We have recently deployed Microsoft Intune in 365 for a customer and would like to share some great features of this product with you!
InTune is for device management being mobile phone, PC or Mac , you can control this from your 365 tenant and devices check in through an internet connection meaning no need to take the PC back to the office to deploy software or settings.
Deploy InTune with Azure AD
We recommend the minimum license you will need for this is Enterprise Mobility + Security E3 ( 6.60GBP / month/ user ) you can get Intune on its own as a seperate license , however you will want to setup auto enrollment so that users can join Laptops to Azure AD by themselves and it will deploy the needed apps and setting.
Windows Update Management
Enforce PC’s to update and have a global WSUS control panel in InTune to check the status of devices
Only allow Email on enrolled Mobile device
You can set security so only devices enrolled in InTune can receive emails. As you get Azure P1 License with the E3 Mobility License , this also enables you to get Azure Conditional Access which allows you to set these options
Deploying MSI are easier than Win32 Application Deployment
Hopefully most of your company apps will have MSI’s. These are very straight forward to deploy. If your app only has an .exe . then hopefully it has a silent installer. You can use the Win32 Packager to zip this up with the needed files for deployment. Tricky situations are when the .exe do not have silent .exe installation so you need to build an .msi from scratch using packaging software
Useful Items to configure with InTune
We really found no limitation thanks to powershell and Win32 Packager to what we could deploy. We replicated a whole standard Group Policy deployment and more
Rename PC using company name and serial or random number
Create a local admin for PC in case PC falls of Azure AD Domain
Deploy Signatures and ‘mail merge’ details from AD
Add Firewall Policies
Deploy Outlook Settings
Deploy Printers with drivers
Deploy Drive Shares