We all have been using Group Policies for decades for all of our on-prem domain joined machine. Now Microsoft has introduced, in preview, ADMX template style settings in Intune.
MS Docs for details. https://docs.microsoft.com/en-us/intune/administrative-templates-windows
- Assumption is you have some Intune knowledge and know how to assign profiles.
- To access the Preview, go into your Azure Portal – Microsoft Intune -> Device configuration – Profiles
Create a new profile
Name your profile, choose Windows 10 or Later as the platform, and Profile type is Administrative Templates (Preview)
- In the profile, choose Settings and you will see all the policies available (there are few pages).
5. In the filter, search for a policy setting if needed like the screen shot below or sort the columns accordingly.
6. Select a setting like I have below and choose an option (similar to GPO). For the Excel save setting, I chose the default to be Excel 5.0/95 Workbook so I can see the change (as Excel XLS is default anyways).
7. In my test I have chosen several different settings.
8. Assign the profile accordingly to your test group.
9. Monitor deployment status
10. Once the settings are applied, check the device for results.
The following text is from the MS docs site but screen shot from my lab (no need to recreate good document): https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1802#report-on-windows-autopilot-device-information
Windows AutoPilot is a solution for onboarding and configuring new Windows 10 devices in a modern way. For more information, see an overview of Windows AutoPilot. One method of registering existing devices with Windows AutoPilot is to upload device information to the Microsoft Store for Business and Education. This information includes the device serial number, Windows product identifier, and a hardware identifier. Use Configuration Manager to collect and report this device information.
In the Configuration Manager console, Monitoring workspace, expand the Reporting node, expand Reports, and select the Hardware – General node.
Run the new report, Windows AutoPilot Device Information and view the results.
In the report viewer click the Export icon, and select CSV (comma delimited) option.
To be able to review Windows 10 endpoints (Anniversary Update or higher) into Windows Defender ATP, you will need to onboard first. There are several ways to do so including scripts, Group Policy, Intune, Configuration Manager 2012 through current branch 1602. With the release of Configuration Manager branch update 1606, it now includes integrated Windows Defender ATP to be able to monitor and deploy the policies.
- To get started, login to the Windows Defender ATP site to download the policies https://securitycenter.windows.com/download
Choose the drop down Select your deployment tool, and select the System Center Configuration Manager (current branch) version 1606
- This will download a ZIP file with the onboarding package. Unzip it to where you can access it with ConfigMgr.
- Under Assets and Compliance, expand Endpoint Protection where you will see Windows Defender ATP Policies. Select Windows Defender ATP Policies , and click Create Windows Defender ATP Policy from the toolbar or right click.
- Follow the wizard to import the onboarding file you downloaded from the site. (NOTE: SCREENSHOT SHOWS OFFBOARDING, BUT SHOULD BE ONBOARDING)
- Once done, you will see the policies in the console. Right client or from the toolbar, click Deploy.
- You can do this for off-boarding as well. From the same site, you can select to download the off-boarding package and then follow the steps above to import into ConfigMgr.
On September 24, 2015 Microsoft announced support for iOS9 through he iOS9 extension for Microsoft Intune in Configuration Manager.
To enable the extension, go to your SCCM console (2012 R2 SP1 CU1). Under Administration, expand Cloud Services and click Extension for Microsoft Intune.
In the right pane, right click the iOS 9 Extension and click Enable (or from the toolbar). If you do not have CU1, this can fail.
Accept the License Terms – make sure you read all of it first 🙂
After couple of years of debates to do this or not, we have decided to move forward with this group. There is no similar group like this in Chicagoland area. We have done topics with the Chicago Windows User Group in the past and will continue to support them in joint events. However, the membership for a Windows user group vs. a System Center, EMS, datacenter and client management, is much different.
If you are in the Chicago area, please sign up.
The group is co-founded by Rich Lilly. Check out his blog here and follow him on Twitter
The following are quick steps to enroll the Microsoft Windows 10 Insiders Preview (as of build 10130) to Microsoft Intune in a hybrid environment with Microsoft System Center 2012 R2 SP1 Configuration Manager (SCCM).
This assume you have already configured Microsoft Intune into your SCCM environment.
- In the SCCM console, navigate to Administration -> Overview -> Cloud Services -> Microsoft Intune Subscriptions.
On the top ribbon bar, click the Configure Platforms button. Click Windows in the drop down
From the Microsoft Intune Subscription Properties, click the Enable Windows enrollment.
Log onto your Windows 10 desktop, go to Settings and choose Network and Internet
Click on Accounts and then Work access. On the Connect to work or school section, click the + Connect
Enter your work email address that are Intune enabled (an account that has synchronization between your on-premise Active Directory and Windows Azure Active Directory). After you click continue, you will be sent to the Microsoft site to authenticate.
Once done, you see the connected account on the main section.
In the SCCM console, you will now be able to see your newly enrolled device as a Mobile device. You will be able to deploy applicable compliance policies just like any other mobile devices in your organization.
As most have seen the blog announcing the Intune Mobile Application Management and Conditional Access for Outlook. At the very bottom, there is a Note about the hybrid customers (SCCM) availability that seems to be missed by few folks when they update to SP1.