The move to the cloud affects all areas of IT, including device management, where Microsoft Intune is gaining popularity at the expense of solutions like Group Policy or Microsoft Endpoint Configuration Manager (MECM).
Essentially, Microsoft Intune is a one-stop cloud solution that allows you to manage all devices (PCs, laptops, tablets, and mobile phones), regardless of whether they are owned by the organization or the users (BYOD). Thanks to the integration with Azure Active Directory (AAD), this can be automated and centralized. The solution also offers excellent compatibility and can be used to improve security, ensure a consistent experience across devices, and ultimately make your IT department’s life easier.
Microsoft Intune is available with the licenses listed here. There is also an option to purchase standalone user licenses for it. Finally, to configure all Intune management features, you must sign in to the Microsoft Endpoint Manager Admin Center as an administrator.
What you can do with Microsoft Intune
Microsoft’s solution offers a wide range of functions. This time I just want to focus on app delivery, but let’s just take an aerial view of what else you can do with Intune:
- Configure devices via profiles and configuration policies (Enroll devices in the organization, limit their settings to end users, enable security features, wipe data from stolen or lost devices, etc.)
- Manage apps with app configuration policies (Install/remove apps for specific user groups, centrally configure app settings, selectively remove organizational data from apps, etc.)
- Protect data with app protection policies and device compliance policies (Set rules for access to data and networks, control data access and sharing, ensure compliance with security requirements, etc.)
Intune vs GPOs
To get a complete picture of centralized app delivery, before I dive deep into the actual process, let’s briefly review the differences between Global Policy Objects and Microsoft Intune in this regard.
First, GPOs allow you to install apps on Windows 10 as well as legacy versions of Microsoft operating systems (back to Windows 2000). On the other hand, Intune requires at least Windows 8.1 and thus offers full app deployment functionality certain Windows 10 versions. However, the great advantage of Microsoft Intune is that it can install apps on running computers Non-Microsoft Operating Systemsincluding mobile devices.
While GPOs still have wider coverage for Windows OS-related configurations (e.g. folder options, printers, etc.), Intune offers more app deployment options – simply because it also supports non-Windows operating systems (as I previously wrote have). and modern Windows applications.
Finally, GPOs are based on Azure Active Directory data, which means the devices you want to install apps on must join a specific AD domain. Such a limitation does not apply to Intune, which allows you to also centrally install apps on non-domain-joined and hybrid domain-joined devices.
Intune app deployment
In this guide, I’ll show you one of the core app management capabilities of Microsoft Intune, which is centralized app delivery to all users in an organization. This is how the process works:
- Log in Microsoft Endpoint Manager Admin Center.
- Go to applications > All apps and click Add to.
- Now it’s time to choose the type of app you want to deploy. Your choice will affect the next steps as each app type has different requirements and options. In general these can be:
- Providing a link to an app (e.g. Android store app, Microsoft store app, web link)
- Find or select an app from a list (e.g. iOS store app, bult-in app)
- Choosing an app’s installation file (e.g. line-of-business app, windows app)
In our example, I will be deploying Microsoft 365 Apps to devices running Windows 10 or later, as this is a common scenario for many organizations. This route also offers the most options, which is not surprising since both solutions are part of the Microsoft ecosystem.
To make the selection, click Select app type Drop down and select Windows 10 and later under Microsoft 365 Apps. Finally click on the Choose Button.
- In the first step of the wizard, you can configure information to be shared with your users about Microsoft 365 Apps, including the description to help users better understand the purpose of the apps, a URL to help resources, and so on.
The default settings should be fine for most cases, but you can of course edit them to suit your needs. When you’re done, click Next below.
- The second step Configure app suite, is where the actual configuration takes place. Most of the settings are fairly self-explanatory, with the possible exception of the ones I list below, so let’s quickly discuss them:
- Format of configuration settings – Leave the default setting (configuration designer) to use an easy-to-use GUI in Intune to configure the Microsoft 365 Apps. For the other option, you need to prepare a special XML file. Learn more
- Use shared computer activation – Allows you to deploy Microsoft 365 Apps to computers that are accessed by many users and override the Microsoft 365 device limit. Learn more
- Install the background service for Microsoft Search in Bing – allows you to deploy a Chrome extension to search for e.g. B. to facilitate people, files or internal websites in your organization. Learn more
Top: You can get information about each item just by clicking on
icon next to it.
When you’re done setting up, click Next.
- Scope tags are an Intune feature that you can use to decide which admins in your organization have access to a specific configuration or policy. In order to restrict access to this Microsoft 365 Apps configuration and to be able to select appropriate scope tags, you must first define them and assign them to specific user groups. Learn more
If you don’t want to use scope tags, just click Next.
- assignments is an important step. Here you can decide for which users or on which devices the Microsoft 365 Apps will be installed (the Necessary section), available for installation (the Available for registered devices section) or removed (the Uninstall Section). If you want to make mappings by AAD groups (the Add group option), remember to create appropriate public AAD groups beforehand.
Because you want to deliver Microsoft 365 Apps to everyone, you should use the Add all users option below Necessary and click Next.
- The last step, Check + create, allows you to review the entire configuration for Microsoft 365 Apps. When you are happy with all the settings, click Create to start deployment.
That’s it. From now on, Microsoft 365 Apps will be installed on the devices of all users in the organization.
Intune deployment tracking
Intune also lets you track the progress of each deployment. Go to applications > All apps and click on your deployment configuration. You can access various deployment progress information using the items in the left-hand menu:
- overview – here you can get general information about the installation status of devices and users in the form of charts.
- Device installation status & User installation status – allow you to view the installation status lists with specific devices and users.
Finally click propertiesyou can edit your app deployment policy.
This concludes the presentation of Microsoft 365 Apps delivery through Microsoft Intune. If you’re looking to develop your Intune expertise further, I recommend checking out this article. It’s a quick yet informative guide to deploying and uninstalling a line-of-business application using our CodeTwo Signatures Add-in for Outlook Add-in (MSI package) as an example.