Tenant setup 09 — Intune intro
After the long fight with Conditional Access we move to Intune. It's even more complex, and it brings us into device administration. Today we'll cover the basics and push Microsoft 365 apps as required.
This article is part of the series. Full series + screenshots in one document: download PDF. (PDF is currently in Czech.)
After the long battle with Conditional Access Policies, we move to Intune — which is not only more complex but also brings us into device administration. So far we've only nibbled at device admin, because in my view it's the second-hardest piece (after forensic incident analysis). Don't let that scare you — Intune is also one of the portals where what you do is "really felt" (for better and for worse).
From Intune you control things like automatic OneDrive sign-in and folder redirection, the Company Portal app catalog (so users can install software without admin rights), data protection inside apps, and much more. Today we'll do the basics and push Microsoft 365 apps as required.
To enforce installation of all M365 apps on a PC: sign in to Intune at https://intune.microsoft.com → Apps → Windows → Create. Pick Microsoft 365 Apps (Windows 10 and later). Name the policy. Leave Show this as a featured app off; we'll force-install anyway.
If you have an XML config use Enter XML data; otherwise the built-in Configuration designer is fine. Under Select Office apps pick the apps to install. Below that you can add Visio Online Plan 2 or Project Online Desktop Client. File type: Office Open Document Format — without this the policy refuses to save. Update channel: I always pick Current Channel for the latest fixes. Pick a language. Target All users.