Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Modern Device Management Intune Policies vs Group Policies

2,723 views

Published on

Intune Policies vs Group Policies - Vimal Das and Anoop Nair
https://www.anoopcnair.com/download-powerpoint-slides-bitpro-gab-2018-overview/

Published in: Technology
  • Login to see the comments

  • Be the first to like this

Modern Device Management Intune Policies vs Group Policies

  1. 1. ANOOP C NAIR 17+ YEARS OF EXPERIENCE IN IT MICROSOFT MVP/VEEAM VANGUARD @ANOOPMANNUR WWW.ANOOPCNAIR.COM HTTP://WWW.YOUTUBE.COM/C/ANOOPCNAIRSCCM
  2. 2. VIMAL DAS 12+ YEARS OF EXPERIENCE IN IT PRINCIPAL CONSULTANT HTTPS://TWITTER.COM/VIMALVMD HTTPS://WWW.ANOOPCNAIR.COM/AUTHOR/ VIMALDAS/
  3. 3. AGENDA • WHY MODERN MANAGEMENT • MANAGEMENT OPTIONS • MDM ARCHITECTURE • GROUP POLICY DEAD? • BLUETOOTH FILE TRANSFER • OUT OF BOX OPTIONS • MDM VS GP • DEMO SCENARIO - EXAMPLE • UNDERSTANDING KEY EVENTS • MDM DIAGNOSTICS REPORT • EVENT VIEWER AND REGISTRY • CHALLENGES ?
  4. 4. WHY MODERN MANAGEMENT ? • WORLD IS CHANGING • DESTRUCTIVE PHASE • REDUCTION OF OPERATING COST • EASY MANAGEMENT VIA INTERNET
  5. 5. MANAGEMENT OPTIONS IDENTITY GROUPING MANAGEMENT
  6. 6. MDM ARCHITECTURE SERVER SIDE MDM CLIENT COMMON DEVICE CONFIGURATOR MDM CSP
  7. 7. INTUNE POLICY OPTIONS • OUT OF BOX INTUNE CONSOLE (EASY) • CUSTOM CSP > OMA – URI (MEDIUM) • ADMX FILES (COMPLEX)
  8. 8. GROUP POLICY DEAD? • PARITY BETWEEN WINDOWS 10 CSP & GPO? • GROUP POLICY ROADMAP • LONG TERM & SHORT TERM • SOME EXAMPLES
  9. 9. BLUETOOTH FILE TRANSFER • NO GROUP POLICY TO PREVENT FILE TRANSFER • POWERSHELL SCRIPT USING WMI BRIDGE • DEPLOY THE SCRIPT VIA SCCM • BEST OPTION?
  10. 10. INTUNE OUT OF BOX OPTIONS • INTUNE OUT OF BOX OPTIONS • EASY TO IMPLEMENT? • ADD ALLOWED BLUETOOTH SERVICES • ASSIGN CONFIGURATION POLICY TO DEVICES
  11. 11. INTUNE POLICY (CSP) WIN OVER GP • BY DEFAULT, GP HAVE HIGHER PRECEDENCE OVER CSP WHEN THERE IS A SETTING CONFLICT • STARTING WITH WINDOWS 10 1803, CSP CAN OVER RIDE GP
  12. 12. DEMO 1 Out of Box Policies – Blue tooth Home page GPO setup(GPO MGMT) Home Page config Intune policy setup ( CSP) MDM Wins Over GP Intune policy setup (CSP)
  13. 13. DEMO SCENARIO - EXAMPLE • DEPLOYED HOME PAGE URL USING INTUNE CSP AND GP
  14. 14. UNDERSTANDING THE WORKFLOW MDM Diagnostics report Event Viewer Registry
  15. 15. MDM DIAGNOSTICS REPORT
  16. 16. EVENT VIEWER AND REGISTRY • APPLICATIONS AND SERVICES LOGS > MICROSOFT > WINDOWS > DEVICEMANAGEMENT-ENTERPRISE- DIAGNOSTIC-PROVIDER • “MDMWINSOVERGP” VALUE CHANGES FROM 0 TO 1 AFTER APPLYING THE CSP • EXISTING GP VALUE SAVED BEFORE CSP TAKE PRECEDENCE
  17. 17. CONT.........EVENT VIEWER AND REGISTRY • EXISTING GP VALUE SAVED IN REGISTRY • GP ENFORCEMENT FOR THE HOME PAGE VALUE IS BLOCKED • GP VALUE GETS DELETED
  18. 18. EVENT VIEWER AND REGISTRY • FINALLY, INTUNE CSP WINS OVER GP. • INTUNE CSP CONFIGURES “HOME PAGE” VALUE.
  19. 19. DEMO 2 MDM Diagnostics report Event ViewerRegistry
  20. 20. CHALLENGES ? • GROUP POLICY PREFERENCES • COMPLEX TO IMPLEMENT? • ADMX CONFIGURATION IS NOT EASY AND TIME CONSUMING • STEEP LEARNING CURVE • ALL THE WINDOWS CSPS ARE SUPPORTED BY INTUNE?

×