Configure security policy for mobile devices in Microsoft Intune
Updated: May 18, 2015
Applies To: Microsoft Intune
Microsoft Intune uses policies that help you to configure many security and functional settings for enrolled mobile devices, including:
Hardware settings, like allowing use of the devices camera, or Bluetooth capability
Password settings including password length and quality
Allowed and blocked apps let you configure apps that are compliant, or noncompliant in your organization, and then report on devices that are not compliant (for Windows Phone devices, you can block apps from being installed, or used.
Kiosk mode settings that allow you to ‘lock down’ certain features of the device like allowing only one app to run, or disabling the power button and volume controls.
Use the information in this topic to help you decide which policy you need to use to manage your devices.
Use this table to help you decide which policy to use to manage your devices.
You want to
Use this policy
Manage mobile device security settings
Manage other mobile device settings that are not available from a configuration policy
Manage mobile device security settings on devices that are managed by Exchange ActiveSync
Manage mobile device security settings using the mobile device security policy
When conflicts occur due to multiple Intune settings being applied to a device, the following rules apply:
If the conflicting settings are from an Intune configuration policy and a compliance policy, the settings in the compliance policy take precedence over the settings in the configuration policy, even if the settings in the configuration policy are more secure.
If you have deployed multiple compliance policies, the most secure of these policies will be used.