michaelsendpoint.com

Appearance

drawing

Additional capabilities of the Intune Suite

Microsoft Tunnel for Mobile Application Management

Introduction

#################

Microsoft Tunnel for Mobile Application Management (MAM) is a feature within Microsoft Intune that extends the capabilities of the Microsoft Tunnel VPN Gateway. It allows secure access to organizational resources from mobile devices that are not enrolled in Intune. This solution supports both Android and iOS devices, enabling users to access on-premises apps and resources using modern authentication, single sign-on, and Conditional Access.

With Microsoft Tunnel for MAM, users can use their personal devices (BYOD) for work without granting IT control over the entire device. This ensures a seamless and secure work experience while maintaining personal privacy. The feature is particularly beneficial for organizations looking to enhance security and productivity without compromising user convenience.

What is the Intune Suite?

The Intune Suite is like a Swiss Army knife for managing and securing all your devices, whether they're laptops, smartphones, or tablets. It's part of the Microsoft 365 ecosystem, so it plays nicely with other Microsoft tools you might already be using.

Features:

  • Endpoint Privilege Management
  • Enterprise App Management
  • Advanced Analytics
  • Remote Help
  • Microsoft Tunnel for Mobile Application Management
  • Cloud PKI
  • Firmware-over-the-air updates
  • Specialized devices management

How does it work?

Microsoft Tunnel is a VPN gateway solution for Microsoft Intune that runs in a container on Linux and allows access to on-premises resources from iOS/iPadOS and Android Enterprise devices using modern authentication and Conditional Access.

drawing

Tunnel for MAM requires the same considerations and prerequisites as using Tunnel for enrolled devices. For more information, see Tunnel prerequisites. After configuring Microsoft Tunnel, you'll be ready to add the two App configuration policies and the App protection policy that enables unenrolled devices to use Tunnel. Configuration of these policies is detailed in the following sections.

App configuration policy for Microsoft Defender

drawingdrawing

References

Leightweight VPN solution to work on 3rd party (private) devices without intune enrollment, with you work apps and data in a secure way. Offers app based conditional access.

Firmware over-the-air update

Introduction

'Firmware over-the-air update' supports currently 'Zebra LifeGuard for Android'.

'Zebra LifeGuard Over-the-Air (LG OTA) Integration with Microsoft Intune' is a feature that allows organizations to manage firmware updates for Zebra ruggedized Android devices directly through the Intune admin center. This integration simplifies the process of keeping devices up-to-date by enabling hands-free, automated deployment of updates.

How to set it up?

drawing

References

Support for specialty devices

Introduction

Intune Suite Support for Specialty Devices provides advanced management, configuration, and protection capabilities for a variety of specialized devices. These include AR/VR headsets, large smart-screen devices, and select conference room meeting devices. This feature is part of the Microsoft Intune Suite, which offers comprehensive endpoint management solutions.

With this support, IT administrators can ensure that these devices are secure and compliant with organizational policies. Key capabilities include device provisioning, certificate and Wi-Fi management, Conditional Access, device compliance, app lifecycle management, and remote actions. This integration helps organizations maintain a secure and efficient environment for their specialized devices, enhancing productivity and security.

How does it work?

If you have the required licences, you can enrol the following devices using the Company Portal App available in the various App Stores or via web enrolment:

  • AR / VR headsets
  • large smart-screen devices
  • select conference room meeting devices

For the conference room devices it is possible, that additional teams room pro licennces are required.

References

Copyright © 2025 Michael Frank