In this video, learn how to use Microsoft Intune to manage Windows 10 devices using policies.
- Let's drop onto our demo environment and create a device compliance policy for our Windows 10 devices. I'm logged into my Microsoft 365 admin center, I'll scroll down and select Device Management to open the Microsoft 365 Device Management portal. On the left hand side, I'll select device compliance, and then under manage, click policies. Here we can see there's one policy in place already. I want to create a new policy, therefore I'll click Create Policy. The first thing we need to do is enter a name and a meaningful description. We then need to choose the platform that we want to create this policy for. The drop-down allows me to select Android, IOS, or Windows devices. Depending on the platform that we choose, we'll expose the various configuration options for that platform. For example, if I select Android, I can configure settings for device health, device properties, and system security. I'll choose Windows 10. Here we can see different options available. For example, configuration manage compliance, more settings for system security, and Microsoft Defender ATP. Let's review each of these settings. I'll select device health. Here we can see, we have BitLocker. We want to ensure that all drives are protected by encryption, so we'll change this from the default of not configured, to require. The next setting, Secure Boot, again we want to implement the maximum protection for our devices, so we'll also change this setting to require, so that the device will be forced to boot to a factory trusted state. For the require code integrity, we'll also set this to require so that drivers and system files are validated each time they're loaded into memory. I'll click OK. Here we can define the oldest operating system that a device can be running. We can enter the minimum and maximum versions, and we can also enter a range for the values of acceptable OS versions. We can configure our devices to be compliant from System Center Configuration Manager, and also configure the system security for our devices. Within the password area, there are many different settings for passwords. Most of them are self-explanatory. Let's click require. We could block simple passwords, we can configure the password to unlock the device, and the minimum password length. By default this is four, but we can increase this to six. We can also configure when a password is required to be input again. For example, if the device is not used for up to an hour. Scrolling down, I'll configure encryption on the data storage on the device. I'll require a firewall. We'll need to use a TPM, because we want to enable Secure Boot. I'll require antivirus and antispyware. Since our devices are running Windows 10, we'll be using Windows Defender, and I want to ensure that we're using real-time protection. For any setting you're not sure of, you can hover over the small 'i' to gain help. I'll click OK. The last setting available is to manage Microsoft Defender ATP. If you use Windows Defender ATP, you can use these settings to manage the risk of devices, and we can set that threat level from clear, low, medium, or high. So now we've configured the settings that we want for our Windows 10 device compliance policy. I'll select OK, and then click Create. The policy's created, and it's now available to be assigned. I'll click assignments, and then select the group. I want to assign this to our sales and marketing team, so I'll type in "sales," select sales and marketing, and then click select, and finally click save. We can see in the list of policies that our secure Win10 laptops, bracket Sales, has now been configured and assigned.
This course closely aligns to the first two domains of exam MD-101: Managing Modern Desktops: Deploy and update operating systems and Manage policies and profiles.
- Implementing Windows 10
- Provisioning packages
- Deploying Windows 10 using Windows Autopilot
- Upgrading to Windows 10
- Managing Windows Update for Business
- Managing device authentication
- Working with user profiles
- Managing Windows 10 using Microsoft Intune
- Managing policy precedence