Managing Device Security Policies
Start course

In this course, I will take you through the features provided by Microsoft 365 that allow you to monitor, protect, and manage devices across an organization. 

Learning Objectives

  • The differences and benefits of both the Configuration Manager and Microsoft Intune
  • What co-management is and what benefits it provides
  • The capabilities and differences between the MDM solutions provided within Microsoft 365, which are Basic Mobility and Security and Microsoft Intune
  • How other Microsoft tools integrate with MDM solutions to provide better security for organizations

Intended Audience

  • Users looking to learn about Managing Devices with Microsoft 365


  • Have a basic understanding of Microsoft 365

Microsoft's MDM solutions allow organizations to manage security of managed devices by enabling them to configure things like password requirements, device encryption settings, and even device features like microphone usage. These settings can be adjusted by creating policies for device configuration profiles, device compliance policies, and conditional access policies. Device configuration profiles are exactly what they sound like; they're profiles that specify how a device should be configured. 

This allows organizations to control things like password settings, restrict device features, and even limit access to things like the App Store and cloud storage. Device compliance policies are simply policies set by an organization that qualify a device as compliant. If a device does not meet all of the requirements set by the compliance policy, that device is considered non-compliant and the organization can choose how to manage them separately from compliant devices. Organizations can create compliance policies for things like requiring the use of a password, requiring device encryption, and requiring a minimum or maximum version of an operating system. Conditional Access Policies are a bit more in-depth as they allow for additional control over company resources and the access to them. Conditional access is a feature enabled through Azure AD. 

So, any organization looking to utilize these policies must have either an Azure AD Premium 1 or 2 license. To break these policies down into their simplest form, there are essentially conditions that must be met before given access. When a user attempts to access company data on a device, that policy will verify if certain conditions have been met. If that user and device have met the condition, then they're granted access to that data. However, if they have not met that, then they are prevented access to the data. Conditional access policies can check for things like device compliance, the actual location of the device attempting access, or even the sensitivity of the data being accessed. And since Intune is both a mobile device management solution and a mobile application management solution, these policies carry over to applications as well. Conditional access to data through applications, the movement of data and more are all able to be managed through these policies.


About the Author
Learning Paths

Lee has spent most of his professional career learning as much as he could about PC hardware and software while working as a PC technician with Microsoft. Once covid hit, he moved into a customer training role with the goal to get as many people prepared for remote work as possible using Microsoft 365. Being both Microsoft 365 certified and a self-proclaimed Microsoft Teams expert, Lee continues to expand his knowledge by working through the wide range of Microsoft certifications.