Intune FAQ's
Pre-Onboarding Guidelines
Request VPN Profiles: If you are currently using a local account, please request new VPN profiles before starting the onboarding process.
Verify Microsoft 2FA: Ensure that Microsoft 2FA is enabled and available in the Microsoft Authenticator app.
How to onboard a device into Intune
Guide for Onboarding device to Intune
How to Enable BitLocker
Open BitLocker Drive Encryption:
- Open the Control Panel.
- Navigate to System and Security -> BitLocker Drive Encryption.
Turn On BitLocker:
- Find the drive you want to encrypt (typically the C: drive) and click Turn on BitLocker.
Choose How to Unlock Your Drive:
- Select your preferred method to unlock the drive at startup (select password)
Backup Your Recovery Key:
- Choose where to save the recovery key. Select Print and download the Recovery Key. (This was uploaded during the laptop registration process)
Select What to Encrypt:
- Choose either Encrypt used disk space only (faster) or Encrypt entire drive (slower but more secure).
Choose Encryption Mode:
- Select New encryption mode (best for fixed drives on this device) or Compatible mode (best for drives that might be moved to older versions of Windows).
Start Encryption:
- Click Start encrypting and wait for the process to complete. This may take some time depending on the size of your drive and the amount of data.
Verify Encryption Status:
- After encryption is complete, go back to Control Panel -> System and Security -> BitLocker Drive Encryption to ensure the drive status shows BitLocker on.
How to Enable Windows Defender Antivirus
Open Windows Security:
- Press Win + I to open the Settings app.
- Go to Update & Security -> Windows Security.
Open: Virus & Threat Protection
Turn On Real-Time Protection:
- Under the Virus & threat protection settings, click on Manage settings.
- Ensure that the Real-time protection switch is turned on.
Update Virus Definitions:
- In the Virus & threat protection window, under Virus & threat protection updates, click Check for updates.
- Click Check for updates to ensure that Windows Defender is using the latest virus definitions.
Important Note
Please disable and uninstall any other antivirus software from your device. This includes software such as McAfee, Kaspersky, and other third-party antivirus programs.
How to Enable Windows Firewall
Open Windows Security:
- Press Win + I to open the Settings app.
- Go to Update & Security -> Windows Security.
Open: Firewall & Network Protection
Check Firewall Status for Each Network:
- You will see three network profiles: Domain network, Private network, and Public network.
- Click on each network profile to check the firewall status.
Enable Firewall:
- For each network profile, ensure that the Windows Defender Firewall switch is turned on.
How to Verify Windows Defender Status
Check Windows Security Center:
- Press Win + I to open the Settings app.
- Go to Update & Security -> Windows Security.
- Ensure that there are no warnings or alerts under Virus & threat protection and Firewall & network protection.
Running a Quick Scan:
- In the Virus & threat protection window, click Quick scan to ensure that Windows Defender Antivirus is actively scanning your device.
How to Ensure Password Policy Compliance
- Password Length: Your password should be at least 10 characters long.
- Character Requirements: The password must contain both letters, numbers, and symbols. (alphanumeric).
How to Manage User Accounts
Part 1: Removing Additional Accounts
Open Settings: Press Win + I
Navigate to Accounts:
- Go to Accounts -> Email & accounts.
Check for Additional Accounts:
- If you see an account other than your TSP email account, please back up any data associated with that account and then delete it.
Part 2: Switching to Your TSP Account
Log Out and Switch Users:
- Press Win + L to lock your screen.
- In the bottom left corner, select Other user.
- Sign in using your TSP email and password that is at least 10 characters long and alphanumeric.
Set Up Your TSP Account:
- Once signed in, download and install all required software (e.g., Bitwarden, Pritunl, etc.).
- If you have any data that needs to be backed up, upload it to Google Drive or OneDrive from your personal account.
Part 3: Removing Your Personal Account
Important Note
Please remove your local accounts only after all the required files are backed up on the onedrive cloud.
Open Settings:
- Press Win + I to open the Settings app.
- Go to Accounts -> Email & accounts.
Select Your Personal Account:
- Click on your personal account.
- Click Manage, which will redirect you to the Microsoft account website.
Remove the Device from Your Account:
- Ensure you are signed in to your personal account on the Microsoft website.
- Navigate to Devices.
- Find your device and click Remove device.
How to remove other accounts
Open Settings with Win + I
Navigate to Accounts.
Select Other users.
Select the Account to Remove:
Under the Other users section, click on the local account you want to remove.
Remove Account:
- Click on Remove.
- Confirm the removal by clicking Delete account and data.