DEV Community

loading...

Device Enrolment, Compliance, Configuration policies, Policy sets, and scripts, Device clean up rules

SUNIL KUMAR
Cloud And Web Security Enthusiastic
・2 min read

We can enroll up to 1,000 mobile devices with a single Azure Active Directory account by using a device enrollment manager (DEM) account. DEM is an Intune permission that can be applied to an Azure AD user account and lets the user enroll up to 1,000 devices. A DEM account is useful for scenarios where devices are enrolled and prepared before handing them out to the users of the devices. By design, there's a limit of 150 Device Enrollment Manager (DEM) accounts in Microsoft Intune.

Why adopt this solution?
Intune lets you manage your workforce's devices and apps and how they access your company data. To use this mobile device management (MDM), the devices must first be enrolled in the Intune service. When a device is enrolled, it's issued an MDM certificate. This certificate is used to communicate with the Intune service.

We need a Microsoft Intune subscription to enroll the device. Now lets' enroll Windows 10 Desktop in Azure AD.

First, we will go to our window 10 device> settings> Account
image

Now we will go to Emails & accounts and will click on add work or school email.
image

We can see our device in Microsoft Endpoint Manager Admin Center by visiting https://endpoint.microsoft.com/> devices.

Now let's understand Compliance, Configuration policies, Policy sets, and scripts.
Now first create a compliance Policy. To do that, we will simply go to Microsoft Endpoint Manager Admin Center>Devices>Compliance policies
image
Now let's create a configuration profile. You can create profiles for different devices and different platforms, including iOS/iPad, Android device administrator, Android Enterprise, and Windows. Then, use Intune to apply or "assign" the profile to the devices.
image

Policy sets allow you to create a bundle of references to already existing management entities that need to be identified, targeted, and monitored as a single conceptual unit. A policy set is an assignable collection of apps, policies, and other management objects you've created. Creating a policy set enables you to select many different objects at once, and assign them from a single place.
image

PowerShell scripts use the Intune Management Extension to upload your PowerShell scripts in Intune, and then run these scripts on your devices. Also see what's required to use the extension, how to add them to Intune, and other important information.

image

Set your Intune device cleanup rules to delete Intune MDM enrolled devices that appear inactive, stale, or unresponsive. Intune applies cleanup rules immediately and continuously so that your device records remain current.
image

Discussion (0)