Microsoft 365 Device Management / Intune best practices checklist

Back to Blog

Microsoft 365 Device Management / Intune best practices checklist

Update: Downloadable, printable copies of the Microsoft 365 Best practices checklists and guides are now available for purchase at GumRoad. Thanks for your support!

Similar to the checklist for Azure AD which I recently published, this resource is designed to get you up and running quickly with what I consider to be a good “baseline” for most small and mid-sized organizations. I have also updated the Azure AD checklist with this release, based on reader feedback, and to standardize the format for each guide.

As with previous projects in this “Best Practices” vein, I have published the material to OneDrive, where it will be kept up-to-date (no promises on how often just yet):

When it comes to Device management, the vast majority of settings and policies are optional, but the idea here is to create an environment that enables users to be productive, while keeping them safe at the same time. Note: I have previously shared some compliance policies and device profiles that can be imported from JSON via PowerShell.

The most important thing we’re going to do is configure device compliance. This becomes extremely powerful when it is combined with device-based Conditional access, which we covered in our Azure AD best practices checklist. That’s because the device literally becomes part of your identity, and its compliance status can become a factor in granting or denying access to resources.

Summary of the checklist with links to Microsoft sources:

Comments (2)

  • Jesse Vaught Reply

    I’ve been devouring all your excellent posts on MDM/MAM. Thank you SO much for sharing your work!
    In the accompanying script: “Install-BYODMobileDeviceProfiles.ps1”, I noticed you have a compliance policy for Android, iOS, and MacOS but not for Windows. What do you recommend for a baseline Windows 10/11 compliance policy for SMB?

    March 24, 2022 at 1:07 am
    • Alex Fields Reply

      There is a separate script for Windows that includes the option to deploy many types of policies, beyond just compliance.

      March 27, 2022 at 11:32 am

Leave a Reply

Back to Blog

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.