Before you set up any iOS device configuration policy in Intune it is best practice to ensure:
You have added an Apple management certificate to Intune
You have set up an iOS Intune device compliance policy
with those two tasks complete you can now create an iOS device configuration policy. A configuration policy applies settings and configurations to the iOS device joined to this environment.
Open the Azure portal as an administrator and navigate to Intune. From the menu that appears on the left select Device configuration as shown above.
Next select Profiles from the menu on the left as shown above.
Here you will see any profiles that already exist. To create a new policy simply select Create policy from the menu bar across the top as shown.
Gove the policy a Name and Description. Select iOS as the platform.
You’ll see that there are lots of different configuration types you can select to create configuration policies for. In this case we’ll select Device restrictions as an example of how to configure a policy, but remember there at least 9 options here you need to consider.
Remember, you can have multiple policies if you desire as well a number of the different configuration type policies if you want.
If you now select Settings towards the bottom of the window as shown above, you will see the numerous range of configuration options you can set for devices.
In this case I’ll simply illustrate changing one setting by selecting Built-in Apps and then Blocking Facetime as shown above.
Make sure you select OK at the bottom of any screen on which you make changes.
The final step once you have made all your selections and Saved the policy, is to assign the policy. Here I have assigned it to All Users & Devices as shown.
You can revisit and make changes to your policy at any time by navigating to it and selecting it.
The options at the bottom of the menu on the left above: Device status, User Status and Per-setting status will again give you a summary of how this policy has been applied to devices.
Once we have all this in place we can now start joining actual devices to this environment so they can be manged. When we do that, they will be checked against the compliance policy and then have any configuration policies applied.
I’ll cover the process of adding devices to this environment in an upcoming article.