What Intune does
Microsoft Intune is the modern replacement for on-premises endpoint management (SCCM/MECM, plus mobile-only MDM products). It enrols Windows, Mac, iOS and Android devices, deploys apps, enforces compliance policies, applies security baselines, distributes Windows Update for Business rings, and integrates with Conditional Access so non-compliant devices can be blocked from accessing Microsoft 365.
MDM vs MAM
Mobile Device Management (MDM) means the whole device is enrolled — common for corporate-owned devices. Mobile Application Management (MAM) means only the corporate app is managed without enrolling the device — used for BYOD, particularly on iOS where users won't accept full enrolment. Both are part of Intune; choosing the right one per scope is the most common Australian deployment design decision.
Where it fits in Essential Eight
Intune covers four Essential Eight strategies natively: application control via Intune Application Control or Windows Defender Application Control, patch applications via update rings, configure Office macros via Cloud Policy Service, and patch operating systems via Windows Update for Business. Combined with Defender for Endpoint, Intune is the engine of the Essential Eight Microsoft 365 control map.