What MDM policies did I get from Intune? (Basic and Advanced reports)
As we all know, stuff in IT doesn’t always run perfectly. That’s why you have to trust and verify. If you are managing an MDM such as Intune for a large enterprise, you need to verify what MDM settings were successfully deployed. That means you need some type of reporting to reference. While the level of reporting isn’t up to par with on-prem servers and tools, Intune still offers some good information to help you discern what is going on with your MDM environment.
First off, you can click on any profile and get a rundown on all of the settings comprised within that particular profile that were successfully or unsuccessfully delivered. It also shows the number of errors currently. Below is an example of a profile being deployed in a good size enterprise.
If you notice in the left hand column of the above exhibit, there is a user status and device status link. Device status tells you all the device and user combinations that has received the profile. User status tells on how many devices the user has received the profile. Device status reports include information such as the device name, its deployment status and its last status update. User status includes the username, deployment status and his or her check-in time.
All of that is pretty cool, but you are going to need more relevant data than just in some cases. Anyone that has dealt with Group Policy administration has used GPresult at one time or another to get more detailed information on what’s going on. MDM has something like it called Advanced Diagnostic Reports. Like many information gathering tools, there’s a lot of stuff in these reports contained in numerous categories, however, there are three particular categories that you should get familiar with.
Managed Policies
This report simply shows you everything configured on the device that is different than the default values. In the example below, the current values of Browser and Experience are different from their default values. The homepage is now set to one of the greatest internet sites out there and Cortana has been disabled.
Blocked by Group Policy
As I mentioned earlier, Group Policy and MDM on the same box is non-deterministic so by default, this report is totally irrelevant. But if you flip the switch and configure MDM to win over Group Policy, this report can come alive real quick. One bummer about this report is that it only lists the setting conflict, not the GPO or the MDM profile that actually delivered the setting. Hopefully this is a temporary shortcoming.
Unmanaged Policies
While this report won’t help you troubleshoot anything happening in your environment, it does make for interesting reading because it shows you what can be done. There may be potential setting configurations in areas you weren’t aware of, giving you ideas of how to better manage your devices.
Comments (0)