Azure Partner Community: Device and application management in Microsoft Enterprise Mobility Suite

This is part of a series of blog posts about the enterprise mobility opportunity for partners. Select Enterprise mobility to see the series. Subscribe to this blog by email or RSS.

 by Nick Johnson, PMP

US Partner Technology Strategist

In my first post in this series I talked about seeing the opportunity around us. Users are more mobile than ever. Because of this it is important to design a distributed, multi-layered, and flexible security model. The model has to protect company resources and give users the freedom to work that they require. A part of this model is protecting the identities the users use, which I talked about in my last post on Azure Active Directory.

Below is one of my favorite pictures to help tell the multi-layered security story. It depicts a user working in email and how the layers of security can be applied. The first layer of protection is the identity. The next two layers are the device and the application. The last layer, which we’ll explore in a future post, is the data.











Protecting the device and the application layers are commonly referred to as mobile device management (MDM) and mobile application management (MAM). These are key pillars in any security model for the modern workplace. While MDM is most commonly top of mind when you think about users in a bring your own device (BYOD) scenario, it shouldn’t be the only thing.



Enterprise mobility management with Microsoft Intune










In Microsoft Enterprise Mobility Suite, Microsoft Intune helps customers manage devices and applications. Intune helps organizations provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure. Using Intune, customers can manage mobile devices, mobile applications, and PCs.

If you have never seen Intune in action, the video below explains how to manage mobile productivity.

Watch online


With Intune mobile device management capabilities, you can: With Intune mobile application management capabilities, you can: You can also manage PCs using Intune:
  • Restrict access to Exchange email based upon device enrollment and compliance policies
  • Deploy certificates, WiFi, VPN, and email profiles automatically once a device is enrolled for management
  • Simplify device enrollment in the case of large scale deployments using Apple Configurator or Intune service accounts
  • Provide a self-service company portal for users to enroll their own devices and install corporate applications across iOS, Android, Windows, and Windows Phone
  • Maximize mobile productivity with Intune-managed Office mobile apps while still protecting corporate data by restricting actions such as copy/cut/paste/save outside of your managed app ecosystem
  • Extend these same management capabilities to your existing line-of-business apps using the Intune App Wrapping Tool
  • Provide secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps for Intune
  • Provide lightweight, agentless management from the cloud or deliver agent-based management
  • Connect Intune to System Center 2012 R2 Configuration Manager to manage all of your devices on-premises and in the cloud, including Macs, Unix/Linux servers, PCs, and mobile devices from a single management console
  • Provide real-time protection against malware threats on managed computers
  • Deploy software based on policies set by the administrator


Don’t overlook mobile application management

In some cases, the full mobile device management isn’t possible. A customer may already have a MDM solution in place or they may not be ready to manage employee personal devices completely. When this comes up, it is a great time to talk about the mobile application management features in Intune.

The mobile application management features allow companies to protect corporate data at the app level without needing to manage actual devices. Watch the video below to check it out.

Watch online


Learning Intune

Ok, now that you’ve seen how awesome Intune is, let’s look at how you can get started learning it. I mentioned this in my previous post, but it is worth repeating.

When asked by partners how to learn about Azure AD as part of Enterprise Mobility Suite, I share these three suggestions:

  • Use it yourself. Your company may have access to Internal Use Rights through the Microsoft Partner Network, and there’s a trial for Microsoft Intune available. There is even a 5-minute video showing you how to get started with your free trial.
  • Demo it for customers. Use the Microsoft Demo tool to provision Office 365 and Enterprise Mobility Suite demos and sample data.
  • Technical training and documentation. From articles to videos to training courses and labs, there are lots of great technical resources available to you. Here are my recommendations if you’re just getting started.
Level 100 Level 200 Level 300


Cloud Platform University live virtual technical training and hands-on labs

Register today for Cloud Platform University technical training courses that focus on design, implementation, and deployment. Some help you prepare for Microsoft exams. Specific to EMS, I recommend EEM – Azure Active Directory + Microsoft Intune + RMS (Azure Rights Management). Space is limited in these multi-day training offerings.

Online training and technical services for Enterprise Mobility Suite

Microsoft Partner Network core benefits include access to online training and consultants with deployment and consumption expertise.

Keeping up with Microsoft Intune

After you’ve built your skills around Intune, it is important to keep up with new features that are added. For the latest updates about what’s been released, what’s in preview, and what’s in development, visit the Cloud Platform roadmap.

Being a cloud service this happens on a regular basis. Monthly, in most cases, on Intune. The very best place to track the changes are the Intune team blog. You can also follow the What’s new in Microsoft Intune documentation page (tip: scroll to the bottom to see past updates listed by month).

Coming up in this blog series

The next several posts in this series will focus on considerations for building your technical team, starting with mobile device management via Microsoft Intune. We’ll take a look at Azure Active Directory, Microsoft Azure Rights Management, Azure RemoteApp, and Microsoft Advanced Threat Analytics. You’ll be able to see all of the blog posts in the series by selecting Enterprise mobility at the top of this blog.

Azure Partner Community resources


Comments about this blog post, or questions about the topic? Let us know in the Azure Partners Yammer group.


image     image     image

Skip to main content