Microsoft 365 InTune with Azure AD - Recommended Features

We have recently deployed Microsoft Intune in 365 for a customer and would like to share some great features of this product with you!

InTune is for device management being mobile phone, PC or Mac , you can control this from your 365 tenant and devices check in through an internet connection meaning no need to take the PC back to the office to deploy software or settings.

Deploy InTune with Azure AD

We recommend the minimum license you will need for this is Enterprise Mobility + Security E3 ( 6.60GBP / month/ user ) you can get Intune on its own as a seperate license , however you will want to setup auto enrollment so that users can join Laptops to Azure AD by themselves and it will deploy the needed apps and setting.

Windows Update Management

Enforce PC’s to update and have a global WSUS control panel in InTune to check the status of devices

Only allow Email on enrolled Mobile device

You can set security so only devices enrolled in InTune can receive emails. As you get Azure P1 License with the E3 Mobility License , this also enables you to get Azure Conditional Access which allows you to set these options

Deploying MSI are easier than Win32 Application Deployment

Hopefully most of your company apps will have MSI’s. These are very straight forward to deploy. If your app only has an .exe . then hopefully it has a silent installer. You can use the Win32 Packager to zip this up with the needed files for deployment. Tricky situations are when the .exe do not have silent .exe installation so you need to build an .msi from scratch using packaging software

Useful Items to configure with InTune

We really found no limitation thanks to powershell and Win32 Packager to what we could deploy. We replicated a whole standard Group Policy deployment and more

  • Rename PC using company name and serial or random number

  • Create a local admin for PC in case PC falls of Azure AD Domain

  • Enable Bitlocker

  • Deploy Signatures and ‘mail merge’ details from AD

  • Add Firewall Policies

  • Deploy Fonts

  • Deploy Outlook Settings

  • Deploy Printers with drivers

  • Deploy Drive Shares

Why all companies should use Signature deployment software

Whether you're using a cloud-based email solution such as 365 or On-Premise exchange you should utilise an email deployment tool for Signatures.



Job Titles can be and should be set by HR
A signature is a sign-off from an employee of your company to and internal or external party. This job title of a signature If needed or not is like a business card where the receiving party can see the seniority and Role of the sender. Sometimes employees have changed their own job titles for various reasons and this is not picked up until it is too late. Signature software can integrate into Active Directory and grab this each time to standardise the signature per user. You can also create templates so specific users display or don't display their mobile phone numbers for privacy reasons.

Consistent Branding for Logo's and marketing updates
Whether you have changed your logo, or have some new exciting news to share with your new and existing customers a Signature is a great place to show this. Centralising your signature store means you can change the Signature in real time with business updates getting you new leads.

Consistent legal notes and disclaimers
Laws change all the time, and disclaimers are there to protect the company and person sending each email. The company should deploy these when necessary and keep them up to date with the click of a button to protect itself.

Make your signatures Mobile and Device Friendly
If you have created your signature in Word with your company logos sometimes the width of this will make the email UNREADABLE on mobile devices. With 20% of the internet traffic being mobile nowadays you want to make sure you have this covered

Make sure your emails do not get marked as Spam
We recently had a customer whos employee has created a LinkedIn Logo pointing to the companies linkedIn site to be more socially aware. Unfortunately the colleague sourced the image from an unreliable spam site and the companies email was being blocked at receiving mailservers due to this.