As an on-premises administrator working with Active Directory Domain Services (AD DS), you are probably familiar with using Group Policy Objects (GPOs) to configure your devices. One aspect of using GPOs is that it’s possible to use a single GPO linked to an organizational unit (OU) that contains many settings.
For example, you might create a GPO to configure device settings in the Research department, including security settings, application deployment, desktop configuration, and so on.
However, with Intune, you cannot create a single configuration profile that contains settings that will configure these different device configuration aspects; at least, not yet. But you can create the required device configuration profiles, application deployment settings, and so on, and use a policy set to assign these various elements in a single step.
Note Configuration Profiles
We’ll be talking about configuration profiles later in this chapter.
You can assign the following elements to your devices by using a policy set:
- Apps
- App configuration policies
- App protection policies
- Device configuration profiles
- Device compliance policies
- Windows autopilot deployment profiles
- Enrollment status page
To create policy sets, start by creating the required elements from the preceding list, but don’t assign them. Then, use the following procedure.
- Create an Azure AD security group that contains the devices you want to target with your policy set.
- In the Microsoft Intune admin center, navigate to Devices and then select Policy sets in the navigation pane.
- On the Policy sets page, click Policy sets.
- Click Create, and then, on the Create a policy set page, on the Basics tab, enter a Policy set name and Description and click Next: Application management >.
- Select the appropriate apps, app configuration policies, and app protection policies, and then click Next: Device management >.
Note Application Management
We’ll be talking about application management in the next chapter.
- On the Device management page shown in Figure 3-15, select the appropriate device configuration profiles and compliance policies, and then click Next: Device enrollment.
FIGURE 3-15 Configuring the device management settings in a policy set
- On the Device enrollment page, select any Windows Autopilot deployment profiles and enrollment status pages and then click Next: Assignments.
- Select the group you previously created on the Assignments page and then click Next: Review + create.
Note Don’t Mix Operating Systems
When you add profiles and policies to the policy set, selecting profiles and policies for different operating systems is possible. However, avoid this because it’s likely that your group will target devices of a specific operating system.
9. Review the information on the Review + create tab and click Create.
