Overview of Intune Device Management

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). You can control and securely manage how your organization's devices such as mobile phones, tablets, and laptops are used. For example, you can configure settings or policies so as to prevent emails from being sent to people outside your organization.

Manage Intune Devices

Nerdio Manager allows you to manage Intune devices.

To manage Intune devices:

1. At the Account level, navigate to Intune > Devices.

   

2. You can search and filter the list as follows:

   

   • Filter by compliance status.

   • Filter by platform.

   • Filter by device type.

   • Filter by last seen date.

   • Filter by risk level.

   • Filter by exposure level.

3. You can work with the device's properties. See Manage Intune Device Properties below for details.

4. You can perform bulk actions by selecting any or all of the devices. For example, three devices on the list were selected, so the bulk actions options are:

   

5. From the action menu, you can perform various tasks.

   Note: Some actions are available only for certain device types. For example, the Scan actions are only available for Windows devices. In addition, the Trace actions are only available for physical devices.

   Tip: For many tasks, it may take an hour or longer for the action to actually run on the device after you have requested the action from Nerdio Manager. You can follow the status of the task in the Devices Tasks section.

   • Sync: Allows you to force a device to check for updates to compliance policies.

   • Restart: Allows you to restart a device immediately or per a schedule.

   • Scan:

     • Quick scan: Allows you to perform a quick scan on a device immediately or per a schedule. The device is scanned for system- and kernel-level malware using Windows Defender.

     • Full scan: Allows you to perform a full scan on a device immediately or per a schedule using Windows Defender.

   • Run script: Allows you to run script(s) on a device.

   • Delete: Allows you to delete a device from Intune. The next time the device checks in with Intune, any company data is removed from the device.

   • Change primary user: Allows you to change the device's primary user. The new primary user must have an Intune license.

   • Rename: Allows you to rename the device.

   • Bitlocker key rotation: Allows you to rotate the encryption keys on the device.

   • Device lifecycle:

     • Retire: Allows you to remove all Intune-managed company data from a device. This function does not remove any personal data.

     • Wipe: Allows you to perform a full factory reset to return a device to its default settings.

     • Autopilot Reset: Allows you to return the device to a fully configured or known IT-approved state.

     • Fresh start: Allows you to remove all preloaded Win32 apps from the device. Optionally, you may retain the user data on the device.

   • Console Connect:

     • Connect to session: Allows you to connect to the device.

     • Uninstall agent: Allows you to uninstall the console connect agent from the device.

     • Install agent: Allows you to install the console connect agent on the device.

   • Trace:

     • Locate: Allows you to locate the device.

     • Remote lock: Allows you to remotely lock the device.

   • Defender:

     • Device value: Allows you to define the device's value to the organization as high, normal, or low. This helps you differentiate among asset priorities.

     • Manage tags: Allows you to assign manual tags to the device.

     • Action Center: Allows you to view the device's Action Center.

     • Go hunt: Allows you to go to the Defender portal for advanced hunting.

     • Update Defender: Allows you to update the Defender definitions on the device.

     • Run AV scan: Allows you to update Windows Defender definitions and scan the device. This can be either a Quick or Full scan.

     • Collect investigation package: Allows you to gather information about the device. Once completed, you can download and view the package in the Action Center.

     • Initiate Automated investigation: Allows you to start an automated investigation on a device.

     • Device isolation: Allow you to isolate the device from the network. It remains connected to the Microsoft Defender for Endpoint service.

     • App Restrictions: Allows you to prevent applications that are not signed by Microsoft from running.

   • User Experience:

     • Application reliability and Startup performance: These options allow you to view endpoint analytics for your Intune devices. See Endpoint Analytics Scores for Intune Devices for details.

Manage Intune Device Properties

Nerdio Manager allows you to manage various properties of Intune devices.

To manage the properties of an Intune device:

1. At the Account level, navigate to Intune > Devices.

2. Locate the device you wish to work with and select Properties.

   

3. On the left side, you may select any of the desired tabs to view the device's properties.

   Notes:

   • You can select the tooltip, where available, to see more information about the specific property setting.

   • Select the refresh icon to update the tab with the latest information.

   • Not all tabs are currently available.

Overview

Details

Configuration Profiles

Select any profile to see its details.

Compliance Policies

Select any policy to see its details.

Other Policies

Select any policy to see its details.

Updates

Applications

Select any application to see its deployment details at the bottom.

Scripts

Select any script to see its output.

User Experience

Defender

Recovery Keys

Select Rotate keys to rotate the Bitlocker encryption keys on the device.