It is essential to develop a method of guaranteeing consistency and compliance across devices, whether moving to a BYOD (bring your own device) policy or just provisioning laptops, tablets, and mobile devices as usual and shipping them to remote workers. In addition, you should do this in a way that minimizes the time and money spent and the stress on your IT department. You may require MDM, or mobile device management, for multi-tenant configuration management.
However, your IT department will have to deal with Intune’s complexity because of the many configuration options available (unless you standardized Microsoft Enterprise multi-tenant management configuration ). The various recommendations are meant to serve as a platform you can launch into confronting that complexity.
1. Access Restrictions
In reverse chronological order, you need first adjust the enrollment settings discussed below. However, we will first discuss restricted access. Simply put, conditional access is a policy that prevents devices from a specific group or profile from accessing corporate email or other cloud apps unless those devices match specified criteria.
Some of these circumstances could be:
- Measures for Password Security and Expiration
- Keeping specific software up to date with the latest updates
- Possessing a private or otherwise restricted wireless network
- Using no third-party software that hasn’t been allowed
- Implementing Multi-Factor Authentication with Two Factors (multi-factor authentication).
The correct conditional access laws depend on your business and its threat model (more regulated industries will have more requirements), but keep this in mind as you progress through other best practices and setup processes. Ask yourself what users or device groups should do—or not do—for the most extraordinary network experience. Considering this, you may maximize deployment value.
2. Signing Up for Microsoft Intune
While deciding on the best conditional access regulations, you can organize the enrollment process for your devices. Examine the many kinds of devices joining your network, and ensure you’re prepared to handle their individual enrollment needs.
- Apple devices: Push Notification certificates for Apple devices must be created and renewed annually. You’ll need to generate and submit Apple a certificate that grants Microsoft authority to provide Apple with information about its users and their devices.
- Android devices: To enable android enterprise on android devices, Intune administrators must link a managed Google Play account.
- Windows 10 devices: Since these are apparently already part of Microsoft’s bigger platform, they will provide a number of automated enrollment alternatives, each of which use Simeon Cloud’s Office 365 configuration tool to guide you through.
This is a fundamental Intune construction block. Even the most advanced network policies won’t be applied without enabling device enrollment. Businesses that don’t understand these essential enrollment stages risk disruptions and rework.
3. Standards for Safety
Cybersecurity capabilities are lacking. Even firms with development teams may lack security knowledge, especially for remote device control. Microsoft’s “Security Baselines” assist managers in protecting organizations and individuals. Baselines help admins modify configurations, but they’re usually fine as-is. Microsoft keeps them secure.
According to Microsoft, these baselines offer a generic foundation for importing CIS, NIST, and other security baselines. It’s for Windows, iOS/iPad, and Android. Even at more secure companies, they can be a starting point. It’s a good idea to audit and use this Security Configuration Baseline.
4. Methods for Setting Up a Firewall
Okay, we fixed it. Microsoft’s instructions on configuring Intune with strong firewalls are either vague or inadequate. Our Azure expert’s first attempt to set up Intune in a specific environment failed since the system wouldn’t detect a valid endpoint’s connection, even after allowing the relevant sites. Microsoft assessed endpoint connectivity using an official site.
Since many firms employ firewalls and MDM for the same reasons—standardization and prohibiting dangerous online behavior that could risk corporate data—these two technologies often interact. Administrators or IT teams who miss this could encounter problems. It fixes Intune problems. Some issues require common sense, others research. Unbiased experts can be helpful.
Learn More About Simeon Cloud Enterprise
Managing mobile devices and Microsoft Intune is a specialty of our teams. We can configure and actively manage your entire mobile device network using our extensive knowledge of the cloud and mobile device management at a fraction of the cost of doing it in-house. Interested? Read more here. Whenever you’re ready, feel free to schedule a demo.
Author’s Name – Jeff Nevins, CTO of Simeon Cloud, a provider of a multi-tenant Microsoft 365 configuration management platform for MSPs. Nevins gives his take on cloud management and the MSP tool sets that are currently available.
Site info: Simeon Cloud is the leading cloud configuration solution for implementing governance and automation for Modern Digital Workplaces using Microsoft 365. With its friendly user interface, Simeon Cloud enables teams to easily manage configuration as code, establish baseline configurations for multiple tenants, deploy non-production environments, monitor and document drift, and back up and recover configurations.