As we begin to move into the modern desktop environment from Microsoft, we will be relying heavily on Intune for our policy management to replace traditional GPOs. The process of implementing Intune can become tedious and redundant if you are implementing many of the same practices across your customer base. We need our processes to be as automated as possible to save us time and reduce human error. For this reason I create a powershell run book that configures an Intune environment in a single command. This runbook was meant for the M365 Business skuĀ but it can be customized to meet the requirements of what you want as a template
What the runbook creates
A device compliance policy for iOS, Android, and Windows
A device configuration policy for Windows Devices to have BitLocker
.
Terms and Conditions for when users enroll
Office 365 Business pushed out as a required App to window 10 devices and an uninstall of existing versions of Proplus
Microsoft Authenticator pushed out as a required App for iOS and Android devices
Customize Your Template
You will be able to customize each configuration setting if you do not want to match the default settings I have selected as best practices
Awesome
Why does the runbook create a single Compliance Policy for IOS but for Android it creates Two ? (One for BYOD and another for Company owned Devices)
Should there not be Two for IOS as well or Am I missing something ?
Hey Jay, yes Android does have this separation but iOS does not https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-android-for-work