In late June I was approached to record some short technical overview videos on Microsoft 365 Business, and now that they are recorded and published, it’s time to review them, and provide some additional resources and any important updates since the content was created. This is the seventh video in the series, and the focus is on managing Windows 10 devices via the Microsoft 365 Business Admin Center.
This video provides an introduction to the Windows 10 management capabilities that Microsoft 365 Business provides via Microsoft Intune. The Admin Center provides some easy to enable security policies that allow the centralised configuration of several Windows Defender settings, enabling BitLocker and several more. The first screenshot below is for devices that will be managed via Intune's Mobile Device Management capabilities.
Secure Windows 10 devices policy options
If you don't want to do device management, and instead want to focus on application management to protect company data, you have options for both personal and company owned devices. The idea with application management, especially when working with a user's personal device, is that you really just want to protect your company data and control how it can be used. You can see in the screenshot below that we can specify trusted locations and trusted apps. Much like the list of apps that was featured in the managed application option mentioned in the iOS and Android post, this is not an extensive list, but rather, a list of what the M365B team has chosen to expose natively. If you need to step outside of these apps, all you need to do is jump over to Intune in the Azure Portal.
Application management for Windows 10 policy options
While you might already have your own naming schemes for policies, my recommendation here is to make sure you include something specific in the name to signify that it was created in the Admin Center, and then not edit elements of that policy natively in Intune. Instead create additional policies for extra management capabilities you may require, rather than make changes to an Admin Center created policy that may not be correctly interpreted once it's back in the Admin Center view.
In the next post I'll be covering some additional Windows 10 management capabilities that Microsoft 365 provides, and how we can leverage the Azure portal to access the additional capabilities that Microsoft Intune provides.
Earlier posts in this series can be found here