Set up additional management with System Center Configuration Manager

Applies to: System Center Configuration Manager (Current Branch)

(Optional) You can set up additional management before devices are enrolled. These management solutions can be created and deployed after devices are enrolled, although many organizations prefer to deploy them as devices are brought into management.

Configuration items let you manage settings such as requiring a PIN or requiring encryption on enrolled devices based on device platform:

Applications can be deployed to managed devices:

Conditional access lets you manage access to company resources including:

Multi-factor Authentication (MFA) lets you require more than one verification method, which adds a critical second layer of security to user sign-ins and transactions. Previously, you would go to either the Intune console or the Configuration Manager console to set MFA for Intune enrollments. Now, you login to the Microsoft Azure portal using your Intune credentials and configure MFA settings through Azure AD. To learn more, see Multi-factor authentication for Microsoft Intune.