Intune: Policy Studio
The Policy Studio feature in Nerdio Manager simplifies the management of Intune policies by providing you with a single, intuitive management view for reviewing, editing and assigning Intune policies. Within Policy Studio, you can:
Edit policies using a simplified graphical "building blocks" interface, which automatically updates the underlying JSON policy content
Discover which policies propagate to which devices, groups and users, greatly enhancing the visibility of the resultant endpoint configuration
Identify and resolve conflicts where multiple policies assigned to the same device or group attempt to apply different values to the same setting
Review policy inheritance.
Policy Studio consists of two management views:
Settings Explorer
The Settings Explorer page allows you to quickly search for and edit Intune policy settings and assignments. You can edit a policy either in the Builder view, which offers a user-friendly graphical user interface with toggle switches and dropdown menus to allow rapid and intuitive value selection, or and the Advanced view, which allows you to edit the raw policy JSON content.
To safeguard against misconfigurations, the Policy Studio editor fully supports Nerdio Manager's suite of change management features, including:
Policy approval workflows, to ensure that changes receive administrative approval
Automatic policy backup, to ensure that recovery to a known good configuration state is always possible.
Policy Results
The Policy Results page provides a comprehensive overview of the policies and settings that propagate to a specific set of users, targets and groups. This is particularly useful for scenarios where you need to quickly discover and analyze all the policies applied to a specific target, to identify and remediate any duplications and conflicts, or to reduce the complexity of a target's policy set.
You can view Policy Results in one of two views:
Policy View, a top-down view that displays the policy as the top-level item, with individual settings nested below
Settings View, a bottom-up view that displays settings and their computed values as the top-level item with the associated polices nested below, allowing you to identify conflicts and duplicates, edit any problematic policies to address these issues, and verify the resolution of the issue at the target level.
Availability
This feature is in Public Preview.
The feature is available in the following Nerdio Manager plans:
AVD Core |
|
AVD Premium |
|
Windows 365 |
|
Unified Endpoint Management |
Limitations and known issues
Issue/limitation |
Impact |
Mitigation/planned fix |
|---|---|---|
During its initial Public Preview phase, Policy Studio supports Windows policies only. |
Policies applying to non-Windows devices can't currently be edited and managed in Policy Studio. |
Support for non-Windows policies is planned for a future release. |
During its initial Public Preview phase, Policy Studio supports only Configuration Profile policy types created using the Settings Catalog. |
Other types of policies can't currently be edited and managed in Policy Studio. |
Support for different policy types will be introduced over subsequent releases. |
During its initial Public Preview phase, Policy Studio does not display inheritance for User policies. |
You can currently view inheritance for Device policies only. |
Support for User policy inheritance is planned for a future release. |
During its initial Public Preview phase, Policy Studio may not support some multi-option policies. |
|
Policy support will be extended and refined over subsequent releases. |
Role-based access control (RBAC) and permissions
Nerdio Manager roles
Managing Intune policies in Policy Studio requires the Admin Nerdio Manager role .
Nerdio Manager access levels
Following the Principle of Least Privilege (PoLP), you can define one or more Nerdio Manager custom role(s) to view and manage Intune policies in Policy Studio. Custom roles require permissions in the Endpoint Management > Intune module, as follows:
To view policy details in Policy Studio, the Read Devices permission is required.
To edit policy details in Policy Studio, the Manage Devices permission is required.
Note: As support for different policy types is expanded in subsequent releases, additional permissions, including as Read/Manage Policies and Read/Manage Applications and App Policies, will eventually be required.
Graph API permissions
The Nerdio Manager application requires either the DeviceManagementConfiguration.Read.All permission(to display Intune policies in read-only mode) or DeviceManagementConfiguration.ReadWrite.All permission (to edit policies). These permissions can be assigned either in User or Application mode. To grant the necessary permissions, configure the Intune integration to allow read or read/write access to Intune-managed devices.
Procedure
Policy Studio: Audit and manage Intune policies
Deployment considerations
Required resources
Policy Studio requires no additional resources to be deployed to your Azure tenant.
Scaling considerations
No additional preparation or configuration is necessary when deploying Policy Studio at scale.
Help and support
Contact us
Contact our Sales team for more information about this feature.
Raise a support ticket about this feature.
Comments (0 comments)