title

Configure Microsoft Intune for increased tenant security

description

Secure your tenant with Microsoft Intune to support your Zero Trust journey.

ms.topic

reference

ms.date

10/20/2025

ms.author

brenduns

author

brenduns

ms.reviewer

ramical

ms.collection

tier 1

M365-identity-device-management

Configure Microsoft Intune for Zero Trust: Secure tenants (Preview)

Protecting your Intune tenant is essential to enforcing Zero Trust principles and maintaining a secure, well-managed environment. These recommendations align with Microsoft's Secure Future Initiative by limiting blast radius and enforcing least-privilege access through segmented administrative control, secure device onboarding, and policy-driven protections. Together, they help reduce risk, maintain tenant hygiene, and strengthen compliance across platforms.

Zero Trust security recommendations

Scope tag configuration is enforced to support delegated administration and least-privilege access

[!INCLUDE 24555]

Device enrollment notifications are enforced to ensure user awareness and secure onboarding

[!INCLUDE 24572]

Windows automatic device enrollment is enforced to eliminate risks from unmanaged endpoints

[!INCLUDE 24546]

Compliance policies protect Windows devices

[!INCLUDE 24541]

Compliance policies protect macOS devices

[!INCLUDE 24542]

Compliance policies protect fully managed and corporate-owned Android devices

[!INCLUDE 24545]

Compliance policies protect personally owned Android devices

[!INCLUDE 24547]

Compliance policies protect iOS/iPadOS devices

[!INCLUDE 24543]

Platform SSO is configured to strengthen authentication on macOS devices

[!INCLUDE 24568]

Defender for Endpoint automatic enrollment is enforced to reduce risk from unmanaged Android threats

[!INCLUDE 24871]

Device cleanup rules maintain tenant hygiene by hiding inactive devices

[!INCLUDE 24802]

Terms and Conditions policies protect access to sensitive data

[!INCLUDE 24794]

Company Portal branding and support settings enhance user experience and trust

[!INCLUDE 24823]

Endpoint Analytics is enabled to help identify risks on Windows devices

[!INCLUDE 24576]

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Configure Microsoft Intune for Zero Trust: Secure tenants (Preview)

Zero Trust security recommendations

Scope tag configuration is enforced to support delegated administration and least-privilege access

Device enrollment notifications are enforced to ensure user awareness and secure onboarding

Windows automatic device enrollment is enforced to eliminate risks from unmanaged endpoints

Compliance policies protect Windows devices

Compliance policies protect macOS devices

Compliance policies protect fully managed and corporate-owned Android devices

Compliance policies protect personally owned Android devices

Compliance policies protect iOS/iPadOS devices

Platform SSO is configured to strengthen authentication on macOS devices

Defender for Endpoint automatic enrollment is enforced to reduce risk from unmanaged Android threats

Device cleanup rules maintain tenant hygiene by hiding inactive devices

Terms and Conditions policies protect access to sensitive data

Company Portal branding and support settings enhance user experience and trust

Endpoint Analytics is enabled to help identify risks on Windows devices

Related content

FilesExpand file tree

ref-zero-trust-tenant.md

Latest commit

History

ref-zero-trust-tenant.md

File metadata and controls

Configure Microsoft Intune for Zero Trust: Secure tenants (Preview)

Zero Trust security recommendations

Scope tag configuration is enforced to support delegated administration and least-privilege access

Device enrollment notifications are enforced to ensure user awareness and secure onboarding

Windows automatic device enrollment is enforced to eliminate risks from unmanaged endpoints

Compliance policies protect Windows devices

Compliance policies protect macOS devices

Compliance policies protect fully managed and corporate-owned Android devices

Compliance policies protect personally owned Android devices

Compliance policies protect iOS/iPadOS devices

Platform SSO is configured to strengthen authentication on macOS devices

Defender for Endpoint automatic enrollment is enforced to reduce risk from unmanaged Android threats

Device cleanup rules maintain tenant hygiene by hiding inactive devices

Terms and Conditions policies protect access to sensitive data

Company Portal branding and support settings enhance user experience and trust

Endpoint Analytics is enabled to help identify risks on Windows devices

Related content