Devices compliance policies shall be configured for every supported device platform

Description

Device compliance policies allow us to define the necessary settings on a particular platform that meets corporate requirements. Device compliance policies paired with conditional access policies allow us to prevent access to corporate resources on noncompliant devices. Devices should be constantly monitored to ensure compliance with corporate policies.

Policy

• A device compliance policy is configured for each device platform that is supported by the corporation.

• Devices that do not meet the compliance standards shall be marked as noncompliant immediately

Licensing Considerations

Any tenant with Intune licensing can access this setting.

Set-Up Instructions

Device compliance policies in Microsoft Intune | Microsoft Learn

To configure device compliance policies by platform:

Windows

macOS

iOS/iPadOS

Android device administrator

Android (AOSP)

Android Enterprise

End-User Impact

Device compliance policies will have no impact to end-users unless they are paired with conditional access policies to block access on noncompliant devices. Devices not in compliance will show up in the Intune admin center from a reporting standpoint. There are certain device compliance policy settings that will prompt the end-user for certain action. For instance, configuring Encryption of data storage on the device will prompt the user to configure Bitlocker encryption if it is not already enabled. It is recommended to push out a configuration profile to automatically configure encryption in this use case to avoid help desk calls.

PowerShell Scripts

powershell-intune-samples/CompliancePolicy at master · microsoftgraph/powershell-intune-samples (github.com)

Videos