MD-101-Manage Policies and Profiles Summary

  • devices can be managed joinedly in both System Center COnfiguration Manger and Microft Intune. That is called co-management.
  • Intune can take precedence over GPOs starting 1803.
  • MDM Migration Analysis Tools checks for GPOs that can be implemented with the MDM.
  • Conditional access policies check conditions before access to corporate resources is granted.
    • Conditions can be:
      • controlled apps
      • controll of device requirements like encryption of the drives, jail brake etc.
      • etc.
    • Azure AD evaluates them.
    • A test plan should be created when they are implemented.
  • Devices will check their compliance status periodically with Intune.
    • Intune device configuration policies -> device settings in the MDM
    • Intune can deploy powershell scripts to windows devices.
      • This allows for the deployment of win32 applications for instance.
    • scope tags -> filter intune policies to Azure AD groups
    • custom policies with OMA-URI policies (Open Mobile Alliance Uniform Resource Identifier) possible
  • User profiles types:
    • Local
    • Roaming - profile copy stored on the network (server share)
    • Mandatory - fixed user profile, only admin can change them
      • set up by renaming NTuser.dat to NTuser.man for roaming profiles
    • Super-Mandatory - mandatory profile stored on the network
      • set up by renaming profile folder \\server\profiles\user1.v6 -> \\server\profiles\user1.man.v6 for mandatory
    • Temporary
Abgerufen von „https://wiki.lehmann.systems/index.php?title=MD-101-Manage_Policies_and_Profiles_Summary&oldid=173