Cloud Device Management for Company Owned Devices is Microsoft’s key focus in 2020. The proliferation of iPhone, Android, and personal computers that bring into organizations for the past ten or fifteen years have really enabled users to do more business of their terms. Unfortunately, the last couple years have also seen the side effect of this wild, wild west setup. Mobile Device Management or MDM has been the buzz phrase for every organization who wants to operate in this precarious new world. It’s not like they have a choice. We wrote an earlier post on BYOD or Bring Your Own Device; and how to manage the company data on someone’s personal phone through the “app only” feature of Microsoft 365 Intune feature. We now turn our attention to device manage of company owned devices.
- All Devices
- The device area gives us similar sections as we saw in the app section. Remember the devices section is more focused on managing company owned devices. In the “Devices – Overview”, we can see all devices. This is a list of all devices enrolled in Intune. From this list, we can select individual devices and retire the device to remove company data or wipe the device to reset the device back to factory settings.
- In the “monitor” section we can see insights into the devices. We can see things like devices with restricted apps, compliant devices, enrollment issues and more.
- By Platform
- The “By Platform” section allows us to quickly start building a policy based on the platform. Like Windows, iOS macOS and Android. If we click on one of those to make a policy we will be limited to making policies just for that platform.\
- The next section gives us quick access to building various policies.
Compliance, Conditional Access, Configuration Policies… oh my!
Compliance, Conditional access and configuration policies are the most frequently used. Also take note, click one of these to make a policy for any platform we want to make a policy for. For all the device types, we can make compliance polices and configuration policies.
Next, we will take a look at what we can do with a device enrolled in our Intune.
Devices that are enrolled in Intune
Real quick before jumping into device policies and profiles. I want to show you what we see if we click into a device managed by Intune. What we can do to the device, depends on the permissions we have for the device.
- Retire the device (Reset to factory settings)
- First, we can retire a device. This will remove the company’s data from the device.
- Delete the device from Intune
- This will not remove any data from the device just remove it from being managed by Intune.
- Remote locking of the device
- We can remote lock the device.
- Sync Button
- We can use the sync button if we made changes and need to re sync the device immediately.
- Reset Device Password
- Restart the device
- Fresh Start
- For windows 10 desktops this will remove any OEM preinstalled apps on the device.
- Autopilot Reset
- We can reset the device so it is ready for the next user if the device is assigned an Autopilot profile
Cloud Device Management for Company Owned Devices Summary
Lot of options to go from here with Intune’s Mobile Device Management. Check out our additional resources below.