Guidelines for Businesses

Set up and manage Microsoft Intune

With Microsoft Intune, organizations can centrally manage devices, apps, and security policies. The cloud-based platform enables secure management of Windows PCs, Macs, smartphones, and tablets—all integrated into the Microsoft cloud.

contact us

Step 1: Assessment and Planning

At the start of such a project, a thorough assessment is essential. The first key step is to review the licenses currently in use: Many organizations already have Intune capabilities, such as through Microsoft or EMS suites—though the scope and functionality vary significantly depending on the licensing model.

It is equally important to analyze the existing device management: What types of devices are currently managed, which systems are in use, and how extensive are the required configurations? While basic profiles for email, Wi-Fi, VPN, or apps can be mapped relatively easily in Intune, more complex scenarios such as app server access, VPN configurations, or specialized macOS and Windows features require closer examination.

Furthermore, organizations should keep in mind that Microsoft updates and new features follow a fixed cloud cycle, and processes in Intune sometimes work differently than in traditional UEM solutions. Thorough documentation, clear enrollment procedures, and realistic expectations regarding feature sets and troubleshooting are therefore key success factors for a smooth transition.

Requirements for Intune setup

Before organizations can implement Microsoft Intune, several technical and organizational prerequisites must be met. These primarily concern licensing, identity management, and the preparation of device platforms.

1. Microsoft license including Intune
First, you need licenses that include Intune and the desired feature set. The following options are available:
Microsoft 365 Business Premium
Microsoft 365 E3
Microsoft 365 E5
Standalone license for Microsoft Intune
2. Identity management via Microsoft Entra ID
Intune works closely with Microsoft Entra ID (formerly Azure AD).
There, you can:
Manage user accounts
Register devices
Define access policies and conditional access
A properly functioning Entra ID structure is therefore a key prerequisite for Intune deployment.
3. Access to the Intune Admin Center
Administrators need access to the Intune Admin Center to:
Create device configurations
Define compliance policies
Deploy apps
Monitor and manage devices
Appropriate administrator roles should be assigned for management purposes.
4. Preparing for enrollment
Optimal enrollment of various device types can be achieved using the following solutions:
Windows Autopilot for Windows devices
Apple Business for Apple devices
Android Enterprise for Android devices
5. Network and Security Requirements
To ensure smooth operation, companies should make sure that:
Devices have access to Microsoft cloud services
The required ports and URLs are accessible
Security policies and compliance rules are defined and implemented

Microsoft Intune: Basic Setup

What should companies keep in mind during setup to ensure they can fully leverage the potential of Microsoft Intune? We’ll walk you through the key basics.

a) Register devices

Prepare enrollment for Windows, macOS, iOS/iPadOS, and Android

b) Create compliance policies

Password policies
Device encryption (BitLocker / FileVault)
Jailbreak / rooting protection
Minimum operating system version

c) Configuration profiles

Wi-Fi, VPN, email, certificates
Device settings such as lock screen, updates, feature restrictions

a) Define an app strategy

Which apps are mandatory, and which are optional?
Clearly separate business apps from personal apps
Deploy apps on a device-based or user-based model
Public store apps, line-of-business apps, Microsoft apps

b) Configure app distribution

Assignment by user or device groups
Availability:
- Required (must be installed)
- Available (optional in the Company Portal)
Note dependencies and installation order

c) App Protection Policies (primarily for BYOD)

Protection of corporate data without device management
Define policies for:
- Copy/paste & data export
- Saving to personal storage locations
- App PIN / biometrics
Encryption of app data
Applies to MAM with enrollment and MAM without enrollment

d) Consider updates and the app lifecycle

Check update behavior for each platform
Use test groups for new app versions
Plan for the removal of old or no longer needed apps

Devices must be compliant to access corporate resources
MFA and conditional access for a zero-trust scenario
Integration with Microsoft Defender for Endpoint: threat detection, vulnerability management, and automatic remediation

