Category: Intune

A series of blogs and guides relating specifically to the configuration and administration of Intune.

Posted on

Microsoft Intune 15 – Attack Surface Reduction Rules.

If you haven't been following this series from the start, we have gone from setting up Intune from scratch which included device onboarding, autopilot, MDE, LAPs and compliance and configuration policies. This is part 15 in a step by step approach to securing endpoints and devices, with this guide covering Attack Surface Reduction (ASR) Rules. …

Continue reading "Microsoft Intune 15 – Attack Surface Reduction Rules."

Posted on

Microsoft Intune 14 – Block and Control Device Enrolment.

Intune allows us to control which device types can join Microsoft Entra based on the platform they have installed. As we have covered many times previously, there are no technical control silver-bullets in cyber security, however lot's of small configurations will add up to provide large returns in security posture and a reduction overall in …

Continue reading "Microsoft Intune 14 – Block and Control Device Enrolment."

Posted on

Microsoft Intune 13 – Configure Local Administrator Password Solution (LAPS).

To be honest this guide could sit in our securing Azure series under Identity Access Management, however as this is specifically for controlling Local Administrative accounts, and the policies sit within Intune, it does sit better within our Intune series. What is LAPS? Windows LAPS is a feature that allows us to manage and back …

Continue reading "Microsoft Intune 13 – Configure Local Administrator Password Solution (LAPS)."

Posted on

Microsoft Intune 12 – Enrol and configure iOS and iPadOS – Part 3

In part 1 and 2 we looked at creating our enrolment profile and configuration policy, and in this final part we will be creating our compliance policies, tagging devices as corporate owned and finally enrolling an iPad to show the complete onboarding process. There are two parts to compliance policies in Intune: Compliance policy settings – …

Continue reading "Microsoft Intune 12 – Enrol and configure iOS and iPadOS – Part 3"

Posted on

Microsoft Intune 11 – Enrol and configure iOS and iPadOS – Part 2

In the previous guide we created our Apple MDM certificate, and our enrolment profile. Next we need to create our compliance and configuration profiles. When creating our configuration profiles we need to pay attention to which ones apply to our enrolment method, as some settings are only available when using Apple School Manager or Apple …

Continue reading "Microsoft Intune 11 – Enrol and configure iOS and iPadOS – Part 2"

Posted on

Microsoft Intune 10 – Enrol and configure iOS and iPadOS – Part 1

We are going to look at how we can enrol iOS and iPadOS devices into Intune without having either Automated Device Enrolment (ADE), or Apple Configurator. The reason for this? As we have discussed throughout most of these blogs, most companies cannot afford all the bells and whistles so there's no point making guides that …

Continue reading "Microsoft Intune 10 – Enrol and configure iOS and iPadOS – Part 1"

Posted on

Microsoft Intune 9 – AAD Join and Intune Onboarding (User-Driven Autopilot).

In the previous eight guides we have setup Intune and Autopilot from scratch, and this guide is where we test the onboarding process by joining a device to AAD and then logging in with a user account which is a member of our Remote Users Group. (You should use a user account based on your …

Continue reading "Microsoft Intune 9 – AAD Join and Intune Onboarding (User-Driven Autopilot)."

Posted on

Microsoft Intune From Scratch 8 – Deployment Configuration (Autopilot).

We have completed the device configuration profiles, and our compliance policy, which means we now need to move onto deployment. Before we get into the configuration there are a few things to understand. During enrollment, Microsoft Intune installs a mobile device management (MDM) certificate on the device, which enables the two-way communication and is what …

Continue reading "Microsoft Intune From Scratch 8 – Deployment Configuration (Autopilot)."