This month we released a large number of pre-made policies. These are a set of pre-defined policies within each of the three pillars, Conditional Access, Compliance and Configuration. They ensure that MSPs can quickly and easily build a quality policy library and start deploying in the shortest amount of time possible.
Policy Management Workshop
We continue to offer a series of complimentary workshops aimed at creating and deploying policies efficiently and effectively.
If you have a number of clients with Business Premium (or higher) already using Endpoint Manager or Conditional Access, or you’re in the process of deploying either, let us show you how MSPMagic’s new features can assist your business.
New Features
We have released the following new pre-made policies:
Compliance Policies
- Windows 10 and Later Secure Device Compliance
- This checks Windows 10 devices to ensure they have Bitlocker, Secure Boot, and Require Code Integrity enabled as well as a firewall, TPM, Antivirus and Antispyware.
- Learn More
- macOS Secure Device Compliance
- This policy checks macOS devices have FileVault enabled for all fixed storage and that the macOS firewall is enabled.
- Learn More
- iOS/iPadOS Secure Device Compliance
- Checks that iOS/iPadOS devices are not Jailbroken, a passcode has been set, and the maximum amount of time inactivity before the device locks itself is set to 15 minutes.
- Learn More
- Android Enterprise (Personally-owned work profile) Secure Device Compliance
- Checks that Android Enterprise devices are not rooted, a passcode has been set, and the maximum timeout before locking is set to 15 minutes. It will also disable the ability to perform USB debugging on the device.
- Learn More
- Windows 10 and later Microsoft Defender for Endpoint Enabled and Clear of Risks
- This checks Windows 10 devices to ensure they have Microsoft Defender Antimalware, Microsoft Defender Antimalware security intelligence up-to-date, Real-time protection, and that “Require the device to be at or under the machine risk score” is clear.
- Requires Microsoft Defender for Endpoint with integration setup to Microsoft Endpoint Manager
- Learn More
Configuration Profiles
- Windows 10 and later Deploy Managed Wi-Fi connection with WPA/WPA2-Personal Authentication (no proxy)
- This deploys Microsoft Endpoint Manager Managed Wi-Fi network to all users for Windows 10 and later devices. The configuration will configure the devices to automatically connect to the Managed Wi-Fi network when in range.
- Learn More
- Windows 10 and later OneDrive for Business Known Folder Move
- Silently sign in the user and move their Desktop, Documents and Pictures folders to OneDrive.
- Learn More
- Windows 10 and later Microsoft Edge enable Automatic Sign in and Sync using Windows Credential
- Enable Microsoft Edge’s sync of user favourites, passwords, and other browser data across all synced devices.
- Learn More
- Windows 10 and later Microsoft Edge set default search provider to Google
- Change the default search provider for Microsoft Edge to Google for Windows 10 and later devices. The configuration will not block the user from changing Microsoft Edge’s default search provider to another search engine.
- Learn More
- Enable Windows 10 and Later Disk Encryption (BitLocker)
- Enable BitLocker encryption on OS and Fixed drives for Windows 10 and later devices. The BitLocker recovery keys will be backed up to Azure AD and rotated automatically after they are used on a device.
- Learn More
- Enable macOS Disk Encryption (FileVault)
- Enforces FileVault encryption on OS and Fixed drives for macOS devices. The FileVault recovery keys will be backed up to Azure AD.
- Learn More