Microsoft 365 is supported by Microsoft Intune, which is a mobile device in that management service. With Microsoft Intune, you can manage your organization's devices by implementing rules and policies which gets rolled out to any device enrolled in Intune. Things like requiring a certain type of password or a VPN connection are both things that can be implemented using Microsoft Intune. Now Intune works across multiple Operating Systems supporting Windows, MacOS, and iOS or android devices. In many cases, users might be using their own device to access company data on something like a mobile phone. Intune supports BYOB or bring your own device style management. 

Depending upon the device, users can sign into their work account and verify their identity with multi-factor authentication to access company data. The benefit of this is that enrolling in Intune does not provide full device control to your company, and instead leaves it in the user's hands. In this example, the company may be able to require certain password lengths to ensure protection of data, however, the administrator of the device is still the user. Another level of this is Azure Active Directory. As part of Microsoft's enterprise mobility and security offering, Microsoft Intune integrates with Azure Active Directory to validate users and protect your data. 

With the Azure Active Directory, you can apply a wide range of security options to your users and your data. For example, Azure AD enables use of things like: multi-factor authentication, conditional access rules, B2B or business to business connections, self service password resets, PIM or Privileged Identity Management, and more. Now that we have a basic understanding of Intune, let's take a real world example of a business and talk about a digital transformation into Microsoft 365 to showcase how devices are managed throughout the process. Let's say a business has on-premises desktops and servers that they have had to manage. Well, that business can utilize the configuration manager to deploy and manage devices, applications, and Operating Systems of those on-premises devices. 

However, in the world we live in today, many businesses provide laptops or ask employees to use a mobile device, either the companies or through a BYOB model. This can make utilizing something like the configuration manager a bit more of a pain since those devices aren't always readily available for IT. This is where utilizing Intune alongside the configuration manager can be incredibly useful. Intune works directly with the configuration manager and also provides additional benefits. By attaching your configuration manager to Intune, an organization gains all the benefits of the cloud, such as conditional access, Windows autopilot, and more. 

Microsoft even has a specific tool known as the Microsoft Endpoint Manager, which unifies management of both Intune and the Configuration Manager into one simplified dashboard. Since the business is utilizing both the configuration manager and Intune, you get the benefits of both in this new hybrid model. This helps businesses who already have invested in infrastructure to continue to utilize their current setup while gaining these extra cloud benefits. While Intune does integrate with Azure Active Directory for Employee Identity Management, if a business already has an On-Premises Active Directory, they may still continue to use it with Azure AD Connect. Azure AD Connect is a tool used in a hybrid model, integrating your On-Premises directories with Azure Active Directory. With this, users can still access data and applications in the cloud using the same identity and login they use for on-premises applications.