How Microsoft Intune and IT Asset Management Work Together to Secure Your Devices

At its core, Intune works by enrolling devices into a central management system. Once a device is enrolled, it regularly "checks in" with Intune over the internet. During these check‑ins, Intune:

• Sees whether the device complies with your security policies
• Pushes new policies or configuration changes
• Deploys software updates and apps
• Reports basic status and health information back to IT

From there, your IT team can do things like:

• Set configuration policies – For example, require disk encryption, enforce a password, or disable certain risky features.
• Deploy software and updates – Push that urgent Windows security update to every laptop without having to touch a single one physically.
• Monitor compliance – Quickly see which devices meet your security standards and which don’t.
• Trigger remote actions – Lock, wipe, or reset a device if it’s lost or stolen.

In my experience, the real magic is that everything happens over the cloud. Devices don’t need to come into the office or connect to a corporate network. As long as they can reach the internet, you can manage them.

To make this more concrete, here are some of the most important ways Intune helps protect your organization:

1. Password and Multi-Factor Authentication (MFA) Requirements
You can force devices to have a PIN or password and combine that with MFA using Azure AD. This means even if someone steals a laptop, they’ll have a much harder time getting into company resources.

2. App Control and Restrictions
Intune lets you control which applications can be installed or used on managed devices. For example:
- Block certain unapproved apps
- Require that business data stays within managed apps
- Deploy only IT-approved software catalog items

3. Remote Software Deployment and Updates
Need to install a security update, a new VPN client, or a line-of-business app? You can push it remotely to all targeted devices or specific groups. This is crucial for things like critical Windows security patches.

4. Device Encryption and Remote Wipe
You can require full-disk encryption (like BitLocker on Windows) to protect data at rest. If a device is lost or stolen, Intune allows you to:
- Remotely wipe corporate data
- In some cases, completely reset the device to factory settings

5. Keeping Devices Up to Date
Intune helps ensure that devices and apps stay on recent versions with the latest security patches. In security, outdated software is like leaving a window open in a storm.

None of this is especially glamorous, but together it dramatically reduces risk and manual effort.

Intune supports:

• Windows devices (laptops, desktops, some tablets)
• macOS devices
• iOS/iPadOS devices (iPhones and iPads)
• Android devices

What this means in practice:

• Your sales team can use iPhones.
• Your designers can work on MacBooks.
• Your developers can run Windows laptops.
• Your field staff can use rugged Android devices.

And yet, all of those devices can still follow consistent security and compliance rules through Intune.

To be honest, this kind of flexibility is almost essential now. Employees expect to use the device that suits them best, and organizations need to support that without letting security fall apart.

One huge advantage of Intune is enabling BYOD (Bring Your Own Device) in a secure way.

Employees increasingly want to use their own smartphones, tablets, or even personal laptops to access email, files, and business apps. Understandably, IT and security teams worry about this—how do you protect company data on a device you don’t fully own or control?

Intune helps by:

• Separating work data from personal data on mobile devices
• Allowing IT to manage only the work profile or work apps, not the entire device
• Enforcing security rules (like PIN, encryption, and blocking copy/paste of corporate data into personal apps)
• Removing only the corporate data and apps if the employee leaves, without wiping their personal photos, messages, etc.

So your employees can:

• Use their personal smartphones to read work email and access company apps
• Keep their personal data private

And your IT team can still:

• Enforce security policies
• Reduce data leakage risks
• Revoke access quickly when needed

It’s a balance between control and user freedom, and Intune is surprisingly decent at walking that line when configured well.

Intune is fantastic for:

• Enforcing policies
• Deploying apps and updates
• Checking compliance
• Protecting data on devices

However, it’s not built to be a complete source of truth for your IT inventory.

Some gaps you may run into if you rely solely on Intune:

1. Fragmented View of Assets
You might have devices in Intune, others in Jamf (for macOS/iOS), maybe Kandji, and some still tracked in spreadsheets. There’s no single, reliable picture of:
- What you own
- Who is using what
- Where devices physically are

2. No Central View of Accessories and Peripherals
Mice, monitors, docking stations, keyboards—these don’t usually show up in MDM tools. But they still cost real money, and they still walk away or pile up in storage closets.

3. Weak Lifecycle and Warranty Tracking
Intune isn't designed to manage:
- Purchase dates
- Warranty status
- Expected refresh cycles
- Asset tags and physical labels

4. Incomplete Software License Management
It might tell you what’s installed, but that’s very different from tracking:
- License counts
- Renewal dates
- Who’s assigned which licenses

In my opinion, using Intune alone for asset management is a bit like using your email inbox as your task manager. You can technically do it, but it gets messy pretty quickly.

To fill those gaps, organizations use dedicated IT asset management software that integrates with their MDMs. One example mentioned in the transcript is BlueTally.

