Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Microsoft Intune

You're reading from   Mastering Microsoft Intune Deploy Windows 11, Windows 365 via Microsoft Intune, Copilot and advance management via Intune Suite

Arrow left icon
Product type Paperback
Published in Mar 2024
Publisher Packt
ISBN-13 9781835468517
Length 822 pages
Edition 2nd Edition
Arrow right icon
Authors (2):
Arrow left icon
Christiaan Brinkhoff Christiaan Brinkhoff
Author Profile Icon Christiaan Brinkhoff
Christiaan Brinkhoff
Per Larsen Per Larsen
Author Profile Icon Per Larsen
Per Larsen
Arrow right icon
View More author details
Toc

Table of Contents (25) Chapters Close

Preface 1. Understanding the Basics
2. Introduction to Microsoft 365 FREE CHAPTER 3. Cloud-Native Endpoints 4. Requirements for Microsoft Intune 5. Windows 365
6. What Is Windows 365? 7. Deploying Windows 365 8. Mastering Microsoft Intune
9. Windows Deployment and Management 10. Windows Autopilot 11. Application Management and Delivery 12. Understanding Policy Management 13. Advanced Policy Management 14. Intune Suite 15. Copilot/AI 16. Identity and Security Management 17. Monitoring and Endpoint Analytics 18. Universal Print 19. Troubleshooting and Community
20. Troubleshooting Microsoft Intune
21. Troubleshooting Windows 365
22. Community Help 23. Other Books You May Enjoy
24. Index

Getting started with policy design

When designing your strategy for policy management with Microsoft Intune, it is important to take the right approach.

By starting with a security baseline, we get well-tested and secure sets of policies; you can even disable or remove individual settings in the security baseline if they do not suit your organization. When you have deployed the security baseline, you can start adding other policy types that suit your security or configuration needs.

There are several policy types in Microsoft Intune. In the following list, you can see the different policy types and the order in which you should start creating policies:

  1. Configure the security baseline.
  2. Configure the policy from the Endpoint Security blade.
  3. Configure the policy from the Settings catalog.
  4. Configure the administrative template.
  5. Configure the device configuration.
  6. Leverage a custom policy as a last resort.

Just remember that there are no right and wrong approaches, but if you’re undertaking a migration from Active Directory GPOs to MDM settings management, it might be a good time to start afresh and see what you need to configure instead of taking the legacy GPO settings of your on-premises environment with you. Sometimes, organizations do not even know why they implemented a specific policy setting back when they originally created it. Perhaps the person responsible for implementing this policy setting is no longer even with the company and did not leave any documentation on why the setting was configured the way it was in the first place.

As there is no conflict handling in the MDM stack, you might inadvertently create a conflict between two settings coming from two different policies to the same user or device. These could be from the same policy type or different policy types, so it is important to spot and monitor any conflicting policies.

  1. In order to monitor any conflicting policies, head to the Microsoft Intune admin center, and under each device, go to Home | Configuration:

Figure 9.14: Configuration policy status

  1. You can see the policy that has conflicts and the work required to remediate the conflict:

Figure 9.15: Policy conflict

  1. When drilling down into the policy, you can see which settings are in conflict. In this case, I see that there is a conflict between a policy in the Endpoint Security blade and the Antivirus – Windows Defender Antivirus policy type:

Figure 9.16: Profile settings

  1. Going to that policy, you can see in the Per-setting status blade that the top line, CPU usage limit per scan, has conflicts. When you find conflicts, you need to go into the policies with conflicts and change the conflicting settings so they are only configured in one policy:

Figure 9.17: Per-setting status

Let’s now have a look at how to implement different policy types.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image