Windows Intune Policy Life Cycle
Updated: November 1, 2013
Applies To: Windows Intune
The implementation of Windows Intune Policy is an efficient way to ensure that all of the computers and mobile devices in your organization “play by the same rules.” By choosing from the many available configuration settings, you can create policies to replicate identical and optimal behaviors on every computer throughout your organization, from scanning all downloads, to enabling or disabling Windows Firewall, to tracking instances of resolved malware over a specified number of days.
The policy lifecycle is divided into the following four basic stages.
The first step in the policy lifecycle is to capture the intention of the administrator or IT Professional. To facilitate this, Windows Intune offers dozens of specific policy settings, which are contained in four overall templates: Windows Intune Agent Settings, Windows Intune Center Settings, Windows Firewall Settings, and Mobile Security Policy. By configuring these settings appropriately and saving them, you create detailed policies to meet the requirements of your organization.
When a new policy is saved, Windows Intune prompts the administrator to deploy it. The Manage Deployment dialog box displays a tree-view list of groups that the policy can be deployed. The administrator identifies and selects the appropriate groups to which this policy will be applied.
Clicking OK at the end of the Deploy stage causes the new policy information to be propagated to all of the targeted computers and mobile devices, where the changes are enacted. Should a new policy setting conflict with an existing policy, the conflict is automatically resolved. For more information about how policies are applied and how policy conflicts are handled, see How Windows Intune Policies are Applied.
Reporting is the process of aggregating compliance and configuration data from managed nodes, and then alerting the administrator to any instances of noncompliance. When an alert appears in the Windows Intune administrator console, the administrator can drill down for a detailed status report. In addition, troubleshooting information is available to help bring a computer or mobile device that is noncompliant back to being compliant.
Policy is reported in two stages: First, the Policy Summary displays an aggregate policy status from all computers and mobile devices. Secondly, from here, the administrator can drill down to the properties of the computer or mobile device and select the Policy page which compares the administrator’s intent to the actual current state of every setting from all deployed policies on a specific computer or mobile device.