Estimated Reading Time: 7 - 8 minutes
Practical steps to keep every device in your business secure and up to date
The threat of cyberattacks looms larger than ever. Protecting devices from these threats has become absolutely crucial for individuals and organisations alike. It’s no longer enough to simply install antivirus software; a more comprehensive approach is required. Ensuring robust device compliance and diligently keeping software up to date are essential for maintaining a secure and resilient digital environment.
This post provides a practical guide to protecting your devices, with a particular emphasis on using Microsoft Intune to streamline device management and set all computers to auto-update.
Device Compliance: Ensuring Standards and Policies Are Met
Device compliance focuses on making sure that all devices accessing your organisation’s network and data meet specific security standards and policies. Non-compliant devices can introduce significant security risks.
Device compliance typically involves:
- Defining security standards: Clear policies on password complexity, software updates, data encryption, and other security measures.
- Enforcing policies: Using tools like Intune to apply these policies and ensure devices meet the required standards.
- Monitoring compliance: Regularly checking devices to ensure they remain compliant and remediating issues quickly.
- Managing device access: Controlling which devices are allowed to access sensitive data and resources.
By ensuring device compliance, organisations can reduce the risk of vulnerabilities being exploited, maintain a consistent security posture, and ensure that all devices meet the necessary security benchmarks.
Leveraging Intune for Device Management
Microsoft Intune is a cornerstone of modern device management, especially in today’s increasingly mobile and distributed work environments. As a cloud-based service, Intune offers a robust platform for both Mobile Device Management (MDM) and Mobile Application Management (MAM), helping organisations stay in control of their digital assets.
Mobile Device Management (MDM)
MDM with Intune allows you to manage and secure entire devices. This includes:
- Setting device configurations and security baselines.
- Enforcing policies such as password requirements and encryption.
- Remotely wiping data from a lost or stolen device.
MDM is crucial for ensuring that devices accessing company resources adhere to your security standards.
Mobile Application Management (MAM)
MAM focuses on managing and protecting applications on devices, even personal ones. With MAM you can:
- Control how corporate data is accessed and used within specific apps.
- Protect company data on BYOD (Bring Your Own Device) without fully managing the whole device.
- Apply policies that restrict copying, saving, or forwarding sensitive information from corporate apps.
Intune’s Role in Device Control
Intune gives organisations the ability to:
- Implement security policies: Define and enforce measures such as password complexity, data encryption, and access controls.
- Ensure software updates: Deploy and manage OS and application updates to protect devices against vulnerabilities.
- Manage device configurations: Configure device settings remotely for consistency across your fleet.
- Deploy applications: Distribute and manage business apps, ensuring users have the tools they need while you maintain control over versions and licences.
- Monitor compliance: Track whether devices are meeting your security and compliance requirements, and take action when they fall out of compliance.
By leveraging Intune’s MDM and MAM capabilities, organisations can securely manage devices whether they are company-owned or personal, and maintain a secure, productive digital environment.
How to Set All Computers to Auto-Update Using Intune
Intune can help ensure your Windows devices receive the latest updates automatically. Here’s a simplified overview of how to configure this:
- Find update settings: In the Intune admin centre, go to Devices > Windows > Update rings for Windows 10 and later.
- Create (or edit) an update ring: Click + Create and choose Windows 10 and later to create a new update ring.
- Configure update behaviour: For business environments, choose the appropriate channel (for example, Semi-Annual Channel) and set the install behaviour, such as:
- Auto install at maintenance time – installs updates automatically during the maintenance window.
- Auto install and restart at maintenance time – installs updates and restarts devices during the maintenance window.
- Assign the ring to devices: Click Next, then Add groups, and select the device or user groups you want to receive automatic updates.
- Monitor update status: Use Intune reports to check whether updates are being installed correctly by going to Reports > Windows updates.
How to Set a Compliance Policy in Intune
Compliance policies define the minimum security standards devices must meet before they are considered compliant.
- Define security standards: Decide on requirements around passwords, encryption, OS versions, and security tools.
- Access Intune admin centre: Go to https://endpoint.microsoft.com/ and sign in with your administrator credentials.
- Create a new compliance policy: Navigate to the area for device compliance policies (typically Devices > Compliance policies) and create a new policy for the relevant platform (e.g. Windows 10 and later).
- Configure policy settings: Set the specific requirements devices must meet, such as:
- BitLocker, Secure Boot, and code integrity: Required
- Encryption of data storage, Firewall, TPM, Antivirus and Antispyware: Required
- Password to unlock devices: Required
- Simple passwords: Block
- Password expiry: 365 days
- Minimum password length: 8 characters
- Prevent reuse of previous passwords: 1 previous password
- Require password on wake/return from idle: Required
- Maximum minutes of inactivity before password is required: 15 minutes
- Assign the policy: Target the policy at the appropriate device or user groups (for example, all Windows devices or specific departments).
Once assigned, Intune will evaluate devices against this policy and report on which are compliant and which require remediation.
Frequently Asked Questions
Can I learn more about setting up Intune?
Yes. Microsoft provides detailed documentation and tutorials on the Microsoft Learn platform. A good starting point is Get started with Intune.
How do I access the Intune admin center?
Go to https://endpoint.microsoft.com/ and sign in with your administrator account. From there you can manage devices, policies, apps, and reports.
What is the default time Intune attempts to install updates if no maintenance window is configured?
If no maintenance window is configured, Intune attempts to install updates daily at around 3 AM by default.
Why is testing important before deploying update rings broadly?
Testing update rings on a small pilot group first ensures the configurations work as expected and helps you spot potential issues before they affect everyone. It reduces the risk of widespread disruption.
Can I create compliance policies for Windows updates in Intune?
Yes. You can create compliance policies that require devices to run a minimum Windows version or patch level. Devices that fall behind can be flagged as non-compliant and have restricted access to resources until they are updated.
How can I monitor the update status of devices?
Use the reporting features in Intune. In the admin centre, navigate to Reports > Windows updates to see which devices are up to date, which are pending, and where failures may have occurred.
How can I monitor if devices are meeting the organisation’s security and compliance requirements?
Create and assign compliance policies in Intune, then use the compliance reports to track which devices meet your standards. Non-compliant devices can be flagged or blocked from accessing certain resources until issues are resolved.
What are the different options for automatic update behaviour in Intune?
Intune supports several automatic update behaviours, including:
- Auto install at maintenance time: Updates are installed automatically during the defined maintenance window.
- Auto install and restart at maintenance time: Updates are installed and the device restarts during the maintenance window.
- Auto install and restart without end user control / Install automatically (no end-user control): Updates are downloaded, installed, and the device restarts automatically outside active hours, even if a user is signed in. This is effective but can be disruptive if not communicated.
- Auto install and notify to restart: Updates are installed automatically, and users are notified to schedule the restart.
- Download and notify for install: Updates are downloaded and users are notified to start the installation and restart. This is less automated and relies on user action.
Let’s Talk About Securing Your Devices
At Telanova, we help businesses across Wokingham, Ascot, Bracknell, Reading, and the wider Berkshire region put practical, Intune-driven security and compliance in place. From configuring update rings and compliance policies to monitoring risky devices, we make modern device management simple and achievable.
Explore our IT support services or call 01344 989 530 to strengthen your device security and compliance.
