How-to guide: Getting started with Microsoft Intune (part 3)


In this blog, we're going to talk about how to set up a configuration policy, Company portal and application management in Microsoft Intune. We've already discussed how to start with Microsoft Intune, user and group management in Microsoft Intune, assigning licenses.


Create a Compliance policy

The next step is to create device compliance policies for all the devices. Compliance policy in Intune defines the rules and settings that a device must comply with to be considered compliant by conditional access.


To create a new Compliance policy in Microsoft Endpoint Manager admin center, go to Devices -> Compliance policies on the pane.




Then, click Create policy and specify Name, Platform and Settings. Once you've configured all the settings, click OK to save the policy. Once the policy is created, you can assign this policy to devices or users.


Company portal configuration

Intune Company Portal allows company employees access to internal applications, resources, and data. As an administrator, you can customize the appearance of your Company Portal app, edit default settings, and create group-targeted policies. To do this, go to Microsoft Endpoint Manager admin center, select Tenant Administration -> Customization.




It's possible to add branding customization elements to the Company portal as follows:

  • Organization name.

  • Color.

  • Theme.

  • Add Organization logo and name in the header, etc.

Application management in Microsoft Intune

In Company Portal administrator, you can push, install, uninstall, and make available applications for all the users in the organization. The Company Portal will only display applications relevant to the type of device they're on or the platform they're using. Company portal supports Office 365 apps, Microsoft Store apps, iOS apps, or creating a custom Win32 app for deployment.


There are five types of apps supported with Intune to add and manage.

App type

Installation process

Update

Store apps (Microsoft Store, AppStore, Android Store)

Intune installs the app on the device

Automatic

Custom app (line-of-business – LOB)

You must supply the installation file and then Intune installs the app on the device

You must update the app by yourself

Built-in apps

Intune installs the app on the device

Automatic

Web-apps

A shortcut of the app is created on the device home screen

Automatic

Apps from other Microsoft services (Azure AD, Office Online)

Intune creates a shortcut to the app in the Company portal

Automatic

In Microsoft Intune, you can modify deployable applications to align them with your organization's compliance and security policies. Modification options include

  • Restricting copy-and-paste and save-as functions.

  • Configuring web links to open inside the Microsoft Edge app.

  • Enabling multi-identity use and app-level Conditional Access.

In this way, you can protect your company's data.

Pro Tip: To save your time, Scappman automates the process of packaging and deploying custom apps 😊

Intune provides 2GB of cloud-based storage during the trial. With a full subscription, storage is unlimited. Important: LOB apps have a maximum size limit of 8GB per app.

Pro Tip: With Scappman, you can deploy applications of any size

Add application

To add the application to your Intune portal, log in to your Endpoint Manager Admin Center. Go to Apps on the pane, then All apps. In the All apps menu, select Add and select App type.





In this example, we're going to add a custom LOB app. In Select app type, choose App package file. .msi, .appx, .appxbundle, .msix, and msixbundle are supported. When the package is uploaded, click OK to add the app. On the App information page, you can enter the following:

  • Name

  • Description

  • Publisher

  • App install context

  • Commands

  • Category

  • Information URL (optional)

  • Privacy URL (optional)

  • Developer (optional)

  • Owner (optional)

  • Notes (optional)

  • Logo


When you've finished, click Next. On the Scope screen, you can determine who can see the app information in Intune. The Assignment tab allows you to assign the app to the group. With the Review + Create tab, you can review all your settings, then click Create at the bottom. When created, you'll see the confirmation banner.



To know more about how to manage applications in Microsoft Intune and how Scappman can make this process easier read the article "How to manage private applications in Microsoft Intune?" .

Never miss an update on Scappman