THE PROBLEM

Centralized workstation management is critical to stay secure and reducing the administrative effort for workstation management.

For most organizations, the internal network boundary has disappeared, meaning that workstations need to be managed continuously whether they are on the corporate network or outside it. Traditional workstation management systems are focused on managing workstations inside a corporate network, but extending management outside is usually difficult or sometimes impossible. Intune solves this challenge as it is cloud-based, and workstations stay managed and secure as long as they are connected to the internet.

THE solution

Microsoft Intune is an endpoint management solution. Intune is a cloud-based solution, which means that no management servers need to be deployed and maintained and it is being managed using a web console. As Intune is working as public cloud service it does not matter where the workstations are located (internal or external network), they will be managed if connected to the internet.

Intune is part of “Enterprise Mobility + Security” suite or can be purchased separately. Additional features are available in Intune Premium Suite, which is charged separately.

Intune can work as standalone solution or together with Microsoft on-prem desktop management system Microsoft Configuration Manager (previously SCCM, System Center Configuration Manager).

 

Microsoft Intune has following features for workstation management:

  • Install and manage OS updates and upgrades in a controlled manner.
  • Install, uninstall applications and updates, run scripts.
  • Windows and application configuration settings management – for example, browser configuration (Edge, Chrome), registry settings, proxy settings, desktop background, Start Menu, OneDrive, and many other settings.
  • New computer enrollment using Autopilot.
  • Compliance policies. If used together with Azure AD conditional access, it is possible to all / deny access, if computer is compliant / non-compliant.
  • Application control policies.
  • Windows Firewall and Windows Defender antivirus management.
  • Network settings (Wi-Fi, Mobile, VPN) management.
  • Disk encryption using Bitlocker.
  • Remote help (Intune Premium or Teamviewer licenses are required).
  • Integration with Microsoft Defender for Endpoint.

How?

First, Intune licenses are required (there are also trial licenses available, if you just want to see Intune capabilities in action, but haven’t purchased Intune licenses).

There are also some technical requirements – workstations need to be with at least Windows 10 operating system, and they need to be joined or hybrid-joined to Azure AD.

The following activities are usually included in the project:

  • Azure AD preparation for Intune.
  • Intune configuration and pilot workstation enrollment to Intune.
  • Intune feature demonstration and tuning according to requirements. Including, but not limited to:

                        – Update management.

                        – Application and script deployment.

                        – Bitlocker configuration.

                        – Device configuration settings.

                        – Device compliance settings.

                        – Device security settings.

  • Consultations, when enrolling workstations to Intune.
  • Intune-related support and problem solving.
  • Documentation preparation and IT administrator training.

Pricing

Intune deployment offering price starts from 4’900EUR

The price can vary if there are additional requirements, for example,
a lot of software packages to prepare, multiple OS configurations, etc.

Assumptions

A1 The work will be done remotely and required access will be granted to our consultants to perform the work

A2 Test workstations used to validate Intune functionality will be prepared by customer