on an unmanaged device, you will get access to approved apps to connect securely to on-prem or private cloud resources. 

 

-And using Tunnel for MAM, your company data does not move on to the device for personal use. By the way, beyond just pre-configured Microsoft apps, using the Tunnel for MAM SDK, you can enlighten your own mobile line of business apps to leverage Tunnel for MAM. This now brings us to the third capability area, device operations and support. 

 

-I’ll start by showing you advanced analytics where we not only provide you reporting customization, but we are also infusing AI and machine learning. It builds on Intune’s endpoint analytics and is a powerful one-stop shop for reporting analytics and events. In fact, with advanced analytics, you get additional insights and anomaly detection. 

 

-For example, Intune can automatically analyze device attributes and traits to get ahead of short-term productivity impacts like app crashes or driver issues. You can even group devices into cohorts that are likely to be impacted so that you can get a predictive view of the specific devices at risk and then take preventive actions. 

 

-And for long-term analytics, Intune also uses machine learning and statistical analysis to report battery health for your laptops and mobile devices. This allows you to get ahead of battery degradation and use that information to prioritize hardware servicing or refreshes. As mentioned, something brand new we’ve added to advanced analytics is near real-time on-demand querying for individual devices. 

 

-With device query, you can explore a machine’s operational information from hardware specifications and drivers, like you’re seeing here, be it software configurations, network registry settings, and more. Using Kusto Query Language, or KQL, you can pull rich information in real-time from the connected device so there’s no polling lag. 

 

-And from there, you can easily query things like processes running on a device which are consuming the most memory, or check the device security posture by querying the running services to make sure the device isn’t at risk. All of which are great for troubleshooting and support. 

 

-And in cases where you need to interact with a remote device, for example, during a help desk call, Remote Help as a part of Intune Suite can streamline the way you remotely view and control devices. It supports both user requested or unattended sessions. 

 

-For example, as a help desk technician, you can securely connect to both enrolled and unenrolled devices, and once the Remote Help session is started and running, users also have peace of mind in being able to validate the technician’s identity to avoid helpless spoofing attempts. And you, as an admin, before connecting to a remote session can see device compliance warnings to alert you in advance. 

 

-Additionally, with annotations and the laser pointer, you can direct onscreen actions. And this works for both Windows PCs and Mac. Another powerful use case for Remote Help is with company-owned specialized Android devices, even when they’re not in use, to configure or troubleshoot them, which compliments Intune’s broader support for frontline workers. 

 

-So that was a quick overview of Microsoft Intune Suite and its recent updates which help you simplify and consolidate multiple solutions into a single integrated management experience. To learn more, check out aka.ms/intunesuite. Keep watching Microsoft Mechanics for the latest updates. Subscribe to our channel, and thanks for watching.

 

 

 

2 Comments
Version history
Last update:
‎Feb 02 2024 08:24 PM
Updated by: