Jump to content


anyweb

Managing devices with Microsoft Intune: What’s new and what’s next – my notes (Part 2 – iOS)

Recommended Posts

Introduction

At Microsoft Ignite this week in Florida, there were many new announcements of new capabilities in products such as Microsoft Intune. With so many new announcements it’s hard to keep up, but if you want to find out more, read on or select the part that interests you below.

This content is based on an excellent session entitled “BRK3036 – Managing devices with Microsoft Intune: What’s new and what’s next” and you can review it yourself here.

The session was presented by:

iOS deployment scenarios

Typically Apple and Google talk about 2 different buckets, typically BYOD (Bring Your Own device) where an end user brings their own device or Corporate Owned devices.

ios-deployment-scenarios-1024x604.png

For iOS there are three different scenarios that Intune supports:

For BYOD itself, there are 2 scenarios, the first is Data protection at the app level, which is app protection without full device management (without needing to enroll the device). The second is user based enrollment via the Company Portal (available in the Apple App Store), which allows you to push apps and policies such as WiFi profiles to the device and have device based compliance.

dep-vpp-asm-1024x541.png

Finally, for Corporate Owned devices there are additional options such as Apple Corporate programs like VPP (Volume Purchase Program for education), DEP (Device Enrollment Program) and ASM (Apple School Manager). This allows for supervised mode with controls, the ability to secure lock down devices such as Kiosk mode, Classroom. Or to lock management profiles to a device.

Speaking of DEP enrollment, one of the feedback items Microsoft received was the desire for more security, multi factor authentication when you first logon to a DEP device. It couldn’t be done with the existing controls that Apple made available, but now they can.

The first time the user starts the device, the Intune company portal will download and  the user will authenticate, and at that point the authentication policies that you defined in Azure Active Directory will kick in.

During the keynote we were reminded that one of the values of M365 (Microsoft 365) is to empower users, to give them the best possible experience to do more and release their creativity.

With Intune, this doesn’t just apply to Productivity apps such as Office, but also management apps need to look good too. The iOS Company Portal is a good example of that and it has been over hauled and improved.

ios-company-portal-1-1024x546.png

What’s new for iOS

the following are new for iOS:

  • Device Management Policies
  • Notifications
  • Multi-token enrollment support
  • ability to delay iOS updates
  • email acount provisioning for Outlook
  • Apple Business manager support
  • App support for Microsoft Edge browser

ios-company-portal.png

Intune Managed Browser

It get’s the job done, it’s part of the data protection solution, and you can apply copy paste restrictions on it, but when it comes to actual browsing, it’s probably not the best experience.

intune-managed-browser.png

However Microsoft Edge is now available as a managed browser, and your users will be much happier with this experience. The Microsoft Edge app is supported on both iOS and Android as a managed browser.

Join me in Part 3 for more Android announcements.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.