Managing devices with Microsoft Intune: What’s new and what’s next – my notes (Part 2 – iOS)


At Microsoft Ignite this week in Florida, there were many new announcements of new capabilities in products such as Microsoft Intune. With so many new announcements it’s hard to keep up, but if you want to find out more, read on or select the part that interests you below.

This content is based on an excellent session entitled “BRK3036 – Managing devices with Microsoft Intune: What’s new and what’s next” and you can review it yourself here.


iOS deployment scenarios

Typically Apple and Google talk about 2 different buckets, typically BYOD (Bring Your Own device) where an end user brings their own device or Corporate Owned devices.

For iOS there are three different scenarios that Intune supports:

For BYOD itself, there are 2 scenarios, the first is Data protection at the app level, which is app protection without full device management (without needing to enroll the device). The second is user based enrollment via the Company Portal (available in the Apple App Store), which allows you to push apps and policies such as WiFi profiles to the device and have device based compliance.

Finally, for Corporate Owned devices there are additional options such as Apple Corporate programs like VPP (Volume Purchase Program for education), DEP (Device Enrollment Program) and ASM (Apple School Manager). This allows for supervised mode with controls, the ability to secure lock down devices such as Kiosk mode, Classroom. Or to lock management profiles to a device.

Speaking of DEP enrollment, one of the feedback items Microsoft received was the desire for more security, multi factor authentication when you first logon to a DEP device. It couldn’t be done with the existing controls that Apple made available, but now they can.

The first time the user starts the device, the Intune company portal will download and  the user will authenticate, and at that point the authentication policies that you defined in Azure Active Directory will kick in.

During the keynote we were reminded that one of the values of M365 (Microsoft 365) is to empower users, to give them the best possible experience to do more and release their creativity.

With Intune, this doesn’t just apply to Productivity apps such as Office, but also management apps need to look good too. The iOS Company Portal is a good example of that and it has been over hauled and improved.

What’s new for iOS

the following are new for iOS:

  • Device Management Policies
  • Notifications
  • Multi-token enrollment support
  • ability to delay iOS updates
  • email acount provisioning for Outlook
  • Apple Business manager support
  • App support for Microsoft Edge browser

Intune Managed Browser

It get’s the job done, it’s part of the data protection solution, and you can apply copy paste restrictions on it, but when it comes to actual browsing, it’s probably not the best experience.

However Microsoft Edge is now available as a managed browser, and your users will be much happier with this experience. The Microsoft Edge app is supported on both iOS and Android as a managed browser.

Join me in Part 3 for more Android announcements.

This entry was posted in Android, Intune, iOS. Bookmark the permalink.