The general idea with a tool like BlueTally is:

• Intune (and other MDMs) handle device configuration and security
• BlueTally becomes the single point of truth for your entire IT inventory

Here’s what that looks like in practice:

1. Automatic Import from Intune and Other Systems
BlueTally can automatically pull device data from:
- Microsoft Intune
- Jamf
- Kandji
- Spreadsheets and CSV files

This means you no longer have to manually enter or reconcile device information from each system. You get a unified list of:
- All laptops and desktops
- Mobile devices
- Tablets
- Any other managed hardware that’s in your MDMs

2. Tracking Accessories and Non-MDM Assets
You can add and manage items like:
- Mice
- Keyboards
- Monitors
- Docking stations

These are usually invisible to tools like Intune, but they’re still part of your IT spend and user experience.

3. Centralized Software License Management
BlueTally also lets you track software licenses:
- Who a license is assigned to
- How many licenses you own vs. how many are used
- Renewal and expiration dates

This helps avoid both over-paying for unused licenses and getting caught short on compliance.

4. Automatic Warranty Information
One particularly practical feature is automatic warranty lookups. BlueTally can pull warranty information from vendors like Dell and Lenovo, saving the hassle of checking each device manually.

Knowing which devices are still under warranty is crucial when you’re planning:
- Replacements
- Repairs
- Budgeting for next year’s hardware

5. Practical Integrations to Boost Productivity
Beyond MDM and hardware, BlueTally offers integrations that help streamline IT workflows—for example, tying into ticketing tools or collaboration platforms. The transcript doesn’t list all of them, so I won’t invent details here, but the point is: your asset data becomes useful in day‑to‑day operations, not just something that lives in a spreadsheet no one trusts.

Put simply, Intune helps you control devices; ITAM tools like BlueTally help you understand, track, and plan for them throughout their lifecycle. Both are needed for a mature IT setup.

Imagine you’re managing IT for a company with around 300 employees. A new critical Windows security update is released, and you need to make sure every relevant laptop is patched quickly.

Without something like Intune, your options are…not great:

• Email everyone instructions and hope they follow them
• Remote into machines individually
• Or even schedule time to physically update each device

That’s slow, inconsistent, and honestly, pretty stressful.

With Microsoft Intune in place, the process looks very different:

1. You define a policy that requires the new security update.
2. You target that policy to all your Windows laptops.
3. Intune pushes the update the next time those devices check in.
4. You monitor compliance reports to see which devices have successfully updated.

No need to chase people down or fly someone to each office. The update happens remotely, at scale, in a predictable way.

Now, let’s say you’ve nailed the Intune setup. Devices are secure, updates are deploying, and BYOD is under control. But when someone asks a simple question like:

• “How many laptops do we actually have?”
• “Which accessories did we assign to the new hires last month?”
• “What’s our warranty status on all Dell machines?”

You suddenly find yourself jumping between:

• Intune
• Jamf or Kandji (for Apple devices)
• Several spreadsheets
• Old purchase emails

This is where a tool like BlueTally makes life easier:

• You import devices from Intune, Jamf, Kandji, and your old spreadsheets into one place.
• Each asset gets a proper record: owner, location, status, purchase date, warranty, etc.
• You add accessories and link them to specific users or workstations.
• You track software licenses alongside hardware.

Suddenly, simple questions have simple answers, because you finally have that “single point of truth” for your entire IT inventory.

And if you want to try this out without committing right away, BlueTally offers a demo and free getting‑started option through their site (bluetallyapp.com), which is handy for testing whether it fits your existing processes.

Use Microsoft Intune primarily for:

• Security enforcement – Passwords, MFA, encryption, data protection
• Policy management – What devices can do and which apps are allowed
• Remote updates and software deployment – Keeping everything patched and consistent
• Support for remote and BYOD workers – Managing devices that never enter the office

Intune shines when you want control, compliance, and automation across diverse devices and operating systems.

Use a dedicated IT Asset Management (ITAM) platform, such as BlueTally, for:

• Creating a single source of truth for all IT assets (hardware, accessories, licenses)
• Aggregating data from Intune, Jamf, Kandji, and spreadsheets
• Tracking lifecycle data – purchase dates, owners, location, status
• Managing warranties and refresh planning
• Keeping an eye on software licenses, allocations, and utilization

Together, these tools give you both:

• Strong operational control (from Intune)
• Strong strategic visibility (from ITAM)

In my experience, organizations that combine both are the ones that move from constantly putting out fires to actually planning ahead and reducing surprises.

Start by:

1. Identifying target device groups – For example, all company‑owned Windows laptops.
2. Configuring baseline security policies – Passwords, encryption, OS update requirements.
3. Enrolling devices – Through automated provisioning where possible, or manual enrollment for existing machines.
4. Rolling out test deployments – Start with a pilot group before pushing policies company‑wide.

Focus initially on the basics: getting visibility, enforcing core security settings, and deploying critical patches reliably.

Once Intune is up and running (or at least in progress), begin building your asset inventory:

1. Choose an ITAM tool – Something like BlueTally that integrates with Intune, Jamf, and Kandji.
2. Import existing data – Pull devices from your MDMs and old spreadsheets.
3. Add accessories and licenses – Don’t forget the “small stuff” and software; it adds up.
4. Standardize key fields – Owners, locations, cost centers, statuses, etc.

From there, you can gradually refine your asset data—clean up duplicates, fill in missing warranty information, and align everything with your onboarding/offboarding processes.

It’s not about perfection on day one. It’s about moving from guesswork to reliable information, a step at a time.