As many organizations remain working remotely, it is particularly important for IT departments to continue managing devices and ensuring the security of corporate data. Since many employees have corporate-owned and personal devices, IT departments need to ensure that only trusted devices have access to corporate data. Luckily, if your organization uses Microsoft 365 or EMS E3 and above licenses, you can use Microsoft Endpoint Manager to remotely manage devices.
Overview
Endpoint Manager includes services and tools to manage and monitor mobile devices, desktop computers, virtual machines, embedded devices, and servers. Endpoint Manager also combines several services you may already be using: Microsoft Intune, Configuration Manager, Desktop Analytics, co-management, Windows Autopilot, and Azure AD. Whether you want to provision new devices, control apps, or configure conditional access for a specific device, you need to ensure your device is properly enrolled in Endpoint Manager.
Corporate Device Enrollment
There are several ways to accomplish device enrollment. However, the easiest way to enroll your corporate-owned device is to use the Company Portal app available in the Microsoft Store. The Company Portal app allows your end-users to enroll their corporate devices and securely access corporate resources.
Once the app is installed from the Microsoft Store, your end users can log into the Company Portal app with their Intune-licensed account. When the employee successfully signs into the app, you will see their enrolled device in the Endpoint Manager Admin Center and you can start applying configurations and policies to secure corporate data.
If you are having issues enrolling a corporate-owned device, ensure that the account you are using with Company Portal is active and has an EMS E3 or Intune license. Additionally, you can open command prompt and run `dsregcmd /status` to view all enrollment details. DMC is more than happy to review these enrollment details to further troubleshoot device enrollment issues.
Personal Devices
When it comes to personal devices, IT departments may decide against fully managing an employee's personal property but will still require data protection. With Endpoint Manager, this is possible with App Protection policies.
App Protection policies allow an IT Administrator to ensure an organization's data remains safe or contained in a managed app by managing a user’s identity and focusing on app-layer protection. This means you can manage corporate data within applications by enforcing a PIN to open an app or even preventing data from being copied to a different location on a personal device.
To use App Protection policies, navigate to Endpoint Manager and select Apps and the App Protection policies. From here, create a new policy based on the platform you’d like to protect (iOS, Android or Windows 10), define the requirements for the policy, and then assign it to your users. If you’d like assistance creating or finetuning your policies, DMC is ready and available to help.
Conclusion
Microsoft Endpoint Manager is an invaluable resource for many organizations while they continue to work remotely. Beyond enrolling your devices and being able to keep an accurate inventory of your employee devices, you can leverage the full stack of Microsoft 365 to protect your organization’s data and ensure your employees’ productivity isn't affected.
If you are interested in using Microsoft Endpoint Manager at your organization or want to learn more about enterprise device management, contact us today!