Intune policies and configurations

Avatar
Nerdio Product Support

Intune policies and configurations

This article discusses how to manage assignments for compliance policies, configuration profile policies, and security policies through Nerdio Manager.

Assign policies and profiles in Nerdio Manager

In order to configure policies and profiles on devices, you need to assign policies and profiles to security groups and then manage Intune devices through security groups.

Note: If policy approval requests are enabled, any changes you make will take effect only after another user with approval permissions has reviewed and approved them. See Review and approve policy changes for details.

To include or exclude groups to an assigned policy or profile:

  1. Navigate to EndpointsPolicy Management.

  2. Navigate to the desired tab - Compliance Policies, Configuration Profiles, Security Baselines, Conditional Access, Intune App Policies, or Windows Update Policies.

  3. Locate the policy or profile you wish to work with and select Edit.or Edit or Restore.

  4. From the Edit Policy dialog box, select Assignments.

  5. Enter the following information:

    • Optionally, select Fill Assignment From Backup or Revert to Original Assignment to use a previous configuration.

    • Included Groups: From the drop-down list, select the groups to include.

      • All users: Select this option to create an assignment for all Intune licensed users in your organization.

        Note: You can only use the All users and All devices options for one type of assignment.

      • All devices: Select this option to create an assignment for all Intune enrolled devices.

    • Excluded Groups: From the drop-down list, select the groups to exclude.

      Note: Ensure that no group memberships overlap among the included and excluded groups. See the Microsoft article for more information.

  6. Once you have made the required selections, select Finish, which takes you to the review page.

  7. Review the configuration. Once you have confirmed the configuration:

    • If policy requests are enabled for your environment, enter a message for the approver, explaining why you are making the change.

    • If policy approval requests are not enabled, select Yes, I'm sure to confirm you understand that you are making changes to a live policy.

  8. Select Confirm.

The assignment task starts and its progress can be tracked in the Tasks section.

Once the task completes, you can view the number of assigned and excluded groups.

Remove assigned or excluded groups

Nerdio Manager allows you to remove assigned or excluded groups from policies and profiles.

Note: If policy approval requests are enabled, any changes you make will take effect only after another user with approval permissions has reviewed and approved them. See Review and approve policy changes for details.

To remove assigned or excluded groups from policies and profiles:

  1. Navigate to EndpointsPolicy Management.

  2. Navigate to the desired tab -- Compliance Policies, Configuration Profiles, Security Baselines, Conditional Access, Intune App Policies, or Windows Update Policies.

  3. Locate the policy or profile you wish to work with and select Edit.or Edit or Restore.

  4. From the Edit Policy dialog box, select Assignments.

  5. Locate the group you wish to remove and select X.

  6. Once you have made the required selections, select Review or Finish, which takes you to the review page.

  7. Review the configuration. Once you have confirmed the configuration:

    • If policy requests are enabled for your environment, enter a message for the approver, explaining why you are making the change.

    • If policy approval requests are not enabled, select Yes, I'm sure to confirm you understand that you are making changes to a live policy.

  8. Select Confirm.

JSON content editor features

The built-in JSON editor, used to create the policy, has the following features:

  • Field suggestions and auto-complete functionality.

  • Type validation includes basic type and Enum types.

  • Fields that are not present in the graph models are highlighted with warnings.

  • Right click for copy, paste, etc.

Create policies

Nerdio Manager allows you to create policies. This includes copying policies from policy backups and canned policies provided by Nerdio.

Note: If policy approval requests are enabled, any changes you make will take effect only after another user with approval permissions has reviewed and approved them. See Review and approve policy changes for details.

To create a policy:

  1. Navigate to EndpointsPolicy Management.

  2. From the tabs, select the type of policy you want to create - Compliance Policies, Configuration Profiles, Security Baselines, Conditional Access, Intune App Policies, or Windows Update Policies.

  3. From the bottom right-hand side of the page, select Create.

  4. In the Base Info section, enter the following information:

    • Policy type: From the drop-down list, select the policy type.

    • Policy template or backup: From the drop-down list, select the policy template you want to use, or choose from a backup.

    • Policy name: Enter a policy name.

    • Description: Enter a policy description.

      Note: When you create a conditional access policy, you also have the option to configure the Policy Action by selecting Report-only, On, or Off.

  5. Select Assignments, and enter the following information:

    • Optionally, select Fill Assignment From Backup or Revert to Original Assignment to use a previous configuration.

    • Included Groups: From the drop-down list, select the groups to include.

      • All users: Select this option to create an assignment for all Intune licensed users in your organization.

        Note: You can only use the All users and All devices options for one type of assignment.

      • All devices: Select this option to create an assignment for all Intune enrolled devices.

    • Excluded Groups: From the drop-down list, select the groups to exclude.

      Note: Ensure that no group memberships overlap among the included and excluded groups. See the Microsoft article for more information.

