The shift to the cloud affects all areas of IT, including device management, where Microsoft Intune has become increasingly popular at the expense of solutions like Group Policy or Microsoft Endpoint Configuration Manager (MECM).
At its core, Microsoft Intune is an all-in-one cloud solution that lets you manage all your devices (PCs, laptops, tablets, and phones), whether they belong to your organization or are BYOD (user). It can be done in an automated and centralized manner thanks to the integration with Azure Active Directory (AAD). The solution is also highly compatible and can be used to improve security, ensure a uniform experience across devices, and ultimately make life easier for your IT department.
Microsoft Intune is available under the licenses listedhere.It is also possible to purchase a separate license for this. Last but not least, to set up all Intune management features, you need to log in toMicrosoft Endpoint Manager Admin Centeras administrator
What you can do with Microsoft Intune
Microsoft solutions provide a wide range of capabilities. This time, I just want to focus on app development, but let's see what else you can do with Intune:
- Configure devices through profiles and policies(Enroll devices in your organization, restrict their configuration to end users, enable security features, wipe data from lost or stolen devices, etc.)
- Manage applications with application configuration policies(installation/removal of applications for specific user groups, centralized configuration of application settings, selective removal of application organization data, etc.)
- Protect data with app protection policies and device compliance policies(Set data and network access rules, control data access and sharing, ensure compliance with security requirements, etc.)
Intune for GPOs
To get an overview of centralized application development before diving into the actual process, let's take a quick look at the differences between Global Policy Objects and Microsoft Intune in this regard.
First, GPOs allow you to install applications in Windows 10 as well as in older Microsoft operating systems (since Windows 2000). Intune, on the other hand, requires at least Windows 8.1, which provides full application development capabilities fromA specific version of Windows 10.but one of the big advantages of Microsoft Intune is that you can install the application on your work machinenon-Microsoft OS, including mobile devices.
Also, while GPOs still cover more Windows OS-related settings (e.g., folder options, printers, etc.), Intune provides more application development options simply because it also supports the OS. Non-Windows (as I wrote before) and modern Windows applications.
Finally, GPOs are based on data in Azure Active Directory, which means that the device you want to install the application on must be joined to a specific AD domain. This limitation doesn't apply to Intune, which allows you to centrally install apps on non-domain-joined and mixed-domain devices.
Intune app development
In this guide, I'll show you one of Microsoft Intune's core application management capabilities, the central deployment of applications to all users in your organization. The process goes like this:
- login toMicrosoft Endpoint Manager Admin Center.
- I canapplication>all applicationsthen clickAdd to.
- Now is the time to choose the type of app you want to develop. Your choice will affect subsequent steps, as each type of application has different requirements and options. Generally, these may include:
- Provides a link to the app (e.g. Android Store app, Microsoft Store app, web link)
- Search for or select an app from the list (e.g., iOS Store app, built-in app)
- Select the installation file for the application (for example, line-of-business application, Windows application)
In our example, I'll be deploying Microsoft 365 Apps to devices running Windows 10 or later, since this is a common scenario for many organizations. This route also offers the most options, which is not surprising since both solutions are part of the Microsoft ecosystem.
To make a selection, click the buttonSelect application typedrop down the menu and selectAfter Windows 10lowMicrosoft 365 Apps.Finally, click thechoosebutton.
- In the first step of the wizard, you can configure information about Microsoft 365 Apps that will be shared with your users, including instructions to help users better understand what the app does, URLs for resource assistance, and more. .
The default settings should be fine for most cases, but you can of course edit them if desired. When ready, clickNextIn the background.
- second step,Application package configuration, is where the actual configuration happens. Most of the settings are self-explanatory, with the possible exception of the ones I've listed below, so let's take a quick look:
- Format configuration settings– Leave the default setting (configuration designer) to provision Microsoft 365 Apps in Intune with an easy-to-use GUI. Another option requires you to prepare a special XML file.learn more
- Activation using a shared computer– Allows you to deploy Microsoft 365 applications on computers accessed by multiple users and bypass Microsoft 365 device restrictions.learn more
- Install the background service for Microsoft Search in Bing– Allows you to apply a Chrome extension to simplify searching, such as people, files, or sites within your organization.learn more
suggestion:You can get information about each item with just a clickicon next to it.
After all configurations are complete, clickNext.
- Field tagging is an Intune feature that lets you decide which administrators in your organization have access to specific settings or policies. To restrict access to these Microsoft 365 Apps settings and be able to select appropriate scope labels, you must first define and assign them to specific groups of users.learn more
If you don't want to use range labels, just click theNext.
- responsibilityThis is an important step. Here you can decide which users or on which devices to use Microsoft 365 Apps (necessarysector), available for installation (For registered devicessection), or delete (uninstallUnite). If you want to base on AAD groups (hadd groupoption), remember to create the appropriate public AAD groups ahead of time.
Since you want to deploy Microsoft 365 Apps to all users, you should useadd all userslow choicenecessarythen clickNext.
- last step,modify + create, allows you to view all Microsoft 365 Apps settings. If you agree with all settings, clickcreateStart developing.
that's all. Starting now, Microsoft 365 Apps will start installing on all users' devices in your organization.
Track your growth in Intune
Using Intune, you can also track the progress of any deployment. To do so, please visitapplication>all applicationsand click Deployment Settings. The menu items on the left allow you to access various information about the development progress:
- general instructions– Here you can get general information about the device and user installation status in the form of diagrams.
- Device installation status&user installation status– Allows you to view a list showing the installation status for a specific device and user.
Finally, clickcharacteristic, you can edit the application's deployment policy.
This concludes our demonstration of deploying Microsoft 365 Apps through Microsoft Intune. If you want to further develop your Intune experience, I encourage you to take a look atThis article.This is a quick but informative guide on how to deploy and deploy business applications using ourCodeTwo Signature Add-in for Outlook Add-ins(MSI package) as an example.
- How to create an Outlook group profile using Microsoft Intune
- How to Build a Serverless Architecture Using Microsoft Cloud Technologies
- Learn more about Windows 11, including Windows 365