Povratne informacije Uredi

Policy mapping between Basic Mobility and Security and Intune

  • Članak
  • 2 min. za čitanje

Both Basic Mobility and Security, formerly Microsoft 365 mobile device management (MDM), and Intune are used to manage mobile devices. Part of this management includes the application of various policies that determine how the mobile devices interact with your company data and security.

If you choose to migrate your MDM from Basic Mobility and Security to Intune, you’ll need to duplicate the policies over to Intune. You can use the Migration evaluation tool to handle the migration. You can also use the articles in this section to understand the two systems’ policies and how they map to each other.

Depending on the Basic Mobility and Security policy settings, different Intune and Azure AD policies may be needed to duplicate the behavior. Because Intune offers more flexibility, each source policy can translate into multiple Intune and Azure Active Directory (Azure AD) policies to achieve the same effect. Each device security policy can require up to three compliance policies, six configuration profiles, and five global conditional access policies.

Basic Mobility and Security policies in Office 365 Security and Compliance portal

Basic Mobility and Security uses the Office 365 Security and Compliance portal to manage device security policies.

Intune policies in the Microsoft Endpoint Manager admin center

Intune uses the Microsoft Endpoint Manager admin center to manage the following policies to achieve similar results as the Office device security policies:

Intune policy type Purpose Intune location
Compliance policies Specify the device settings as access requirements. Microsoft Endpoint Manager admin center > Devices > Compliance policies
Configuration profiles Specify other settings that aren’t part of the access requirements, including email profiles. Microsoft Endpoint Manager admin center > Devices > Configuration profiles
Conditional access policies Azure AD conditional access blocks access if the settings aren't compliant. Microsoft Endpoint Manager admin center > Endpoint security > Conditional access > Classic policies

Intune and Azure AD policies are more powerful than Office MDM policies and have many more settings to achieve more advanced scenarios. Before you change Intune or Azure AD policies not mentioned in these articles, you should first read the relevant Intune or Azure AD documentation.

Next steps