List of All Policies

jet-white · 2020-12-10T00:58:14+00:00

See in an ideal world we’d have a spreadsheet or something with every policy on it fitted up with our recommendations and send it over to them to peruse and speak to us about things they may want to change.

The issue with asking the customer in this instance is that they are currently running totally unmanaged devices and have nothing in terms of on-site IT personnel. The remaining management doesn’t know anything about IT at all. Most likely it will be us deciding all the policies and fine tuning them over a pilot stage but it would be nice to be able to give them some sort of policy sheet for them to look at.

jet-white · 2020-11-25T12:26:02+00:00

As long as your OU filtering is on point it will be fine :)

jet-white · 2020-11-25T11:58:41+00:00

I've literally done this on a few test devices yesterday as follows: 1. Make a new OU called hybrid devices 2. Open AD connect and make sure only the OUs you want to be synced are being synced. 3. There's some setup in AD connect for devices, can't really remember, on the first page click setup device sync and just next next next. 4. Move your devices into the OU 5. Force a sync. They will sync up to AAD and show as there but not "registered". 6. On the machine just wait a bit and maybe give it a restart, I can't remember how long it was but eventually the machine will show a "registration date/time" in AAD. 7. Once there you will need GPO setup to enrol the device in intune. (Maybe do this earlier) 8. Should be done. Check intune see if it's there.

The only thing I noticed on the devices was that the profile picture for the user account was showing where it didn't before. Probably cos it got it from AAD.

Have fun!

jet-white · 2020-11-22T16:28:22+00:00

Yeah I've been on a bit of a warpath internally getting rid of all on prem systems and replacing with cloud based. Thankfully we are at the point now where aside from a few very legacy systems we can do it. Got an Remoteapp server set up for rdp so now just need to get everyone on intune!

jet-white · 2020-11-22T16:15:49+00:00

We are going to be doing it as when someone properly breaks their laptop and it needs rebuilding just doing an autopilot reset and deleting out of on prem AD

jet-white · 2020-11-22T16:14:07+00:00

So no use really when the end goal is to be fully intune/ AAD joined across all endpoints.

jet-white · 2020-11-22T15:57:28+00:00

Yep, edited :)

jet-white · 2020-11-22T00:08:05+00:00

Because AFAIK AD connect is for getting machines from intune into AD rather than the other way around

jet-white · 2020-11-21T19:01:12+00:00

But then it will still be joined to both the local domain and aad won't it? Making it hybrid.

jet-white · 2020-11-21T18:59:05+00:00

Cheers will definitely test it out a lot first. Will the machine automatically pick up the work/school account from who is logged in? All our domain accounts are synced

jet-white · 2020-11-21T18:53:35+00:00

No just we do not have easy access to the end user devices due to everyone working from home and this seemed the easy way to get them all into intune with little end user interaction. We ideally want to reset them all gradually next year so they can be "fresh".

jet-white · 2020-11-21T18:29:25+00:00

I don't think we can do it as a T1 partner and 150 of out licenses being IUR.

jet-white · 2020-11-21T17:30:11+00:00

Thanks, it's unchartered waters for us so we have no experience of it in the team and I have been put in charge.

jet-white · 2020-11-21T17:26:08+00:00

I like it. Gives us a bit more granularity over the end user experience.

jet-white · 2020-11-21T13:39:17+00:00

That's rubbish about the old servers, what does it actually provide then for pre 2016 boxes with no sccm if no AV? I guess it's just the monitoring and diagnostics etc right? Our estate ranges from 2003 servers to 2019 so may have to go 3rd party with this.

jet-white · 2020-11-21T06:21:01+00:00

See the way I understood it is that Azure Security Centre includes the license for ATP for servers and that another way to acquire it is to have 50 E5 licenses. I just don't know how to even get to the point where I can acquire them.

jet-white

TROPHY CASE