Configuration and Compliance with Best Practices

To have your Intune enrollment up and running is a nice thing. Now we start the next chapter – Configuration and Compliance within Microsoft Intune. There are almost endless possibilities of configuring devices enrolled with Intune and Windows Autopilot. In this post I explain every category and show you some of my best practices.

Configuration

Overview

Options

Administrative templates

Custom

Delivery optimization

Device firmware configuration interface

Device restrictions

Domain join

Edition upgrade and mode switch 

Email

Endpoint protection

Identity protection 

Imported Administrative templates (Preview)

Kiosk

Microsoft Defender for Endpoint

Network boundary

Certificates

Secure assessment (Education)

Shared multi-user device

VPN

Wi-Fi

Windows health monitoring

Wired network

Sandbox

Settings Catalog

Compliance

Overview

You can set whatever you want, but it’s necessary to check the devices if they really applied all the settings. Intune uses Compliance-Reports for that. Every device will get checked if it applied all the things you set in your compliance policy. If that’s not the case, devices will fall into a grace period. It’s possible to set a specific time for grace period (default is 30 days). Event messages to the user to fix the problem could be sent. After this period device will be non-compliant. With a default Intune-setup nothing happens so far.
But why is it necessary then you might ask? For basic Intune environments it’s a good tool to see device health and update behavior. The interesting part starts with Conditional Access. You can block Non-Compliant devices for specific ressources or the whole company network / data.

More about that in a future post. Stay tuned!

Options

Default Template

Custom Scripts

Notifications

That’s it

Now you know everything about every type of configuration profile and about compliance policies. Your devices are configured and checked now. But wait, do you need to deploy applications as well? No worries, in the next post of the “Get started Series” you’ll find a detailled guide about packaging.