Microsoft 365 Mobility and Security:Exam Guide MS-101
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Policy options

Each platform has different policy configuration options, but most share some commonalities, as shown in the following screenshot:

Let's go over these different options:

  • Settings:
    • Device Health, including Google Play Protect settings:

    • Device Properties, specifically the minimum and maximum OS versions:

    • System Security, such as password requirements and app restrictions:

Your available settings will differ on each platform. For example, in the preceding screenshot, for Android, there are 10 settings available. However, for Windows 10 devices, we have additional options, such as minimum password length, as shown in the following screenshot:

  • Locations:
    • You can restrict your devices to specific locations:

Because we haven't created any locations yet, we can't select them for use in the policy. To create a location, follow these steps:

    1. Go to Device Compliance, select Locations, and click on Create. Fill in the specifications, as shown in the following screenshot.
    2. Once the locations have been configured, select Policies from the left-hand pane to resume the creation/modification of device compliance policies:

  • Actions for noncompliance:
    • From here, you can decide on what happens if a device is deemed noncompliant. By default, the device will just be marked as noncompliant and no further action will be taken. However, you can configure the policy so that it emails the user or even remotely locks the device if these issues aren't resolved within so many days of being identified as noncompliant.
    • If you do add additional actions, they will be listed in the order they will be executed in, based on the Schedule field of each action where you've specified the number of days to wait:
  • Scope (Tags):
    • Scope tags allow you to specify which profiles, policies, and devices admins have the ability to see and manage. For example, you could restrict a Midwest Admin group to only manage devices and policies with a Midwest scope tag assigned to them. In this section, we're considering this Scope (Tags) functionality as it relates to viewing and managing compliance policies.
You can find out more about scope tags at  https://docs.microsoft.com/en-us/intune/scope-tags.

Now that we've taken a look at many of the options we'll need to configure in our policy, let's create one.

上一章目录下一章