What are Intune Policy Sets?

Starting with the Intune release from October 14th 2019, Microsoft made available a new functionality called “Policy Sets”.   Even though there a now (at time of writing this article) still in preview, they are a very welcome addition to the Intune options available.

Added November 29th: Please make sure to also read about Guided scenario’s – a preview feature in Intune which makes it possible to create policy sets based on predefined scenarios – What are Guided Scenarios in Microsoft 365 Device Management/Intune?

Disclaimer: This post is written on Oktober 25th 2019 and reflects the state of this functionality at this point in time.

So what are policy sets?

By creating a policy set, you can group the following features into a set which you can assign to either device or user groups:

  • Apps
  • App configuration policies
  • App protection policies
  • Device configuration profiles
  • Device compliance policies
  • Device type restrictions
  • Windows autopilot deployment profiles
  • Enrollment status page

The functionality that policy sets provide is partly available in the Security Baselines Microsoft is providing already. Because in the end, the Microsoft Security Baseline for Windows 10 for example is nothing more than a combination of Device Configuration Profiles.

So how to we create a Policy Set within Intune?

The policy set functionality can be found under Devices in the new setup of the Intune portal. Go to Devices and choose Policy sets (Preview)

Policy Sets

You can create a policy set, by clicking on “+ Create” on the Policy sets page, which will start a wizard guiding you to creating your first policy set

Create Policy Set Wizard

Under Application Management you can add the following items:

  • Apps
  • App configuration policies
  • App protection policies

Under Device Management you can add the following items:

  • Device configuration profiles
  • Device compliance policies

Under Device enrollment you can add the following items:

  • Device type restrictions
  • Windows autopilot deployment profiles
  • Enrollment status pages

Under assignment you can assign the policy set to All users, All devices, All users and all devices or selected groups. You can also specify groups to exclude. Not that you cannot determine if the policy set is available or required, that is determined by the individual setting.

From this point forward you can then create the policy set.

Conclusion

Policy sets are a welcome addition to the Intune functionality. Personally I would like the Security Baselines to be implemented as Policy sets as well, in order to give us more flexibility to work with the baselines. What’s missing from policy sets is the compliance reporting available in the Security baseline information. All of this can change ofcourse since the Policy sets are still in preview.

Before you start working with Policy Sets, please check for the known issues: https://docs.microsoft.com/en-us/intune/fundamentals/policy-sets#policy-sets-known-issues

3 thoughts on “What are Intune Policy Sets?

  1. Pingback: What are Guided Scenarios in Microsoft 365 Device Management/Intune? | Modern Workplace Blog
  2. Pingback: Designing and building your Microsoft Endpoint Manager/Intune environment for Operations | Modern Workplace Blog
  3. Pingback: Updating your Security baselines in Microsoft Endpoint Manager to a newer version | Modern Workplace Blog

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.