Device compliance policies for your Microsoft 365 for enterprise test environment
This Test Lab Guide can only be used for Microsoft 365 for enterprise test environments.
This article describes how to add an Intune device compliance policy for Windows 10 devices and Microsoft 365 Apps for enterprise to your Microsoft 365 for enterprise test environment.
Adding an Intune device compliance policy involves two phases:
- Phase 1: Build out your Microsoft 365 for enterprise test environment
- Phase 2: Create a device compliance policy for Windows 10 devices
Tip
For a visual map to all the articles in the Microsoft 365 for enterprise Test Lab Guide stack, go to Microsoft 365 for enterprise Test Lab Guide Stack.
Phase 1: Build out your Microsoft 365 for enterprise test environment
If you want to configure MAM policies in only a lightweight way with the minimum requirements, follow the instructions in Lightweight base configuration.
If you want to configure MAM policies in a simulated enterprise, follow the instructions in Pass-through authentication.
Note
Testing automated licensing and group membership doesn't require the simulated enterprise test environment, which includes a simulated intranet connected to the internet and directory synchronization for an Active Directory Domain Services (AD DS) forest. It's provided here as an option so that you can test automated licensing and group membership and experiment with it in an environment that represents a typical organization.
Phase 2: Create a device compliance policy for Windows 10 devices
In this phase, you create a device compliance policy for Windows 10 devices. This phase uses Microsoft Intune and the Microsoft Intune admin center to add a group, and create a compliance policy.
Go to the Microsoft 365 admin center, sign in to your Microsoft 365 test lab subscription with your global administrator account, and select the Intune admin center.
If a message similar to You haven't enabled device management yet message is shown, then select Intune as the MDM authority. For the specific steps, see Set the mobile device management authority.
The Intune admin center focuses on device management and app management. For a tour of this admin center, see Tutorial: Walkthrough the Microsoft Intune admin center.
In Groups, add a new Microsoft 365 or Security group named Managed Windows 10 device users, with an Assigned membership type. In the next steps, you'll assign your compliance policy to this group.
For the specific steps, and for information on Microsoft 365 or Security groups, see Add groups to organize users and devices.
In Devices, create a Windows 10 compliance policy. Assign this policy to the Managed Windows 10 device users group you created.
In your policy, you can block simple passwords, require a firewall, require the Microsoft Defender Antimalware service be running, and more. A compliance policy typically includes the base settings, or bare minimum that every device should have.
For the specific steps, and for information on the available compliance settings you can configure, see Use compliance policies to set rules for devices you manage.
When finished, you have a device compliance policy for testing members in the Managed Windows 10 device users group.
Next step
Explore additional mobile device management features and capabilities in your test environment.
See also
Microsoft 365 for enterprise Test Lab Guides.
Enroll iOS and Android devices in your Microsoft 365 for enterprise test environment
Feedback
Submit and view feedback for