MD-101-Manage Policies and Profiles Summary: Unterschied zwischen den Versionen
| Zeile 10: | Zeile 10: | ||
** A test plan should be created when they are implemented. | ** A test plan should be created when they are implemented. | ||
* Devices will check their compliance status periodically with Intune. | * Devices will check their compliance status periodically with Intune. | ||
| + | ** Intune device configuration policies -> device settings in the MDM | ||
| + | ** Intune can deploy powershell scripts to windows devices. | ||
| + | *** This allows for the deployment of win32 applications for instance. | ||
| + | ** scope tags -> filter intune policies to Azure AD groups | ||
| + | ** custom policies with OMA-URI policies (Open Mobile Alliance Uniform Resource Identifier) possible | ||
| + | * User profiles types: | ||
| + | ** Local | ||
| + | ** Roaming - profile copy stored on the network (server share) | ||
| + | ** Mandatory - fixed user profile, only admin can change them | ||
| + | *** set up by renaming NTuser.dat to NTuser.man for roaming profiles | ||
| + | ** Super-Mandatory - mandatory profile stored on the network | ||
| + | *** set up by renaming profile folder \\server\profiles\user1.v6 -> \\server\profiles\user1.man.v6 for mandatory | ||
| + | ** Temporary | ||
[[Category:MD-101]] | [[Category:MD-101]] | ||
Aktuelle Version vom 8. November 2019, 04:07 Uhr
- devices can be managed joinedly in both System Center COnfiguration Manger and Microft Intune. That is called co-management.
- Intune can take precedence over GPOs starting 1803.
- MDM Migration Analysis Tools checks for GPOs that can be implemented with the MDM.
- Conditional access policies check conditions before access to corporate resources is granted.
- Conditions can be:
- controlled apps
- controll of device requirements like encryption of the drives, jail brake etc.
- etc.
- Azure AD evaluates them.
- A test plan should be created when they are implemented.
- Conditions can be:
- Devices will check their compliance status periodically with Intune.
- Intune device configuration policies -> device settings in the MDM
- Intune can deploy powershell scripts to windows devices.
- This allows for the deployment of win32 applications for instance.
- scope tags -> filter intune policies to Azure AD groups
- custom policies with OMA-URI policies (Open Mobile Alliance Uniform Resource Identifier) possible
- User profiles types:
- Local
- Roaming - profile copy stored on the network (server share)
- Mandatory - fixed user profile, only admin can change them
- set up by renaming NTuser.dat to NTuser.man for roaming profiles
- Super-Mandatory - mandatory profile stored on the network
- set up by renaming profile folder \\server\profiles\user1.v6 -> \\server\profiles\user1.man.v6 for mandatory
- Temporary