cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Profile Type Best Practice

Stuart King
Iron Contributor

‎Nov 30 2018 08:02 AM

‎Nov 30 2018 08:02 AM

Profile Type Best Practice

Hi All

 

Just a quick question, what do you guys do when implementing Device Configuration Profiles and what is the recommended Best Practice?

 

For example, 

 

1 X Device Restrictions Configuration Profile with multiple settings

1 X Endpoint Protection Configuration Profile with multiple settings etc

 

Logic: All Contoso.com's Device Restrictions in ONE profile

 

or

 

Multiple appropriately named Device Restrictions Configuration Profile with a single / specific setting

Multiple appropriately named Endpoint Protection Configuration Profile with a single / specific setting

 

Logic: One Device Restrictions Configuration Profile blocking the App Store, another may block Microsoft accounts etc etc

 

Be interested to see what methods people use.

 

Stuart

 

2,690 Views
0 Likes
1 Reply
Reply
1 Reply
Oliver Moazzezi

‎Dec 02 2018 09:08 AM - edited ‎Dec 02 2018 09:11 AM

‎Dec 02 2018 09:08 AM - edited ‎Dec 02 2018 09:11 AM

Re: Profile Type Best Practice

I think best practice dictates to sensibly name each policy you create, but to be honest how you go about planning your Intune roll out depends on the requirements you have for your Org.

 

I have consulted Orgs where one policy per corporate device type is all that is necessary. They had clear guidelines that there is only one agreed corporate policy per device type. Then, if personal devices are allowed, the creation of App Protection policies to allow that BYOD scenario.

 

However large Orgs will normally have different requirements, so if you are facing the scenario where you need multiple policies for different departments or business units, then that's fine - simply utilise a sound naming convention and utilise the description - and push the policies out based on 'assignment', based on Azure Security Groups that are again clearly labelled for their department and Intune purpose.

 

Whether you ultimately have to have multiple of each policy type will come out in the wash during your requirements planning, to see if certain global policies can be supported to minimise the total amount of policies you'll be creating.

 

Have fun!

0 Likes
Reply