Microsoft Intune Is Not Just for Mobile – Laptop and Desktop Management

March 31, 2017   //   Cloud Microsoft Security

In our last blog we focused on the mobile device management features of Microsoft Intune, but Intune can be used to manage and monitor your laptops and desktops as well.   If you have ever considered deploying System Center Configuration Manager (SCCM) into your environment, you have an alternative desktop inventory and monitoring solution like Solarwinds, or you are just using independent tools like WSUS, in which case Intune can be a great fit to remove those other systems and combine them into one cloud service.

What features does Microsoft Intune have for my workstations?

As Intune is the cloud edition of SCCM, it has many of the same features and functionality but available in a SaaS model:

Assign Security and Compliance Policies Intune Features

  • Just as with the MDM components of Intune, policies can easily be applied to protect and secure workstations. These can include password policies, OS requirements, web restrictions, windows firewall rules, and much more.

Configure the Device

  • Do you have a common wireless configuration or VPN profile you want on every machine? Do you need to deploy a certificate to every workstation?  Intune can help to make these changes and ensure they are applied to all of your devices – mobile or workstation.

Antivirus

  • If you are currently running Symantec, Trend Micro, Sophos, or any of the other common antivirus solutions, you can now replace those with Intune. The same antivirus included with SCCM – System Center Endpoint Protection – is also available via Intune.  The full management and control of the solution can be performed via the Intune portal allowing you to centralize your AV and reduce the cost of the alternative solution.

Windows Updates

  • Most organizations are using Windows Server Update Services (WSUS) to manage and monitor their windows updates. WSUS is built into Intune so that you no longer need the on-premises software.  Just as with the antivirus, merge this functionality into Intune to centralize your management and maintain one less server.

Deploy Applications

  • Do you have a new application you want to deploy to your users? Import the application into Intune and let the system deploy it for you.  You no longer need to manually touch each workstation; Intune can push out the installation to each of your machines.  Intune can even be configured to detect if the program is already installed so that you can decide whether you want it to overwrite or leave the existing copy as is.

Monitoring and Inventory

  • Intune can also monitor and inventory your devices and provide hardware reports, software licensing reviews, and other audit reports of your hardware.

Intune Monitoring and Inventory

With all of these Intune features, do I still need SCCM?

For organizations that already have or are considering SCCM, the big question to ask yourself is do you need OS deployment.  If so, then we still recommend SCCM as that feature is not yet available in Intune.  However, as an added bonus, Intune and SCCM can be easily integrated so that you can get the benefits of both solutions and protect all of your devices.

So far we have reviewed protecting the user with Azure Active Directory Premium and protecting the device with Microsoft Intune.  In our next blog, we will be moving on to the fourth product of EMS – Azure Information Protection – where we look at protecting the data itself.

Modern IT