Microsoft Intune, Part 3: Management of Mobile Applications
Intune – A Recap
This is the third in our trilogy of articles on the management by Microsoft Intune of non-Microsoft hardware, specifically the Apple iOS platform. In previous installments we discussed how Intune is an excellent security solution for the iOS platform, providing the ability to not only demand such things as sufficiently complex device passwords, and ensuring they are not reused frequently, to preconfiguring the devices so that end users don’t have to ask colleagues or a helpdesk how to get onto the Wi-Fi or configure their email app.
But Intune does more, specifically in the deployment to—and management of—applications on the devices that have been enrolled into it.
Intune – Deploy & Manage Apps
Intune gives you the ability to deploy apps to end-users by adding them to the Intune portal. Administrators choose which apps are available to each group of users. Intune can also push an app to a device, regardless of whether or not the user wants to receive it. Pushing an application can be particularly useful if the app is a challenge to find in the app store or when the device is shared (e.g., in a factory/warehouse/POS type of environment).
Intune can also facilitate the removal of an app, but only if that app was deployed using Intune. An app that an end-user downloaded it themselves cannot be removed simply because the management team thinks it’s a distraction. Intune’s security and compliance policies prevent apps being loaded in the first place.
Add an App
Adding an app for iOS is extremely easy. Whereas for Android you need to go to the store, search for the app and copy the URL, the Intune portal is integrated in such a way that administrators only need to click to add an app, select the platform (iOS in this case), then type the name of the app (as shown below).
Once selected, it is possible to modify the app. For example, for MS Teams, the physical platform can be tailored: iPad or iPhone. The operating system of the device can also be specified, forcing anyone who needs the particular application to upgrade their device to an acceptable version. In addition, if this is a new app, administrators might wish for it to appear on the Intune app home screen in the same way news or announcements might appear on the company Intranet page.
The final option is how the app will be deployed. As shown earlier, the ability to highlight the app is available, but sometimes the company may want to deliver the app automatically rather than wait for users to go to the Intune app to install the new app. Selecting an app to be “Required” will force the app to be sent to an enrolled device.
Not all users have to be assigned an app. If you choose to add, for example, Salesforce from the Apple app store, but you don’t need the IT support team to have the app, administrators can ensure that only the Sales team are in the group that will deploy the app.
Some settings are available to administrators so a corporate standard can be applied. This assists in troubleshooting helpdesk tickets as they arise, since support staff would be starting from a known configuration.
Take Outlook as an example. Outlook is a very popular application, one that probably also has the most configurable options in the entire Microsoft 365 suite of applications.
Observe the focused inbox setting in the first image below and the sync-contacts option shown in the second image. Both are typical bones of contention. Many users don’t like the focused inbox—which is on by default—and just as many users want to sync their Outlook contacts to their devices—a feature that is off by default. To save time, administrators might canvass their individual organizations and review which of these settings would help reduce calls to the help desk.
Configuring applications from the Apple App store for a Microsoft world is a very administrator-friendly process, allowing the administrator to do all provisioning and configuration tasks from a single screen. For administrators, Intune ensures the right apps are deployed to the right users and devices—with the right configuration.
To review the first two installments of this Intune series, here are links to Post I and Post II. Again, if you have any questions about maintaining device compliance, or any other aspect of device management, please don’t hesitate to reach out to us. We’d love to help ensure your organization is safe and secure.