Day-6: Device Management & Intune – Step-by-Step Admin Guide

By | January 19, 2026
0 Comment

Series: 30 Days of Microsoft 365 Admin

🎯 Day-6 Objective

Today’s goal is to:

  • Enable device management
  • Bring devices under Microsoft control
  • Prepare for device-based Conditional Access

1️⃣ Verify Microsoft Intune is Enabled

πŸ”§ Steps

  1. Open Microsoft Intune Admin Center
  2. Go to Tenant administration
  3. Click Tenant status

βœ… Confirm

  • Intune status = Active
  • MDM authority = Microsoft Intune

πŸ“Œ If MDM authority is not set β†’ devices cannot be managed

2️⃣ Check MDM Auto-Enrollment Settings

πŸ”§ Steps

  1. Intune Admin Center
  2. Devices β†’ Enroll devices
  3. Click Automatic enrollment

βš™ Configure

  • MDM user scope: All users (or Test group)
  • Save changes

🧠 This allows devices to auto-enroll when users sign in.

3️⃣ Configure Device Enrollment Restrictions

πŸ”§ Steps

  1. Intune Admin Center
  2. Devices β†’ Enroll devices
  3. Click Enrollment restrictions
  4. Open Default restriction

πŸ” Verify

  • Platform: Windows = Allowed
  • Personal devices = Allowed (for lab)

πŸ“Œ In production, personal devices are usually restricted.

4️⃣ Register a Windows Device (Hands-On)

πŸ”§ On Windows Machine

  1. Open Settings
  2. Go to Accounts
  3. Click Access work or school
  4. Click Connect
  5. Sign in with M365 test user

βœ… Result

  • Device is registered in Entra ID
  • User can access M365 apps

5️⃣ Verify Device in Entra ID

πŸ”§ Steps

  1. Entra Admin Center
  2. Devices β†’ All devices
  3. Locate the registered device

πŸ” Check

  • Join type: Azure AD registered
  • Owner: User name
  • Status: Active

6️⃣ Verify Device in Intune

πŸ”§ Steps

  1. Intune Admin Center
  2. Devices β†’ All devices
  3. Select the device

πŸ“Š You Can See

  • Device name
  • OS version
  • Compliance status (Not evaluated yet)

πŸ“Œ Device is now manageable.

7️⃣ Understand Device Compliance Status

πŸ”§ Where to Check

Intune β†’ Devices β†’ All devices β†’ Device β†’ Compliance

Default Status

  • Non-compliant (no policy assigned)

🧠 This is important:

Conditional Access checks compliance, not just registration.

8️⃣ Connect Devices with Conditional Access (Preview)

πŸ” Scenario

  • User signs in
  • MFA passes
  • Device = Non-compliant
  • Access = Blocked (once policy applied)

πŸ“Œ Actual enforcement comes in Day-7.

βœ… End of Day-6 Outcome

After Day-6, you can:
βœ” Enable Intune correctly
βœ” Register devices
βœ” Verify device status
βœ” Understand compliance dependency
βœ” Explain device-based access in interviews

πŸ“… DAY-7 PREVIEW (NEXT DAY PLAN)

Day-7: Intune Compliance & Configuration Policies

We will:
πŸ”Ή Create compliance policies
πŸ”Ή Enforce BitLocker & OS version
πŸ”Ή Mark devices compliant / non-compliant
πŸ”Ή Block access for non-compliant devices
πŸ”Ή Validate using Conditional Access

Leave a Reply

Your email address will not be published. Required fields are marked *