Intune Dashboard: Compliance status of all devices
Reports: Devices, apps, updates, security alerts
Alerts & Automation: e.g., for malware or non-compliant devices

Common Mistakes When Implementing Microsoft Intune

Klassisches Imaging beibehalten
- Fehler: Unternehmen setzen weiterhin auf alte Deployment-Methoden (z. B. SCCM, USB-Images)
- Problem: Widerspricht Zero-Touch-Deployment und Autopilot
Tipp: Neue Geräte direkt über Windows Autopilot + Intune ausrollen
Identity & Conditional Access unterschätzen
- Fehler: Intune wird ohne enge Integration mit Microsoft Entra ID und Conditional Access genutzt
- Problem: Security-Lücken, falsche Compliance-Auswertung
Tipp: Identity-Ebene zuerst sauber aufsetzen, Conditional Access als zentralen Schutz nutzen
Fehlende Teststrategie
- Fehler: Neue Policies sofort auf alle Geräte ausrollen
- Problem: Unvorhergesehene Sperrungen, Produktivitätsverlust
Tipp: Pilotgruppen nutzen, Feedback sammeln, dann auf alle Geräte ausrollen
Unklare Verantwortlichkeiten
- Fehler: Keine klare Zuweisung von Rollen (IT-Admin, Security, Helpdesk)
- Problem: Richtlinien werden überschrieben oder nicht gepflegt
Tipp: Rollen und Berechtigungen über Intune-Rollen und RBAC klar definieren
App-Management vernachlässigen
- Fehler: MAM-Funktionen (App Protection) werden nicht eingesetzt
- Problem: BYOD-Geräte ungeschützt, Datenlecks möglich
Tipp: App-Schutzrichtlinien früh definieren, auch ohne Geräteverwaltung
Reporting und Monitoring vergessen
- Fehler: Compliance-Reports und Security-Alerts werden nicht regelmäßig überprüft
- Problem: Sicherheitslücken oder nicht konforme Geräte werden spät erkannt
Tipp: Intune Analytics, Endpoint Security Dashboard und Alerts einrichten

Setting Up Intune – the Right Way

Take advantage of best practices and avoid common mistakes when implementing Microsoft Intune.

Get a free initial consultation

Setting Up and Managing Microsoft Intune – FAQ

To use Intune, organizations need:

The appropriate licenses
User management via Azure Active Directory (Entra ID)
Defined security and compliance policies

A full implementation—including policies, app management, and integration with existing systems—can take several days or weeks, depending on the size of the company.

Devices can be enrolled manually or automatically. With zero-touch deployment, devices are shipped preconfigured, are ready for immediate use, and are placed under Intune management.

With Microsoft Intune, organizations can manage the following devices:

Windows PCs and laptops
iPhones and iPads
Android smartphones and tablets
macOS devices

MDM (Mobile Device Management) manages the entire device, while MAM (Mobile Application Management) only controls and secures applications—ideal for BYOD scenarios.

In day-to-day operations, Intune enables:

Centralized device monitoring
Enforcement of security policies
Automatic updates and patches
Remote device lock or wipe
Report generation and analytics

Apps can be centrally deployed, updated, and monitored. Companies can also secure and control access to corporate data within apps.

Microsoft Intune helps implement security policies such as password requirements, encryption, and multi-factor authentication. In addition, devices can be automatically locked in the event of a security breach.

Yes, Intune helps organizations comply with standards such as the GDPR and ISO 27001 through policies, monitoring, and audit reports.

Yes, Intune enables the secure use of personal devices (BYOD) by keeping business and personal data separate.

Yes, Intune integrates seamlessly with the Microsoft ecosystem, such as Microsoft 365, Azure AD, and security solutions.

Microsoft Intune is suitable for businesses of all sizes—from small businesses to large enterprises—especially those with mobile or hybrid work models.