12 Governance Domains. One Assessment.
IRIS evaluates your Intune tenant across every domain that matters — not just the ones that show up in a dashboard.
Compliance Policies
Device compliance rules that gate access to corporate resources. We assess whether your policies actually enforce the conditions your security team thinks they do.
Configuration Profiles
Settings catalogs, templates, and custom OMA-URI policies. We audit every profile for conflicts, redundancy, and coverage gaps across your device fleet.
App Management
Win32 apps, LOB apps, Microsoft Store, and app protection policies. We evaluate deployment targeting, update rings, and unmanaged app exposure.
Security Baselines
Microsoft-recommended security settings for Windows, Edge, and Defender. We check whether baselines are deployed, current, and not overridden by conflicting profiles.
Endpoint Protection
Defender for Endpoint onboarding, ASR rules, firewall policies, and BitLocker encryption. We verify that protection is active — not just configured.
Conditional Access
Entra ID Conditional Access policies that enforce device compliance before granting access. We map every policy to identify gaps and over-permissive rules.
Update Management
Windows Update rings, feature update policies, and driver management. We assess patching cadence, deferral windows, and deadline enforcement.
Device Enrollment
Enrollment restrictions, device categories, and Autopilot profiles. We evaluate how devices enter your environment and whether rogue enrollments are blocked.
Identity & Access
Entra ID integration, role-based access, and admin scope tags. We audit who can manage what — and whether least-privilege is actually enforced.
Scripts & Remediations
PowerShell scripts, proactive remediations, and custom detection rules. We review execution scope, error handling, and whether scripts are still relevant.
Reporting & Monitoring
Built-in reports, custom Log Analytics queries, and alert rules. We assess whether your team actually has visibility into what Intune is doing.
Platform Coverage
Windows, macOS, iOS, and Android management parity. We identify which platforms are managed, which are partially managed, and which are blind spots.
Assess. Configure. Harden.
A structured engagement path from assessment to production-ready Intune.
IRIS Assessment
Our certified engineers evaluate your Intune tenant across all 12 governance domains. You get a branded report with specific findings, risk ratings, and prioritized recommendations — not a generic checklist.
Intune Foundation Setup
Based on IRIS findings, we configure your Intune tenant from the ground up — compliance policies, configuration profiles, app deployment, security baselines, and Conditional Access. Engineered to your environment, not a cookie-cutter template.
CIS Hardening (Optional)
457 CIS Windows 11 controls mapped to Intune configuration profiles. Level 1 and Level 2 benchmarks deployed, validated, and documented. The hardening layer that turns a good Intune setup into a defensible one.
Who this is for
Our Intune solutions are built for organizations that have the licensing but not the configuration. If any of these describe your environment, we should talk.
Related Solutions
Windows Autopilot
Zero-touch provisioning that turns Intune configuration into automated device deployment.
Learn more →CIS Hardening
457 Center for Internet Security (CIS) controls mapped to Intune configuration profiles and validated end-to-end.
Learn more →Endpoint Security
Defender for Endpoint, ASR rules, BitLocker, and Conditional Access — all enforced through Intune compliance.
Learn more →Not sure how your Intune tenant actually scores?
Book an IRIS assessment. Our engineers evaluate all 12 governance domains and deliver a prioritized action plan — not a generic report.