Compliance Policy Setup in Intune

Compliance Policy Setup in Intune is that is a must use feature in Mobile Device Management.  These rules might include using a password or a PIN to access devices; and encrypting data stored on devices with the use of technology called Bitlocker.  These set of rules is called a compliance policy.  The best option is to use the compliance policy with Azure AD Conditional Access  Not familiar with Intune?  Check out our Intune guide.   Now let’s set up a compliance policy.  To set up this policy, we will do so from the main devices screen.

Compliance Policy Setup in Intune

 

 

 

 

 

Displayed below is the compliance policy page. Since we got to this page from the main devices page we can see and make policies for and platform from this page.

Let’s make a new policy.  Remember compliance polices allows us to measure the compliance of the device. We are not setting up the device for us to make sure it meets the company’s compliance standards.

Compliance setup in intune

 

 

 

Below is the compliance policy page.  First, we need to enter a name for our policy.  You can enter an optional description if you want.  Then we need to select a platform. In this case we are selecting iOS/iPadOS for our device.

Compliance Policy Setup in Intune

 

 

 

 

 

 

 

Now that we selected a platform, we have a few more options to select from below.  We can enter the settings for our policy, actions for noncompliance, and assign scope tags.  Clicking on settings will bring up an additional blade where we can measure various aspects of the device.   The settings found here will be specific to the platform we selected previously.

Compliance Setup in intune

 

 

 

 

 

 

 

 

The email profile must be connected to Intune or the device will be marked as noncompliant under the email tab we can require an email profile.

Compliance setup in intune

 

 

 

 

In the device health section below, we can check for jail broken device. If this was an android policy, we can look for rooted devices. Here we can also see if the device has been flagger for various threat levels and add that to our compliance policy.

Compliance setup in intune

 

 

 

 

In the device properties, we can check the OS version of the device. If the device’s OS doesn’t meet the setting here it will be marked as non-compliant.

Compliance Policy Setup in Intune

 

 

 

 

In the security section below, we can look at the security setup of the device.  We can look at the password settings along with any apps on the device. The apps section is a great way to see if company devices have unwanted apps on them.

Now, let’s take a look at the actions section.

Compliance Policy Setup in Intune

 

 

 

 

 

In the actions for noncompliance section, we can see a list of the actions to take place when a device is non-compliant.

Compliance Policy Setup in Intune

 

 

 

 

 

The action is what we want to happen when a device is marked as non-compliant.

Compliance Policy Setup in Intune

 

 

 

 

Let’s select an action from the list.  Opening the drop down illustrated below gives us two options. We can send and email to the end user or we can remotely lock the device.

Compliance Policy Setup in Intune

 

 

 

 

Under the send an email below, we have a few more options. We can select a message template to be sent to the end user.  We can send a notification to others in the organization.  We can set how many days the device needs to be non-compliant before the notifications are sent.

Compliance Policy Setup in Intune

 

 

 

 

We can specify how many days before the device needs to be non-compliant before the device is locked if we select remote lock from the drop down.  One way to set this up is to have policies that send notifications during the first few days.  It will notify the user the device will be locked if it is not compliant in X amount of days. Follow that up with another policy to lock the device if it is noncompliant after that amount of days has occurred.

Compliance Policy Setup in Intune

 

 

 

 

 

Compliance Policy Setup in Intune Summary

 

Check out Microsoft’s post for more details on compliance policy setup in Intune.

Leave a Reply

Your email address will not be published. Required fields are marked *