Summary
In this chapter, we covered the following exam topics:
- Planning for MDM
- Configuring MDM integration with Azure AD
- Setting an MDM authority
- Setting device enrollment limits for users
By properly planning for MDM, you're making sure devices accessing an organization's resources are compliant and reduce the risk of data loss. Intune has many settings for customizing the criteria for and actions in response to compliance (or lack thereof).
Configuring MDM with Azure AD allows you the ability to manage AD-registered and AD-joined devices from within Azure AD. Users are also able to automatically enroll their devices. As an administrator, you have the ability to configure a hybrid Azure AD join, which provides the ability to use group policies on devices.
MDM authorities include Intune Standalone, Intune co-management, or Office 365 MDM. Note that O365 MDM still requires Intune.
You may wish to limit the number or type of devices any one user is able to enroll. This would help ensure you don't exceed licensing limits or grant access to unsupported device types. Placing a limit also encourages users to be selective in how broadly they're accessing company resources and reduces the number of potential data loss endpoints.
In the next chapter, we'll take what we've learned here and dive in a little deeper. We'll be covering planning for device compliance, configuring device compliance policies, and creating conditional access policies.