Applies to: Nerdio Manager for MSP (NMM) v3.0.0+
In this article, we will learn how to create and manage assignments for compliance policies, configuration profile policies, and security policies through Nerdio.
App configuration policies can help you eliminate app setup problems by letting you assign configuration settings to a policy that is assigned to end-users before they actually run the app. You can create and use app configuration policies to provide configuration settings for various platforms such as iOS/iPadOS, macOS, Windows 10 or later, and Android apps. These configuration settings allow an app to be customized by using app configuration and management. The configuration policy settings are used when the app checks for these settings, typically the first time the app is run.
Intune makes it easy to deploy Windows security baselines to help you secure and protect your users and devices. Security baselines are groups of pre-configured Windows settings that help you apply and enforce granular security settings that are recommended by the relevant security teams.
Read further to learn how to:
- Create a policy
- View and manage policies on NMM portal
- Assign groups to a policy
- Manage Intune device through security groups
Create a policy
You can create compliance policy, configuration profile policy, and security policies by logging onto the Microsoft Endpoint Manager admin center. Login to Microsoft Endpoint Manager admin center. Navigate to Devices >Configuration profiles and click Create policy button. Enter the relevant information and create a configuration profile policy for iOS/iPadOS, for example, as shown below:
Similarly, navigate to Devices >Compliance policies and click Create policy button. Enter the relevant information and create a compliance policy for Android devices as shown below:
Similarly, navigate to Endpoint security >MDM Security Baseline and click Create profile button. Enter the relevant information and create a security profile policy as shown below:
View and manage policies on NMM portal
In order to configure policies on devices, you need to assign policies to security groups. And then manage Intune devices through security groups.
To view and manage policies on the NMM portal, log into your account. Navigate to INTUNE>Policies tab:
You will be able to see all policies created on the Microsoft Endpoint admin center on this page:
You can hover on the icon by the policy name to view its type:
Similarly, you can also view the security baseline policies on the same page under Security policies section:
Assign groups to a policy
To assign policies to security groups, navigate to INTUNE>Policies tab. Select a policy (say Intune data collection policy) and click Assign button next to it:
On the pop-up, select a security group (say 12MSecurityGroupfromOffice) and assign it to Included Groups and optionally select another security group (say DnsUpdatePolicy) and assign it to Excluded Groups. Click Confirm button:
You can track the progress of Update Policy Assignments tasks under Policies tasks section:
Manage Intune device through security groups
The next step is to associate Intune devices to security groups. Navigate to Groups section and select the same security group (say 12MSecurityGroupfromoffice) to which you want to associate an Intune device. Expand the Edit action menu and select Manage Intune Devices:
Note: The Manage Intune Devices option is not available for M365 groups:
On the "Manage Intune devices" pop-up, select the Intune device (say TESTP1) and click Confirm button:
You can track the progress of Group device assignment tasks under Group tasks section:
Once the task completes successfully, you can see that the device "TESTP1" is assigned to security group (12MSecurityGroupfromoffice) on Microsoft Endpoint Manager admin center:
Also, when you navigate to Devices>Configuration policies and view Properties tab for "Intune data collection policy", you will find device "TESTP1" associated with the "Intune data collection policy":
In this way, you can manage your Intune device settings with the help of policies and baseline configurations.