Device compliance policies for your Microsoft 365 Enterprise test environment
With the instructions in this article, you add an Intune device compliance policy to your Microsoft 365 Enterprise test environment.
Click here for a visual map to all the articles in the Microsoft 365 Enterprise Test Lab Guide stack.
Phase 1: Build out your Microsoft 365 Enterprise test environment
If you just want to configure MAM policies in a lightweight way with the minimum requirements, follow the instructions in Lightweight base configuration.
If you want to configure MAM policies in a simulated enterprise, follow the instructions in Pass-through authentication.
Testing automated licensing and group membership does not require the simulated enterprise test environment, which includes a simulated intranet connected to the Internet and directory synchronization for a Active Directory Domain Services (AD DS) forest. It is provided here as an option so that you can test automated licensing and group membership and experiment with it in an environment that represents a typical organization.
Phase 2: Create a device compliance policy for Windows 10 devices
In this phase, you create a device compliance policy for Windows 10 devices.
Go to the Office 365 portal at (https://portal.office.com) and sign in to your Office 365 test lab subscription with your global administrator account.
On a new tab of your browser, open the Azure portal at https://portal.azure.com.
On the Azure portal tab in your browser, in the navigation pane, click All services, type Intune, and then click Intune.
If you see a You haven't enabled device management yet message on the Microsoft Intune blade, click it. On the Mobile Device Management authority blade, click Intune MDM Authority, and then click Choose. Refresh your browser tab.
In the left navigation pane, click Groups.
On the Groups-All groups blade, click + New Group.
On the Group blade, select Office 365 or Security for Group type?, type Managed Windows 10 device users in Name, select Assigned in Membership type, and then click Create.
Close the Group blade.
Close the Groups-All groups blade.
On the Microsoft Intune blade, in the Quick tasks list, click Create a compliance policy.
On the Compliance Policy Profiles blade, click Create Policy.
On the Create Policy blade, in Name, type Windows 10. In Platform, select Windows 10 and later, click OK on the Windows 10 compliance policy blade, and then click Create. Close the Windows 10 blade.
On the Compliance Policy Profiles blade, click the Windows 10 policy name.
On the Windows 10 blade, click Assignments, and then click Select groups to include.
On the Select groups to include blade, click the Managed Windows 10 device users group, and then click Select.
Click Save, and then close the Windows 10 - Assignments blade.
Close the Compliance Policy Profiles blade.
On the Microsoft Intune blade, click Client apps in the left navigation.
On the Client Apps blade, click Apps, and then click Add.
In the Add app blade, select App type, and then select Windows 10 under Office 365 Suite.
Click Configure App Suite, and then click OK.
Click App Suite Information, type Office Apps for Windows 10 in Suite Name, Office Apps for Windows 10 in Suite Description, and then click OK.
Click App Suite Settings, select Semi-Annual in Update channel, and then click OK.
On the Add app blade, click Add.
You now have a device compliance policy for testing the selected apps in the Windows 10 device compliance policy and for members of the Managed Windows 10 device users group. Please note that selecting Office 365 as the group type will create additional resources.
Explore additional mobile device management features and capabilities in your test environment.