Intune / Entra Practices

Intune Device Enrollment

Windows Autopilot

# Install module
Install-Module -Name Microsoft.Graph.Intune

# Connect
Connect-MSGraph

# Import device hardware hashes
Import-AutopilotCsv -CsvFile "C:\Devices\devices.csv"

Compliance Policies

Policy Example: Require Windows 10 Device Encryption
- Platform: Windows 10 and later
- Settings:
  - BitLocker: Required
  - TPM: Required
  - Minimum OS version: 10.0.19041
- Non-compliance actions:
  - Mark as non-compliant: Immediately
  - Block access: 3 days after non-compliance

Azure AD/Entra Identity Protection

Risk-Based Conditional Access

Policy: Block High-Risk Sign-ins
Conditions:
  - User risk: High
  - Sign-in risk: High
Access Controls:
  - Block access

Next Steps

Security and Compliance: Integrate Intune with Purview

Intune Device Enrollment​

Windows Autopilot​

Compliance Policies​

Azure AD/Entra Identity Protection​

Risk-Based Conditional Access​

Next Steps​

Intune Device Enrollment

Windows Autopilot

Compliance Policies

Azure AD/Entra Identity Protection

Risk-Based Conditional Access

Next Steps