Post on 31-Dec-2015
description
Click to edit Master subtitle style
Microsoft Virtual AcademyWindows Intune for IT Pros Jump Start
M05: Windows Intune Policies
David TesarRichard Harrison
First Half Second Half
(01) Big Picture with Windows Intune
(07) MDM Prerequisites and Cloud-only MDM Setup
(02) Architecture Design Considerations
(08) Cloud-only Software Publishing and Deployment
(03) Extending Identity to Windows Azure Active Directory
(09) Setting Up & Configuring Unified Infrastructure (+ MDM Setup)
(04) Administrator Roles, Users and Groups
(10) Unified MDM Settings and Compliance
(05) Windows Intune Policies(11) Unified MDM Software Deployment
(06) Cloud-only PC Setup (12) End User Enrollment
Windows Intune for IT Pros Jump Start
• Policy Templates–Mobile Device Security Policy– The Windows Intune Agent Settings Policy–Windows Intune Center Settings Policy–Windows Firewall Policy
• Forcing Policy Refreshes
• Policy Precedence
• Best Practices
Module Overview
Policy Templates
Mobile Device Security Policy
Windows Intune Agent Settings Policy
Installing Windows Intune Endpoint Protection
Is AV installed
?
Start Client Installation
Is MSE, SCEP, FEP
installed?
Install WIEP
Install WIEP, Enable WIEP
Do not install WIEP
Yes
No
1
Disable WIEP
Upgrade to WIEP
Enable WIEP
Is EP Policy
enabled?
Is EP Policy
enabled?
No Yes
No
Yes
Yes
Do not install WIEP
3No
Only on…
4
2
Windows Intune Center Settings
Windows Firewall Settings
Forcing Policy Refreshes
• Policy conflicts are resolved through:1. Group hierarchy
2. Timestamps
• Conflicts reported as Policy alerts
• Group Policy settings take precedence
Policy Precedence
Desktops
Head Office
Laptops
Policy 1
Policy 2
Policy 3
• Create default:– Windows Intune Agent Settings policy…
• before installing the Windows Intune client on computers
• Control the installation of Windows Intune Endpoint Protection
– Mobile Device Security policy…• Set required password settings
• Apply Default policies to All Computers to set your baselines
• Assign more specific policies to lower groups
• Clients check for policy at varying times (depending on the platform) so plan ahead.
Windows Intune Policies Best Practices
DEMO
Managing Policies
• Policy Templates–Mobile Device Security Policy– The Windows Intune Agent Settings Policy–Windows Intune Center Settings Policy–Windows Firewall Policy
• Forcing Policy Refreshes
• Policy Precedence
• Best Practices
Module Overview
©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.