In today’s Ask the Admin, I’ll show you how to add a Mobile Device Management (MDM) policy to Microsoft Intune, and make sure it gets applied to your devices.
In Microsoft Intune: Windows 10 Device Enrollment on the Petri IT Knowledgebase, I showed you how to set up Intune MDM autoenrollment of Windows 10 devices when they join an Azure Active Directory (Azure AD) domain. Once you have one or more devices enrolled with Intune, the next step is to create and apply an MDM policy. For more information about Microsoft Intune, see Introduction to Microsoft Intune on Petri IT Knowledgebase.
Create an MDM Policy in Intune
Before you can complete the instructions below, you will need both a trial Intune account and Azure Active Directory (Premium) subscription. You’ll also need a Windows 10 device that is already enrolled with your Intune tenant.
- Log in to the Intune management portal here in Internet Explorer. The portal isn’t currently compatible with Microsoft Edge.
- In the list of options on the left of the Intune portal, click POLICY.
- Under TASKS on the right of the portal, click Add Policy.
Add an MDM policy in Microsoft Intune (Image Credit: Russell Smith)
- In the Create a New Policy dialog box, expand Windows in the list of platforms on the left and then select General Configuration (Windows 10 Desktop and Mobile and later).
- Click Create Policy at the bottom of the Create a New Policy dialog box.
- In the Create Policy window, give the policy a name in the Name box.
- Scroll down the list of settings available in the policy and enable any of the settings as required. In this example, I’m going to the enable the Allow Cortana setting and set it to No.
Configure an MDM policy in Microsoft Intune (Image Credit: Russell Smith)
- When you’re done, click Save Policy.
- In the Do you want to deploy this policy now? window, click Yes.
- In the Select the groups to which you want to deploy this policy dialog box, expand All Mobile Devices in the Device Groups dialog box, and select All Direct Managed Devices from the list.
Deploy an MDM policy in Microsoft Intune (Image Credit: Russell Smith)
In a production environment, I recommend using groups to manage which enrolled devices receive policy. Selecting All Direct Managed Devices will apply policy to all enrolled devices.
- Click Add in the center of the Select the groups to which you want to deploy this policy dialog box to add All Direct Managed Devices to the list of Selected groups. Click OK to deploy the policy.
Synchronize a Device to Apply Policy
Let’s check if the new policy will be applied to devices at the next sync.
- Log in to a Windows 10 device that has already been enrolled with Intune.
- Click the Settings icon on the Start menu.
- In the Settings app, click Accounts.
- Click Access work or school on the left.
- On the Connect to work or school screen in the Settings app, click the connected account that is enrolled with Intune, and click Info.
Synchronize an enrolled client to receive a MDM policy (Image Credit: Russell Smith)
- Force a sync operation with the management server by pressing Sync.
- Once the sync operation has completed successfully, close the Settings app.
- If you try to use Cortana using the search box on the desktop taskbar, instead of Cortana, you’ll be offered to search the local device only.
In this article, I showed you how to create and deploy an MDM policy using Microsoft Intune, and how to ensure the policy is deployed to enrolled devices.