Microsoft Intune is a cloud-based mobile device management (MDM) and mobile app management (MAM) service for businesses ready to take on challenges to productivity, security, and compliance in this modern era of BYOD (bring-your-own-device). It’s affordable and easy to use, and best of all, it’s wholly extensible and flexible. This guide will take you through setting up Microsoft Intune, show you how to enrol devices, and, most importantly, demonstrate how to deploy your supported apps. If you’re switching to Intune as your MDM and MAM platform, you’ll find this guide especially handy.
Part 2 – User and Group management in Microsoft Intune, assigning licenses
Part 3 – Setting up a configuration policy, Company portal and application management in Microsoft Intune
Part 4 – How to configure devices in Microsoft Intune
Before you start with Microsoft Intune
Before setting your Intune account up, let’s review some technical requirements.
Supported licenses. To use Intune, you need a Microsoft 365 subscription. Intune is compatible with the following licensing plans:
- Microsoft 365 E5
- Microsoft 365 E3
- Enterprise Mobility + Security E5
- Enterprise Mobility + Security E3
- Microsoft 365 Business Premium
- Microsoft 365 F1
- Microsoft 365 F3
- Microsoft 365 Government G5Microsoft 365 Government G3
It’s also possible to sign up for a free 30-day Intune trial.
Supported OS and Browsers. Intune is an MDM service. Thus, it supports different operating systems:
| Vendor | OS |
| Apple | Apple iOS 13.0 and later, Apple iPad OS 13.0 and later, macOS 10.15 and later |
| Android 6.0 and later | |
| Microsoft | Windows 11 (Home, S, Pro, Education, and Enterprise editions), Surface Hub, Windows 10 (Home, S, Pro, Education, and Enterprise versions), Windows 10 and Windows 11 Cloud PCs on Windows 365, Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise (x86, x64), Windows Holographic for Business, Windows 10 Teams (Surface Hub), Windows 10 version 1709 (RS3) and later, Windows 8.1 |
To perform Intune tasks, you must use Microsoft 365 admin center or Azure portal. To gain access to these web portals, you have to use the latest version of the following browsers:
- Microsoft Edge
- Safari
- Chrome
- Firefox.
After confirming you have Intune-supported OS and browsers, you can set up Microsoft Intune tenant.
Sign up to Microsoft Intune
Before using Microsoft Intune for your organization, you must first configure Microsoft Intune tenant. If you do not already have access to Intune portal, you can sign in for a free 30-day trial. If you’re using a work or school account to access the trial, use it to sign in and add Intune to your subscription. Otherwise, you can create a new account to use with Intune.
To sign up, go to the Intune set up account page, enter your email and click Next.
Add your name, business phone number, company name and size, and country. Click Next.
Add your business entity’s domain name and check for its availability. As you can see, now your domain consists of your company name and onmicrosoft.com. Later we’ll discuss how to set up a custom domain.
And finally, create your username and password and click Sign in to complete setting up your Intune account.
Once subscribed, check your email, and verify your account using the provided link. Usually, after verification, you’ll be redirected to the Endpoint Manager Admin Center. If not, here’s the link.
To sign in to Microsoft Endpoint Manager, your account must have either Global Administrator or Intune Service Administrator (aka Intune administrator) permissions in Azure AD.
Intune as MSM authority
Immediately after signing in, you must configure mobile device management (MDM) authority to Intune. This configuration may occur automatically. You’ll see an orange banner indicating whether this is the case. The MDM authority setting defines how you manage your company devices.
Important note: You must set the MDM authority before enrolling devices.
To choose MDM authority, click on the orange banner or go to Tenant Administration > MDM Authority.
Check your MDM Authority set under Choose MDM Authority, and then you can set MDM authority to Intune MDM Authority.
Add custom domain in Microsoft Intune (optional)
When your organization subscribes to Microsoft Intune, you get a unique domain name hosted in Azure Active Directory. Your new domain will follow this format: your-domain.onmicrosoft.com. your-domain is the company name you chose when you signed up, and onmicrosoft.com is the standard suffix assigned to your account. Instead of using this domain name provided by Azure Active Directory to access Intune, you can configure a custom domain for your organization.
Sign in to your Microsoft 365 admin center account to configure a custom domain name.
On the navigation panel, choose Setup > Domains. Choose Add domain, type your custom domain name, and click Next.
Next, verify that you are the domain owner as indicated in the previous step. You can do this by sending a verification email or adding a TXT record.
Once the domain is verified, you can check your default domain. Now you’ll see that your domain is listed as Healthy.
