Submit a request

Nerdio Help Center

Overview of Intune Policies and Configurations


Applies to: Nerdio Manager for MSP (NMM) v3.0.0+


Overview

In this article, we will learn how to create and manage assignments for compliance policies, configuration profile policies, and security policies through Nerdio.

App configuration policies can help you eliminate app setup problems by letting you assign configuration settings to a policy that is assigned to end-users before they actually run the app. You can create and use app configuration policies to provide configuration settings for various platforms such as iOS/iPadOS, macOS, Windows 10 or later, and Android apps. These configuration settings allow an app to be customized by using app configuration and management. The configuration policy settings are used when the app checks for these settings, typically the first time the app is run.

Intune makes it easy to deploy Windows security baselines to help you secure and protect your users and devices. Security baselines are groups of pre-configured Windows settings that help you apply and enforce granular security settings that are recommended by the relevant security teams.

Read further to learn how to:

 

Create a policy

You can create compliance policy, configuration profile policy, and security policies by logging onto the Microsoft Endpoint Manager admin center. Login to Microsoft Endpoint Manager admin center. Navigate to Devices >Configuration profiles and click Create policy button. Enter the relevant information and create a configuration profile policy for iOS/iPadOS, for example, as shown below:

Create_ios_conf_policy.png

Similarly, navigate to Devices >Compliance policies and click Create policy button. Enter the relevant information and create a compliance policy for Android devices as shown below:Create_Android_compliance_policy.png

Similarly, navigate to Endpoint security >MDM Security Baseline and click Create profile button. Enter the relevant information and create a security profile policy as shown below:

Security_baseline_policy_Endpoint.png

View and manage policies on NMM portal

In order to configure policies on devices, you need to assign policies to security groups. And then manage Intune devices through security groups.

To view and manage policies on the NMM portal, log into your account. Navigate to INTUNE>Policies tab:

Navigate_to_Intune_policies.png

You will be able to see all policies created on the Microsoft Endpoint admin center on this page:

View_policies_age_NMM.png

You can hover on the icon by the policy name to view its type:

Compliancepolicy_hover.png

Config_policy_hover.png

Similarly, you can also view the security baseline policies on the same page under Security policies section:

Securitypolicy_hover.png

Assign groups to a policy

To assign policies to security groups, navigate to INTUNE>Policies tab. Select a policy (say Intune data collection policy) and click Assign button next to it:

Compliancepolicies_list_select_assign_on_datacolection.png

On the pop-up, select a security group (say 12MSecurityGroupfromOffice) and assign it to Included Groups and optionally select another security group (say DnsUpdatePolicy) and assign it to Excluded Groups. Click Confirm button:

Datacollectionpolicy_assignment.png

You can track the progress of Update Policy Assignments tasks under Policies tasks section:

Policies_tasks_datacollectionpolicyupdate.png

Manage Intune device through security groups

The next step is to associate Intune devices to security groups. Navigate to Groups section and select the same security group (say 12MSecurityGroupfromoffice) to which you want to associate an Intune device. Expand the Edit action menu and select Manage Intune Devices:

12MsecurityGroupfromOffice_manage_intune_device.png

Note: The Manage Intune Devices option is not available for M365 groups:

Manage_intune_devices_option_not_available_for_M365_grp.png

On the "Manage Intune devices" pop-up, select the Intune device (say TESTP1) and click Confirm button:

Manage_intune_devices_popup.png

You can track the progress of Group device assignment tasks under Group tasks section:

Grouptasks_successful.png

Once the task completes successfully, you can see that the device "TESTP1" is assigned to security group (12MSecurityGroupfromoffice) on Microsoft Endpoint Manager admin center:

12MsecurityGroupfromOffice_members.png

 

Also, when you navigate to Devices>Configuration policies and view Properties tab for "Intune data collection policy", you will find device "TESTP1" associated with the "Intune data collection policy":

Assign_policy_to_device_via_grp.png

In this way, you can manage your Intune device settings with the help of policies and baseline configurations.

Was this article helpful?
0 out of 0 found this helpful
Important Notification for NFA Partners Only
  • Microsoft is sunsetting Azure Classic (not Azure Virtual Desktop (AVD)) - Microsoft Article
  • NFA sunset occurs February 20th, 2023
  • NFA will be fully supported until the official sunset - nfa.support@getnerdio.com

Comments

Please sign in to leave a comment.