Device Management
Elevate your device management with Microsoft Intune
A Mature Approach to Device Management
Effective device management is crucial for organizations to maintain productivity, security, and compliance. Microsoft Intune offers a comprehensive solution to manage a diverse range of devices, from smartphones and tablets to laptops and desktops, all from a centralized platform, regardless of VPN or corporate network connectivity.
WHY Microsoft INtune?
Intune is the new Group Policy Object (GPO)
GPOs are fantastic tools for managing use behavior on a local network. They Inhibit access to installing unwanted software, enforce BitLocker and Manage Local Administrator Access. But, what happens when the GPO change doesn’t reliably or rapidly reach your hybrid or remote users?
Centralized Platform
All services for all devices are delivered from the same platform.
Mobile
Intune is a fully-featured MDM for mobile devices.
Stay Consistent
We specialize in optimizing
Intune environments, focusing on key areas such as administrative access, security compliance, software updates, and configuration consistency.
Our Engineers SAVE TIME
Don’t Paint Yourself Into a Management Corner
A customer of Crossconnect had 800 remote users and ended up having to make an emergency per-device change on all of them – by hand – individually! Had Intune been in place in advance, the entire change could have been automated. Crossconnect Engineering specializes in optimizing Intune environments, focusing on key areas such as administrative access, security compliance, software updates, and configuration consistency
Crossconnect’s Proactive Device Management Approach
Our Device Management Experts Will:
Create an Azure Firewall in the Hub Virtual Network: Configure the Azure Firewall with up to twenty rules for traffic between workloads and the internet, on-premises networks, or other workload Virtual Networks
Implement Local Admin Password System: Do you know what the local administrator password is on all devices, and/or the last time it was changed? Intune solves this problem with LAPS, the Local Admin Password System. Intune rotates the local admin password on a scheduled basis, and stores that password with each device’s entry in Intune for quick retrieval.
Assess Device Health: Conduct a comprehensive evaluation of device health, focusing on security compliance, software updates, and configuration consistency. This includes evaluating current device management technologies like GPOs. We make sure security patches are consistently deployed, installed, and the end devices rebooted on a schedule can be complicated. Intune uses policies to manage devices without the need for an on-premises connection or third-party agent.
Implement Security Policies: Configure Intune policies to enforce ‘best practice’ security measures such as encryption, password requirements, and device restrictions, enhancing your overall security posture. Intune has a variety of security policies available for configuring technologies like Windows Hello, disk encryption with BitLocker, and Windows Defender Firewall. Intune provides reporting for these technologies, taking the guesswork out of security policy enforcement.
Optimize Configurations: Review and adjust device settings to align with organizational policies, security standards, and user requirements. Even though Intune offers a new way to manage devices with many GPO-like settings, GPOs are not left behind. Many GPO settings can be imported directly into Intune, and others can be reproduced.
Create Autopilot Template: You have a set of applications and configurations that users need to have on their devices, providing secure access to the information they need. Intune provides Autopilot, which can efficiently image (or reimage) a PC with the exact settings you specify. You can even reimage a PC remotely without having it sent back to the office.
WHAT WE DO
Deploying Intune
Deployment is performed as a pilot. After successful pilot deployment, customer
may decide if they wish to expand the deployment themselves, or engage in a
separate SOW to have Crossconnect expand the deployment.
Goal Definition: Assist with defining goals. What are you hoping Intune will accomplish for you? This step will take existing GPOs into account, if applicable.
Autopilot: Enroll 5 pilot devices in Autopilot, demonstrate how to get the hardware hash uploaded. Use PowerShell to gather hardware IDs.
Compliance Policy: Create one compliance policy, to include settings such as password complexity, OS version, non-rooted operating system, BitLocker enforcement. Define actions for non-compliant devices.
Device Configuration Profile: Migrate from existing GPO and/or create new settings. Pull from a single GPO (the default domain policy). Max of 10 settings.
Application Management: Choose one modern application to deploy. As this application can vary in complexity, this effort is limited to two hours.
Endpoint Security Policy: Define and deploy security settings for BitLocker, LAPS, firewall, antivirus, and patching.
Testing: Verify the configuration above worked correctly, troubleshoot asneeded. Over-the-shoulder work with customer is encouraged.
Cost of Service
Includes piloting up to five Windows devices.
$4,350
/one-time
charge
Device Management
Data Security
Compliance