Today, I will show you how I use Microsoft Intune to apply computer policies to managed Windows 10 devices.
Active Directory Group Policies and Intune policies do the same thing however at this stage Active Directory have far more policies that can be applied to managed machines compare with Intune.
Last time I checked AD had around 65,000 policy options and Intune has around 500, however, I believe that most organisation are using 10% of all available options.
It looks like Intune provides the most used policies that will get most organisation under control.
Intune is a cloud-based Mobile Device Management solution from Microsoft that allows us to protect and manage mobile devices as full corporate devices or as BYOD devices.
Microsoft Intune is also part of Microsoft’s Enterprise Mobility + Security (EMS) suite that includes Azure Active Directory and Azure Active Directory Information Protection.
To get started, I will use the Intune portal to create a device restrictions policy for window 10 devices only.
As you can see below, In the settings page Intune offers many settings that apply to General, password, privacy, etc
I will start by selecting a very basic policy, for example, I will Block OneDrive file sync
To apply the policy I simply select Block or not configured.
Once the policy is set I will use the Assignments page to apply it to user or groups.
As you can see below, I selected my Intune pilot group
Once done, I will apply it to my pilot computer
Because I don’t want to wait 8 hours for the policy to be applied I will start a manual sync.
After 30 minutes my computer appears in the policy.
And when I try to sync files with OneDrive sync is not working.