Toyota Motor Europe (TME) manages a network of 30 national marketing and sales companies across Europe. These organizations oversee more than 3,000 dealerships.
TME wanted to replace their vehicle diagnostic tool with PCs that run up-to-date software. However, headquarters needed a way to verify that all dealerships received and installed the software correctly, used the same corporate systems and auto diagnostics, and installed the proper antivirus solutions.
Infront deployed Windows Intune by setting up a test environment at headquarters, creating documentation and training material, and putting together an installation package for dealerships that included elevated administrator rights. All that was left was for TME to send each dealership a link to a Toyota website where staff could retrieve Windows Intune and download it to their system.
Microsoft Intune is a cloud service that provides mobile device management, mobile application management, and PC management capabilities. Intune’s mobile productivity management capabilities help organizations provide their employees access to corporate data, applications, and resources while helping to protect their corporate information.
Intune supports Windows, Windows Mobile, iOS, Android, and Mac OS X devices and provides several options for protecting corporate data on these devices. Intune has two deployment modes: “standalone”, as a fully cloud-based service which requires no on-premises infrastructure, and “hybrid”, working with on-premises System Center Configuration Manager (SCCM). The Intune primary subscription includes usage rights to Configuration Manager, which allows organizations to manage PCs and mobile devices through the same management console.
Intune can manage both company-owned devices as well as end users’ personal devices, popularly known as “bring your own device” (BYOD). MDM allows corporate IT to control the following aspects of a device through the Intune web-based administration console: management, inventory, app deployment, provisioning, and retirement. With MDM scenarios, end users can enroll and remove their devices, install company apps, get quick access to company resources via email, WiFi, and VPN profiles, and contact their IT department or help-desk by using an app called Intune Company Portal.
Intune has the ability to set app restriction policies at the app level for use with or without MDM device enrollment. Intune’s MAM capabilities enable IT to help protect corporate data with the policies that restrict data leakage such as “Cut/Copy/Paste/Save As”, provide encryption at rest, enforce application access and compliance, and remove corporate data at the application level.
Intune allows IT to manage access to corporate data with its conditional access capabilities which ensure that only managed and compliant devices are able to access corporate email and files – all without requiring on-premises infrastructure. If the device is not managed by Intune or compliant with IT policies (such as password strength, encryption, OS version), the access is blocked. Additional checks such as group membership, location, and risk profile can be done at the user level with Azure AD Identity Protection that can further ensure that only authorized users can access work email, files, and SaaS apps.
Intune has unique capabilities to manage Office mobile apps on iOS and Android devices, including app-level authentication, copy/paste control, save-as control, and the capability to enforce conditional access policies to Exchange Online, Exchange On-Premise, SharePoint Online, and Skype for Business. Intune also enables multi-identity scenarios which allows users to use both personal and company accounts within the same Office mobile app.
In addition to managing mobile devices, Intune also manages computers running supported operating systems using the Intune agent or via MDM. The hardware and software requirements to run the computer client are minimal—any system capable of running Windows Vista or later is supported. The client software can also be easily installed on either domain-joined computers (in any domain) or non-domain-joined computers. In addition, Intune works with System Center Configuration Manager to support more advanced PC and server management scenarios.