  6. Select Content and enter the policy content in JSON format. Optionally, you can copy and paste the JSON you previously saved to the clipboard.

  7. Once you have made the entered the new policy configuration, select Review or Finish, which takes you to the review page.

  8. Review the configuration. Once you have confirmed the configuration:

    • If policy requests are enabled for your environment, enter a message for the approver, explaining why you are making the change.

    • If policy approval requests are not enabled, select Yes, I'm sure to confirm you understand that you are making changes to a live policy.

  9. Select Confirm.

Edit policies and profiles

Nerdio Manager allows you to edit policies and profiles configurations using a JSON editor.

Note: If policy approval requests are enabled, any changes you make will take effect only after another user with approval permissions has reviewed and approved them. See Review and approve policy changes for details.

To edit policies and profiles:

  1. Navigate to EndpointsPolicy Management.

  2. Select the desired tab.

  3. Locate the policy or profile you wish to work with.

  4. From the action menu, select Edit or Restore.

    • Optionally, select Manage Backups, select the policy to restore from, and from the action menu, select Restore.

      Note: You have the option to restore Policy Only, Policy and Assignment, or Assignments only.

  5. Make all the desired changes.

  6. Review the configuration. Once you have confirmed the configuration:

    • If policy requests are enabled for your environment, enter a message for the approver, explaining why you are making the change.

    • If policy approval requests are not enabled, select Yes, I'm sure to confirm you understand that you are making changes to a live policy.

  7. Select Confirm.

Policies and profiles changes comparison across versions

Nerdio Manager allows you to compare policy changes across versions in a side-by-side view, with highlighting, to simplify the detection of changes or issues.

To compare policies and profiles changes across versions:

  1. Navigate to EndpointsPolicy Management.

  2. Select the desired tab.

  3. Locate the policy or profile you wish to work with.

  4. From the action menu, select Compare.

  5. Optionally, from the version drop-down lists, you can change the versions you wish to compare.

Bulk actions on policies and profiles

Nerdio Manager allows you to perform bulk actions on policies and profiles.

Note: If policy approval requests are enabled, any changes you make will take effect only after another user with approval permissions has reviewed and approved them. See Review and approve policy changes for details.

To perform bulk actions on policies and profiles:

  1. Navigate to EndpointsPolicy Management.

  2. Select the desired tab.

  3. Select the various policies or profiles you wish to perform a bulk action on.

  4. From the Bulk actions menu, select the bulk action you wish to perform.

    Some examples:

    • Assign selected

    • Policy action selected

    • Delete selected

    • Backup selected

Review and approve policy changes

If policy approval requests are enabled, all policy changes (including assignment, creation, and edits to existing policies) need to be approved by a user granted approval permissions via RBAC:

  • By default, users assigned the built-in Admin role can approve policy change requests, while users assigned the built-in Reviewer role have read-only access to change requests awaiting approval.

  • You can also enable users to view or manage policy change requests by adding the Intune permissions Read Approvals or Manage Approvals to a new or existing custom role.

To review and/or approve a policy change:

  1. Navigate to EndpointsApprovals.

    All approval requests, whether pending, approved, rejected, or canceled, appear in a tabular view.

  2. Optionally, select Filter and choose Pending from the statuses dropdown to display only requests awaiting review.

  3. Identify the policy change request you want to review, and click the details icon to open the review dialog. The Base info tab shows a summary of the request, including the requester's description of their changes and any review notes.

  4. Review all the proposed changes to the policy:

    • Select Content to view a diff of changes to policy parameters in the JSON editor.

    • Select Assignments to view any requested changes to the policy's assignments.

  5. Once you've reviewed the changes, enter a message to the requester in the Notes field.

    Tip: If you intend to reject the request and/or would like the reviewer to make further edits, provide clear guidance here.

  6. Check the I have reviewed these changes box to confirm that you've reviewed the request.

  7. If you have the necessary approval permissions, select either Approve or Reject.

    If you approve the policy changes, they will take effect immediately and, if applicable, the associated assignment tasks will start. You can track the task's progress in the Tasks section.

Backup and restore policies and profiles

Nerdio Manager allows you to backup and restore policies and profiles configurations. See Intune: Policies and profiles backup management for details.

Manage Windows drivers

Nerdio Manager allows you to manage Windows drivers from the Windows Update Policies.

To manage Windows drivers:

  1. Navigate to EndpointsPolicy Management.

  2. Navigate to the Windows Update Policies tab.

  3. Locate the Driver Update you wish to work with.

  4. From the action menu, select Manage Drivers.

  5. Select the driver you wish to work with.

  6. In the Actions drop-down, select Approve or Decline.

  7. Select Save.

Was this article helpful?

1 out of 1 found this helpful
Have more questions? Submit a request

Related articles

Comments (0 comments)

Article is closed for comments.