Export (0) Print
Expand All

Use policies to manage computers and mobile devices in Windows Intune

Updated: June 30, 2014

Applies To: Windows Intune

Windows Intune Policies are groups of settings that control features on computers and mobile devices like software updates, Endpoint Protection, Windows Firewall settings, and the end-user experience in the Windows Intune Center. You create policies using templates that contain recommended or customized settings, and then deploy them to device or user groups.

In the Policy workspace, a status summary and alerts identify issues that require your attention. Additionally, a status summary appears on the System Overview page.

The following policies are available to manage computers and mobile devices. You can create multiple templates to create distinct sets of policies that you deploy to different groups of managed devices.

 

Policy template When to use it

Mobile Device Security Policy

Configures settings for mobile devices including:

  • Security

  • Encryption

  • System

  • Email

  • Applications

This type of policy can be deployed only to groups of users.

For more information about the settings you can configure for mobile devices, see Configure policy for mobile devices in Windows Intune.

Windows Firewall Settings

Configures Windows Firewall settings and exceptions for common network communications on computers, including:

  • BranchCache

  • Remote Assistance

  • Media sharing

This type of policy can be deployed only to groups of devices.

For more information about the Windows Firewall settings you can configure for computers, see Help secure your computers with Endpoint Protection and Windows Firewall policy for Windows Intune.

Windows Intune Agent Settings

Configures the Windows Intune client on computers, including settings for:

  • Endpoint Protection

  • Software updates

  • Policy check schedule

This type of policy can be deployed only to groups of devices.

Windows Intune clients download new and updated policy according to the Update and application detection frequency setting, which defaults to 8 hours. However, you can force a refresh of policy on computers at any time.

For more information about the Windows Intune Agent settings you can configure on computers, see Keep your computers up to date with software updates in Windows Intune.

Windows Intune Center Settings

Configures details that appear in the Windows Intune Center on managed computers (available as a custom policy only).

This type of policy can be deployed only to groups of devices.

For more information about the Windows Intune Center settings you can configure, see Manage computers with Windows Intune.

When a setting is configured in two policies that are both deployed to the same device, the policy settings applied are determined as follows:

  • If a device is a member of two groups, each with different policies applied, the policy associated with the deepest group in the group tree structure is applied. You can view the device group tree structure in the Groups workspace.

  • If both policies are deployed to the same group, or if both groups are at the same depth in the group tree structure, the setting from the policy with the most recent Last Modified Time wins.

  1. In the Windows Intune administration console, click Policy > Overview > Add Policy.

  2. In the Create a New Policy dialog box, select a template on which to base the new policy, and then do one of:

    • Create and Deploy a Policy with the Recommended Settings, then click Create Policy.

    • Create and Deploy a Custom Policy, then click Create Policy. Configure a name, and optional description for the policy, configure the required policy settings, and then click Save Policy.

      In the confirmation dialog box, click Yes to deploy the policy now, or click No to create the policy without deploying it.

  3. In the Manage Deployment dialog box:

    • To deploy the policy - Select one or more groups to which you want to deploy the policy, click Add > OK.

    • To close the dialog box without deploying it - Click Cancel.

You can view the new policy on the All Policies page of the Policy workspace.

When you create a policy that uses the recommended settings, the name of the new policy is a combination of the template name, date, and time. When you edit the policy, the name updates with the time and date of the edit.

  1. In the Windows Intune administration console, click Policy > All Policies.

  2. Select one of the actions in the following table:

     

    Action More information

    Edit

    Opens the properties for the selected policy to allow you to make changes.

    Delete

    Deletes the selected policy.

    When you delete a policy, it is removed from all groups to which it was deployed. Settings that the policy configured are then reset as follows:

    Manage Deployment

    In the Manage Deployment dialog box, select the group you want to deploy the policy to and click Add.

  1. In the Windows Intune administration console, click Groups, and then select a device group.

  2. Select the devices on which you want to refresh the policies, and then click Remote Tasks > Refresh Policies.

  3. Click Remote Tasks in the bottom-right corner of the Windows Intune administrator console window to check the task status.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft