Lunavi has longstanding managed services and consulting experience working with Microsoft System Center and Azure technologies, making us an ideal partner to help you reduce time-consuming administrative tasks like desktop or server configuration, large-scale patching, and mobile security.
Modern employees often need robust and comprehensive support, and employees expect application-feature and data-access parity between their mobile devices and the devices they access at the office.
Meanwhile IT operations managers are contending with an explosion of connected devices accessing, storing, and interacting with corporate systems and data. You must find a balance between enabling BYOD and employee mobility with security, patch compliance, and configuration requirements.
Microsoft Endpoint Manager is a cloud service that provides mobile device and application management capabilities, to help your organization provide your employees with access to corporate data, applications, and resources while protecting corporate information.
Configuration Manager allows IT administrators to control or manage system devices regardless of physical location, with customized reports ranging from asset inventory to patch status of each device in the entire enterprise. Reports can also be customized to produce reports specific to the needs of the organization.
Configuration Manager is most commonly used for software deployment and updating applications or operating systems across a business enterprise.
In doing so, Configuration Manager helps maintain consistency in system configuration and management. Rather than configuring every workstation from scratch with individual settings, you can use templates in the build process, saving time and ensuring consistency across all devices.
When it comes to updating systems, many people use Windows Server Update Services (WSUS). Endpoint Manager does everything WSUS does and more by providing IT admins with a more active patching process.
This process enforces updates, forcing systems to be patched, updated, and rebooted based on policies published by the IT department. However, it cannot validate applications once patched, nor can it control the status of individual nodes, or schedule individual patches. While SCCM alone has its limitations, it can become a completely automated patching tool.
Mobile Device Management (MDM)
Intune can manage both company-owned devices as well as end users’ personal devices, popularly known as Bring Your Own Device (BYOD). MDM allows corporate IT to control the following aspects of a device through the Intune web-based administration console: management, inventory, app deployment, provisioning, and retirement.
With MDM scenarios, end users can enroll and remove their devices, install company apps, get quick access to company resources via email, WiFi, and VPN profiles, and contact their IT department or help-desk by using an app called Intune Company Portal.
Mobile Application Management (MAM)
Intune has the ability to set app restriction policies at the app level for use with or without MDM device enrollment. Intune enables protection of corporate data with policies that restrict data leakage, provide encryption at rest, enforce application access and compliance, and remove corporate data at the application level.
Conditional Access
Intune allows IT to manage access to corporate data via conditional access capabilities, ensure that only managed and compliant devices are able to access corporate email and files – all without requiring on-premises infrastructure. If the device is not managed by Intune or compliant with IT policies (such as password strength, encryption, OS version), the access is blocked.
Additional checks such as group membership, location, and risk profile can be done at the user level with Azure AD Identity Protection that can further ensure that only authorized users can access work email, files, and SaaS apps.
Microsoft 365 and Office Mobile App Management
Intune has unique capabilities to manage Office mobile apps on iOS and Android devices, including app-level authentication, copy/paste control, save-as control, and the capability to enforce conditional access policies to Exchange Online, Exchange On-Premise, SharePoint Online, and Skype for Business. Intune also enables multi-identity scenarios which allows users to use both personal and company accounts within the same Office mobile app.
PC Management
In addition to managing mobile devices, Intune also manages computers running supported operating systems using the Intune agent or via MDM. Hardware and software requirements to run the computer client are minimal—any system capable of running Windows Vista or later is supported.
Client software can also be easily installed on either domain-joined computers (in any domain) or non-domain-joined computers. In addition, Intune works with System Center Configuration Manager to support more advanced PC and server management scenarios.
We treat every client engagement as a long-term partnership, seeking to build resilient and innovative solutions that have a real impact.
From a hands-on discovery and solution architecture process to our industry-leading 15-minute (or less) response time guarantee, we're here for you.
