Forum Discussion

samcook's avatar
samcook
Copper Contributor
Jun 03, 2020

Intune deployment help

Hi there,

Im new to the Intune and would like to roll out just for the laptop for now and later for cell phone and desktop.

I was able to work on the azure and was able to hybrid join for the laptops. Now I would like to know what direction I should move or the best practice to securing my laptops with less hassle or is possible zero touch deployment ?

I would like to secure the laptops in all cases ie, check for compliance polices, make sure windows up to date, Anti Virus, enable bitlocker and also would like to push out some bookmarks and basic apps like chrome, anti virus, office 365 apps.

Intune
mobile device management (mdm)

7 Replies

  • Thijs Lecomte's avatar
    Thijs Lecomte
    Bronze Contributor
    Jun 04, 2020
    If you are getting started in Intune, check out the Intune.Training Youtube series.
    It's created by MVP's which go over every aspect from Intune
  • Moe_Kinani's avatar
    Moe_Kinani
    Bronze Contributor
    Jun 04, 2020
    Hi Sam,

    Device Compliance Policies:

    http://www.rebeladmin.com/2018/12/step-step-guide-microsoft-intune-device-compliances/

    Enable Silent Bitlocker:

    https://www.inthecloud247.com/windows-10-failed-to-enable-silent-encryption/

    Bookmarks on Edge:

    https://www.inthecloud247.com/controlling-managed-favorites-for-edge-with-microsoft-intune/

    Install Office:

    https://allthingscloud.blog/deploy-office-365-with-microsoft-intune/

    Install Chrome, same principle apply for other exe or MSI files:

    https://www.robinhobo.com/how-to-deploy-win32-applications-with-microsoft-intune/

    Good luck!
    Hope this helps!
    Moe


    • samcook's avatar
      samcook
      Copper Contributor
      Jun 04, 2020

      Moe_Kinani 

       

      Hello

       

      Thank you for your reply but none of these guide shows how to manage AAD hybrid join PCs/Laptop.

       

      I'd setup the Deployment profile in Intune Portal and assign it to the test computer groups but none of the PCs are showing up there.

      I also add some security policies and compliance polices and not seeing delivered to the PC at all.

       

      BTW, Im not testing within the domain network, I've joined the PC to domain and setup for AAD hybrid and now I want to see how can I manage that PC outside of corporate network. But none of my test PCs are showing up under Intune managed device, what Im doing wrong here ?

      • Moe_Kinani's avatar
        Moe_Kinani
        Bronze Contributor
        Jun 04, 2020
        Hi Sam,

        The Config Policies that I sent apply to AAD and Hybrid AAD.

        In order to see your pcs in Intune devices, you need to enroll them to intune (This Applies to all existing PCs that not enrolled with AutoPilot)

        https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enroll

        https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy

        You can also enroll the PCs manually (not from gpo) from Work or School Accounts-> I think Device Enrollment.

        I usually prefer to sync devices to AAD so I can assign the policies for Devices not users.

        Hope this helps!
        Moe

Resources