Intune Policy: Account-level General Management
This topic discusses general Intune policy management at the Account level.
Intune-only Accounts Limitations
Intune-only accounts are accounts that do not have an AVD subscription. These accounts have the following limitations:
They may only manage Intune policies.
Only MSP-assigned certificates are available.
Private repositories at the customer level, both WinGet and Shell Apps, require an Azure subscription, so they are not available.
Shell Apps can only be the target to non-Intune targets, so they are not available.
Manage Policies and Profiles at the Account Level
Once policies and profiles are assigned to an account at the MSP level, Nerdio Manager allows you to include or exclude groups within the assigned policies and profiles.
To include or exclude groups to an assigned policy or profile:
In Nerdio Manager, at the Account level, navigate to Policy Management.
Select Configuration profiles, Compliance policies, Configuration profiles, Security baselines, App Management, Update Rings, MAM, Autopilot Profiles, Enrollment Status Pages, or Endpoint Security Policies.
For example:
Locate the policy or profile you wish to work with and select Assign.
Enter the following information:
Included Groups: From the drop-down list, select the groups to include.
All users: Select this option to create an assignment for all Intune licensed users in your organization.
Note: You can only use the All users and All devices options for one type of assignment.
Optionally, from the drop-down lists, create an include/exclude filter by user type.
All devices: Select this option to create an assignment for all Intune enrolled devices.
Optionally, from the drop-down lists, create an include/exclude filter by device type.
Excluded Groups: From the drop-down list, select the groups to exclude.
Once you have made the desired selections, select Confirm.
The assignment task starts.
Track the assignment task's progress in the Tasks section.
Once the task completes, you can view the number of assigned and excluded groups.
To manage Conditional Access policies:
In Nerdio Manager, at the Account level, navigate to Policy Management > Conditional access.
In the Conditional Access Policies section, locate the policy you wish to work with and select Assign.
Enter the following information:
Assignments: Select whether to include all users or only selected users and groups.
Included Users and Groups: From the drop-down list, select the users and groups to include.
Excluded Users and Groups: From the drop-down list, select the users and groups to exclude.
Enable policy: Select whether the policy should be enabled, disabled, or for reporting only.
Once you have entered all the desired information, selectConfirm.
To remove assigned or excluded groups from policies and profiles at the Account level:
In Nerdio Manager, at the Account level, navigate to Policy Management.
Select Configuration profiles, Compliance policies, Security baselines, Conditional access, App Management, Update Rings, MAM, Autopilot Profiles, Enrollment Status Pages, or Endpoint Security Policies.
Locate the policy or profile you wish to work with.
Select Assign.
Locate the group you wish to remove and select either X.
Once you have removed all the desired groups, select Confirm.
Bulk Actions on Policies and Profiles at the Account Level
Nerdio Manager allows you to perform bulk actions on policies or profiles.
To perform bulk actions on policies and profiles at the Account level:
In Nerdio Manager, at the Account level, navigate to Policy Management.
Select Configuration profiles, Compliance policies, Configuration profiles, Security baselines, Conditional access, App Management, Update Rings, MAM, oAutopilot Profiles, Enrollment Status Pages, or Endpoint Security Policies.
Select the policies or profiles you wish to perform bulk actions on.
Once you have selected all the desired policies or profiles, at the bottom of the table select Select bulk action, and then select any of the relevant actions that apply to the policies or profiles.
Manage Policies and Profiles at the Account Level via the Microsoft Endpoint Manager admin center
You may also manage policies and profiles are assigned to an account using the Microsoft Endpoint Manager admin center.
Note: All changes made using the Microsoft Endpoint Manager admin center are reflected in Nerdio Manager. Conversely, all changes made in Nerdio Manager are reflected in the Microsoft Endpoint Manager admin center.
To manage policies and profiles at the Account level via the Microsoft Endpoint Manager admin center:
Sign in to the Microsoft Endpoint Manager admin center with your Account Azure tenant.
Select a desired policy or profile.
Optionally, you may change the groups to include and exclude. In addition, you may create a new profile.
Note: All changes made using the Microsoft Endpoint Manager admin center are reflected in Nerdio Manager.
Manage Intune Devices through Security Groups
Nerdio Manager allows you to associate Intune devices to security groups.
To associate Intune devices to security groups:
In Nerdio Manager, at the Account level, navigate to Groups.
Locate the security group you wish to work with.
Note: The option Manage Intune Devices is not available for Microsoft 365 groups.
From the action menu, select Manage Intune Devices.
Select the Members to assign to the Group.
Once you have made all the desired selections, select Confirm.
Optionally, sign in to the Microsoft Endpoint Manager admin center with your Account's Azure tenant.
Navigate to the security group. The assigned device is shown.
Navigate to Devices > Configuration policies, in the Properties tab for "Intune data collection policy," you can see the new device.
Comments (0 comments)