Microsoft Intune

Wi-Fi and VPN profiles for all managed platforms; supports per-app VPN and split tunnelling via Microsoft Tunnel.

Native Exchange Online and Exchange ActiveSync integration; Outlook app configuration with S/MIME and conditional access.

Comprehensive device restriction profiles with platform-specific templates for Windows, iOS, Android, and macOS.

Custom OMA-URI policies for Windows, custom configuration profiles for iOS/macOS, and Settings Catalog with 2000+ settings.

Windows kiosk mode (single and multi-app), Android dedicated device mode, and iOS Guided Access configuration.

Solid ADE support for iOS and macOS via Apple Business Manager; enrollment profiles support skip-screen and await configuration.

Android Zero-Touch and Samsung KME supported; integrates with Android Enterprise for fully managed and dedicated devices.

Native Windows Autopilot with pre-provisioning, self-deploying mode, and white glove deployment — the definitive Autopilot experience.

Bulk enrollment via provisioning packages (PPKG), enrollment tokens, and device identifiers CSV import.

Best-in-class BYOD with MAM without enrollment (APP), Android Work Profile, and iOS User Enrollment — data protection without full MDM.

Deploy from Apple App Store, Google Play, Microsoft Store, and winget with assignment targeting and required/available modes.

LOB app deployment for all formats (MSI, MSIX, IPA, APK) with Win32 app management and dependency chaining.

VPP token sync with Apple Business Manager; device and user-based licensing with license tracking.

App configuration policies for managed apps and managed devices with JSON-based settings deployment.

Company Portal app serves as the self-service catalog across iOS, Android, Windows, and macOS.

Comprehensive compliance policies with custom compliance scripts, grace periods, and non-compliance notifications.

Native Entra ID Conditional Access — the gold standard for zero-trust policy enforcement with compliance-driven access.

BitLocker management with key escrow to Entra ID; FileVault management and encryption compliance reporting.

SCEP, PKCS, and imported PKCS certificate profiles with NDES connector for on-premises certificate authorities.

Microsoft Defender for Endpoint integration for threat detection; third-party MTD connector support.

Windows Update for Business, iOS/macOS software update policies, and Update Compliance reporting via Azure Monitor.

Windows patch management via Windows Update for Business; third-party patching through Win32 app updates.

Windows Update rings with deferral periods, quality/feature update policies, and phased deployment support.

Full wipe, selective wipe, and Fresh Start for Windows; device retire action removes corporate data.

Device inventory with hardware details; warranty tracking through Intune Suite add-on.

Intune dashboard with compliance overview, device status, and integration with Azure Monitor workbooks.

Intune Data Warehouse, KQL queries via Azure Monitor, and Power BI integration for custom reporting.

Device inventory with hardware details, discovered apps, and configuration profiles status.

Audit logs for all admin operations with Azure AD integration for identity correlation.

Device status with last sync time, compliance state, and hardware metrics; 8-hour default check-in interval.

Remote lock, wipe, retire, restart, and Fresh Start for Windows; custom lock screen message for Android.

Remote help (Intune Suite add-on) for Windows and Android; no native iOS/macOS remote view.

Remediation scripts and PowerShell script deployment for Windows; shell scripts for macOS.

Company Portal app provides device status, app install, and compliance information for end users.

Log collection for Windows and Android; file deployment via Win32 app packaging or scripts.

Azure AD dynamic groups with device and user properties; filters for policy assignment scoping.

Scope tags for RBAC and assignment filters; Azure AD group-based policy targeting.

Basic location compliance rules; geo-fencing for Android and iOS compliance policies.

Delivery optimisation with maintenance windows and Windows Update scheduling.

Profile conflict detection and reporting; Settings Catalog with merged vs override behaviour for policy layers.

Native Entra ID integration — the definitive experience with seamless conditional access, device compliance, and user sync.

Third-party IDP support via Entra ID federation; Google Workspace sync via connectors.

Entra ID Connect syncs on-premises AD to cloud; AD connector for hybrid join scenarios.

SCEP and PKCS certificate profiles with NDES connector for certificate-based network authentication.

Primary user mapping with device-to-user affinity; user-based policy and app targeting.

Microsoft Graph API provides programmatic access to all Intune functionality with excellent documentation.

Azure Logic Apps and Power Automate integration for event-driven workflows; audit log streaming.

Azure Sentinel integration with audit log streaming via Diagnostic Settings for Intune events.

ServiceNow integration via Microsoft connector; Power Platform for custom ITSM workflows.

PowerShell script deployment for Windows; shell script support for macOS; Remediations for proactive fixes.