Endpoint Manager

Microsoft Endpoint Manager: Device Compliance Policies

Once you’ve got devices enrolled in Microsoft Endpoint Manager, one of the very useful things you can apply are compliance policies. These provide you a way to monitor and enforce restrictions on devices which are not following the proper practices that you want in your organization.

These compliance policies can be set up for devices of multiple operating systems:

  • Android
  • iOS
  • macOS
  • Windows 10 and later
  • Windows 8.1 and later

As is the case elsewhere in Endpoint Manager, Chromebook is the noticeable omission.

Continue Reading Microsoft Endpoint Manager: Device Compliance Policies

Microsoft Endpoint Manager: Device Configuration Policies

You’ve got your devices enrolled in Endpoint Manager. Now what? This opens up lots of tools including configuration policies.

Configuration policies allow for quickly rolling out the desired configuration to the device, without the user having to manually set it up. This can include a lot of different settings and vary by the operating system of the device. Some of the more interesting tools for Windows 10 includes:

Continue Reading Microsoft Endpoint Manager: Device Configuration Policies

Microsoft Endpoint Manager: Windows Autopilot

Windows Autopilot is a great system for deploying new Windows 10 devices, especially in the age of COVID-19 and so many working from home. Here’s the official documentation breaking down the details.

The high level overview is that the user of the machine receives it, perhaps at home or perhaps in an office. They turn it on. Depending on the configuration options the admin has set up, they may have as few as two things they need to do to get the device ready for use:

Continue Reading Microsoft Endpoint Manager: Windows Autopilot

Microsoft Endpoint Manager: Enrolling Devices

Suppose you’ve started to move toward managing your devices in Microsoft Endpoint Manager (Intune). There are a lot of methods available to do that. I’ll highlight just a few of the most interesting:

Windows Autopilot

If the device was set up with Windows Autopilot, enrolling to Endpoint Manager is one of the options to happen immediately as part of the setup. No further actions are necessary.

Continue Reading Microsoft Endpoint Manager: Enrolling Devices

Azure AD: Conditional Access Policies

Passwords are inadequate. Even for standard consumer tools, you should have at least two more tools in your toolbox: a password manager and multi-factor authentication. Those help make passwords suck less. But they do leave open some questions like: should you need to perform multi-factor authentication every time you log in? Should access be all or nothing, or should there be any accounting for degrees of risk?

Continue Reading Azure AD: Conditional Access Policies