Here we go on the next step on the M365 journey, and probably the first item to be done. Intune.
Intune may seem like a small item, right? Certainly not as big as email or SharePoint right? Not so fast.
Intune, is not just a Mobile device Manager, but rather a Modern Device Manager. This is important in that it’s not JUST mobile devices, but all sorts of endpoints. The reason we want to do it early in the game is that there will be some things we want to push to endpoints. Security policies, scripts, scans, apps, etc. All of this is made relatively EASY by using Intune. So let’s do it first.
The best way I have found is to treat it like it’s two migrations at first. Mobile devices like cell phones and tablets first then laptops and desktops later.
First you want to make sure you have a good list of devices, both company owned and employee owned BYOD devices and what employees have what device. They will be treated differently. Apple devices will be treated differently than Android devices. There are caveats and cautions for each type so let’s break down the overall steps then the specific for each device.
Next, set up the Intune environment by configuring the necessary policies, profiles, and settings. This includes creating device enrollment policies, device compliance policies, and app protection policies. You can also configure device settings, such as device lockdown and remote wipe, to ensure the security of your organization’s data. At this initial stage, I recommend either copying what your previous MDM had for policies, or start with a relatively lax set of policies. The idea here is to make the transition relatively easy for our end users.
Once the Intune environment is set up, it’s time to enroll devices in the MDM solution. BYOD users can enroll their devices by downloading the Microsoft Intune Company Portal app from the app store and following the prompts to enroll their device. For company owned devices, you’ll want to use Apple Business Manager or either Samsung’s Knox or your Managed Google Play account.
The specific steps for Apple devices are HERE and the steps for Android are HERE. *Note – I link to Microsoft’s docs because these things change periodically and I don’t want you to have outdated info 🙂
For the most part the migration is pretty smooth. However there are a few gotchas to be aware of. For instance, make certain that all users (including BYOD) back up their contacts to OneDrive or simply email the exported files to themselves. The same with any photos saved on the “Company Profile”. As part of the move, the device gets unenrolled from your previous management tool. By definition that means the data in the company profile is deleted.
After the migration, it’s important to monitor the status of the devices to ensure that they are properly enrolled and compliant with your organization’s policies. If any issues arise, troubleshoot them promptly to minimize disruptions to end users.
All in all, it’s not terribly difficult. The hardest part is coordinating the move with your end users.
