Today I will be sharing information that if you want to move other vendor to the Intune migration with what are the key area needed to focus and what we need to consider including license.
In today’s scenario user want to migrate Mobile Iron to Intune.
Our configuration now (iOS + Android):-
Email client support (Verse, Email+).
Apps (can install application based on policy).
Docs (work with documents in encrypted container).
Web application (can access internal work resources using Kerberos auth).
Endpoint Security (road warriors Microsoft + mac OS notebooks).
Full disk encryption (if Intune MDM supports it how can I manage encrypted devices).
Antivirus with behavior detection, exploit prevention, HIDS.
device control (USB).
VPN for internal resources.
Now we have requirement let talk to achieve what basic needed to have with us.
Below are the key license requirements:-
Azure Active Directory Premium
Azure Information Protection
Microsoft Advanced Threat Analytics
Microsoft Defender ATP, this is not included in EMS. We need to buy separately for Microsoft Defender ATP license
One we have complete pre request ready let make how we can achieve all the feature listed as requested.
Encrypted Container, Docs (work with documents in encrypted container):
Based on the description, it seems to be a feature to protect app. In Intune, it is accomplished by app protection policy, here is the article for the reference: Click Here App protection policies
Email client support (Verse, Email+):
Currently, Mobile iron email++ is not in the protected app list. We can see more details in the following link: Microsoft Intune protected apps
Apps (can install application based on policy):
Intune supports a wide range of app types. such as Apps from the store, Apps written in-house (line-of-business) and etc We can see more details in the following link:
Apps to Microsoft Intune
Web application (can access internal work resources using Kerberos auth):
Based as I know, For the browser in Microsoft, there's an app named edge. For the authentication method support on Edge, we can see the following link:
Identity support and configuration
Endpoint Security (road warriors Microsoft + mac OS notebooks):
the Endpoint security node in Intune to configure device security and to manage security tasks for devices when those devices are at risk. The Endpoint security policies are designed to help you focus on the security of your devices and mitigate risk. We can see more details in the following link:
Security in Microsoft Intune
Full disk encryption:
Based as i know for windows, the disk encryption is done by Bit locker and for MacOS, it is done by File Vault. Here is an article for the two profiles we can refer to:
Policy settings for endpoint security in Intune
Antivirus with behavior detection, exploit prevention, HIDS:
We can refer to Antivirus policy for endpoint security in Intune: which needs to integrate with Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) as a Mobile Threat Defense solution.
Policy for endpoint security in Intune
Device control (USB):
For device control in Intune, we can refer to the following link:
Allow or block removable devices
Protect your enterprise data, we can use Windows Information Protection (WIP) for windows device
Data using Windows Information Protection (WIP)
-VPN for internal resources.
This can be done by dedicated app. Intune can only push some configuration file to them.
In general, Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). You control how your organization’s devices are used, We can know more information about Intune in the following article
Microsoft Intune documentation
Email: email@example.com, firstname.lastname@example.org
Follow us: https://www.linkedin.com/in/hiraniconfigmgr