Deploy Settings with Intune for Education

This section covers how to deploy settings for your Windows devices within the Intune for Education console. This section also assumes that your tenant has already been provisioned with student and teacher identities along with an Azure AD group. Refer to School Data Sync (SDS), Azure AD Connect, or Microsoft Graph on the Microsoft Education documentation and resources site to provision groups and user identities if needed.

Intune for Education Overview

Intune for Education is a cloud-based mobile device management (MDM) service designed and built for schools. It is built on top of Intune, so any configurations and changes made in Intune for Education will also be made within the Intune console. With Intune for Education you can:

  • Simplified management: Jumpstart Windows 10 and iOS device management with Express Configuration. Express Configuration makes it easy to set up default policies for your devices.
  • Easy application deployment: Easily add and deploy web apps, Windows Store for Education apps, iOS Store apps, and Win32 (.msi) applications.
  • Education tailored policies: Designed to include only the settings and workflows you need to manage iOS and Windows school devices by offering over 150 granular settings instead of the thousands available in Intune.
  • Remote management: From the portal, you can view device information and take action on a device, such as restarting, without needing to touch it.
  • Simplified reports: Easily view reports that give insights into your environments such as device inventory, application inventory, settings errors, and Windows Defender.

Configure Settings for Windows

In this task, we will configure settings ranging from accounts, enrollment, applications, Edge, network, power, security, updates, and user experience.

Note: In the instrutions below - credentials, longer commands/text, and URLs will have a copy icon that allows you to copy/paste.

In the “Accounts and sign-in” section, configure the following:

In the “Apps” section, configure the following:

    1. Enable Command prompt (cmd.exe)

In the “Enrollment” section, configure the following:

In the “Microsoft Edge” section, configure the following:

Browser customization

Browser restrictions

User data

In the “Network and connectivity” section, configure the following:

Bluetooth

Internet connectivity restrictions

 

In the “Power and sleep” section, configure the following:

In the “Security” section, configure the following:

Windows Defender

    1. Day scheduled – Every day
    1. Low severity threats – Device default

Windows SmartScreen

In the “Shared devices” section, configure the following:

In the “Updates and upgrade” section, configure the following:

Updates

In the “User experience” section, configure the following:

Device restrictions

Lock screen and desktop

Settings app:

Start menu

Save your settings

Review

In this section, you have

Configured a set of policies that ranges from accounts, enrollment, applications, Edge, network, power, security, updates, and user experience. Once configured you assigned the policies to members of the Contoso High School group by saving the configurations.