Managing Devices and Profile
Managing Devices and Profile
Microsoft endpoint manager admin center:
Microsoft endpoint manager helps deliver the modern workplace and modern management to keep your data secure in the cloud and on-premises. Endpoint manager includes the services and tools you use to manage and monitor mobile devices, desktop computers, virtual machines, embedded devices, and servers.
To go to the Microsoft endpoint manager admin center, you will need to type endpoint.microsoft.com on your browser’s address bar.
Compliance policies:
A compliance program is a set of internal policies and procedures of a company to comply with laws,
rules, and regulations or uphold the business reputation.
How to create a compliance policy and add to a group
A new policy is created; when users turn off their real-time protection action for noncompliance, they will retire the non-compliant device or send an email.
1. Click on ‘Devices’ then ‘Compliance policies’ then ‘+Create Policy.’
Figure 1 Create Policy
2. Select a platform; types of platforms are in the image below. Click create
Figure 2 platform
3. Give the name of the policy and description.
Figure 3 policy and description
4. Select the compliance setting that you want to require
Figure 4 compliance setting
5. Give action for noncompliance
Figure 5 action for noncompliance
6. Assignments of the group of users
Figure 6 Assignments of group
7. Review and create
Figure 7 Review and create
Conditional access
Conditional Access gives you the ability to enforce access requirements when specific conditions occur.
Let's take a few examples
Conditions | Controls |
When any user is outside the company network | They're required to sign in with multi-factor authentication |
When users in the 'Managers' group sign-in | They are required be on an Intune compliant or domain-joined device |
How to create a new conditional access policy:
1. Click on ‘Devices’ then ‘Conditional access’ then ‘+New Policy’
Figure 8 ‘+New Policy’
2. Give suitable name, assign users or groups
Figure 9 name, assign users or groups
3. Select cloud apps used or actions performed by user
Figure 10 Select cloud apps
4. Give condition that defines when the policy will apply
Figure 11 Give condition
5. Block access or grant access with condition
Figure 12 Block access
6. Switch enable policy mode on
7. Click Create
Figure 13 enable policy mode on
Configuration profiles:
Device profiles allow you to add and configure settings and then push these settings to devices in your
organization. You have some options when creating policies.
How to create a profile
In the following example, we will bock the users from changing time and language in windows ten
and late.
1. Click on ‘Devices’ then ‘Configuration profiles’ then ‘create profile’
Figure 14 create profile
2. Select platform windows 10 and later, profile type templates then ‘device restrictions’ click create.
Figure 15 device restrictions
3. Give a suitable name and description, click next
Figure 16 suitable name and description
4. In configuration setting go to control panel and settings and block time and language
Figure 17 configuration setting
5. Assign users or groups or devices. For example, all users, all devices
Figure 18 Assign users or groups or devices
6. Specify how to apply this profile within an assigned group. Intune will only use the profile to
devices that meet the combined criteria of these rules. For example, set profile if OS edition
windows ten professional.
Figure 19 Application rules
7. Review and click create
Figure 20 Review and create