Categories
MacAdmin

Mastering Cross-Platform Device Management with Intune

MASTERING CROSS-PLATFORM DEVICE MANAGEMENT

engagED 2026 Recap + Field Notes

At ISNSW’s ICT Conference, engagED 2026, I gave a talk on cross-platform device management with Microsoft Intune.

It was a practical walkthrough of:

  • what works
  • what doesn’t
  • and where people are wasting time

Based on what I see first hand and via our team helping amazing customers.

I recently re-ran the session with a smaller group at a local school, which gave me a chance to sense-check the content and be reminded of what resonated.

Below is a summary of the talk and what was discussed.

The core message: pick the right way (not every way)

Intune gives you flexibility. Too much of it.

There are 100 ways to do things — but there’s usually one you actually should do.

One of the reasons I built out the GitHub repo for the session was to cut through that noise and give people a shortlist of:

  • articles worth reading
  • tools worth using
  • patterns worth following

If you haven’t already, grab the full list here:
https://raw.githubusercontent.com/aarondavidpolley/engagED2026/refs/heads/main/favourites_23_04_2026.html

Where we’ve come from (and why it matters)

Most environments still carry baggage from traditional imaging:

  • PXE boot
  • Golden images
  • Build rooms
  • Manual staging

That world is effectively dead.

Modern expectation is:

Ship → unbox → sign in → ready.

Inside the repo, I’ve linked the Microsoft enrolment guidance and platform docs that show how all platforms now assume this model.

Recommended starting points from the favourites list:

Platform reality

One thing I always sanity check live:

  • Windows = dominant
  • iPadOS / iOS = strong
  • macOS = present
  • Android / Linux = edge cases

That matches both what we saw in the room and in most education environments.

This matters because:

Not everything is equal across platforms — design accordingly.

Filters > Groups (this is one of the biggest unlocks)

If you take nothing else from this content, take this:

Use filters, not groups, wherever you can.

Why:

  • Entra groups = slow
  • Filters = local evaluation on device

The single most important document in the repo for this is:

This is buried in Microsoft Learn, but it changes how you design:

  • Autopilot flows
  • Policy targeting
  • App assignment

Practical outcome:

  • Faster provisioning
  • Less “why hasn’t this applied”
  • Cleaner architecture

Provisioning: Autopilot (and just Autopilot)

This is simple:

If you’re not using Autopilot, you’re making life harder.

From the repo, key reference:

These show:

  • What works
  • What’s supported
  • What to avoid

Everything else (scripts, hybrid join hacks, GPO-based enrolment) falls into:

“You might get it working, but you’ll regret it.”

Identity: stop trying to synchronise passwords everywhere

This is where opinions usually come out.

Modern identity model (across all platforms):

  • Directory credential (used once)
  • Local secret (PIN / local password)
  • Biometrics (Face ID / Touch ID / Windows Hello)
  • MFA / Conditional Access / Passkeys

From the repo, I included:

These help frame the shift:

Passwords are no longer the central control point.

Key takeaway:

  • Stop forcing sync where it’s not required
  • Start designing around device-bound identity and phishing resistant (ie passkeys and password-less) credentials

App management: OG is best

This is where people burn time.

For Windows:

Package everything as Win32 apps (IntuneWin)

For macOS:

LOB (MDM) is more robust than PKG/DMG (Agent)

From the repo, relevant tools and references:

3rd party tools exist because:

  • Native app lifecycle in Intune isn’t strong enough on its own

The repo intentionally includes community tooling like Awesome Intune because:

You need ecosystem support to run Intune at scale properly.

Config management: “I have a group… I have a filter…”

10 points if you got this reference.

This was the comic relief section, but it matters.

Key idea:

  • Groups = identity-based assignment
  • Filters = execution control

From the repo:

The combination is how you:

  • Build consistent configurations
  • Avoid timing issues
  • Reduce complexity

Network: certificates are the new passwords

This is a shift that’s already underway.

From the repo:

Why it matters:

Wi-Fi and network auth should not rely on user passwords anymore.

Certificates provide:

  • Better security
  • Better UX
  • More consistency across platforms

Security: define your crown jewels

Security isn’t about turning everything on.

It’s about:

Knowing what matters, and protecting it properly.

From the repo:

Most people already have access to Defender.

The gap isn’t licensing—it’s configuration and understanding:

  • Where policies are coming from
  • How they overlap
  • What actually enforces control

What people actually valued

The feedback was consistent:

  • “Great hints & tips and resources.”
  • “Great resources to further develop our Intune instance…”
  • “Appreciated the in-depth Autopilot content and reading materials.”

That last point was intentional.

The goal wasn’t to deliver a talk.

It was to give people:

A set of things they can go and implement tomorrow.

Final thought

Intune isn’t hard simply because it’s missing features.

It’s hard because:

  • There are too many ways to do things
  • Not all of them are equal

The environments that succeed:

  • Standardise early
  • Pick proven patterns
  • Use the ecosystem
  • Stay consistent

Everything else becomes easier from there.

Repo: aarondavidpolley/engagED2026: Conference Talk Reference Material – Mastering Cross-Platform Device Management with Microsoft Intune

By Aaron

Aaron David Polley is a Canadian-born Musician and MacAdmin based in the Sunshine Coast, Queensland, Australia.

He grew up in a musical family that had a long history of accomplished musicians and songwriters. His own writing ability surfaced at the age of 7 when his first musical arrangement was used in a church service as a congregational song.

As an IT professional of 20+ years, most of his time is now leading 20+ staff at work and a family of 5 at home.