Compliance Policy via Intune

From Notes_Wiki

Home > Microsoft Intune > Compliance Policy via Intune



Compliance Policy via Intune

Overview

Compliance policies in Intune help ensure only trusted and secure devices can access company resources such as Outlook, Teams, and SharePoint.

Prerequisites

  • Intune Administrator, Security Administrator, or Global Administrator role.
  • Devices must be Intune-enrolled.
  • Azure AD Conditional Access recommended for enforcement.

Steps

1. Sign in

2. Navigate to Compliance Policies

  • Go to: Devices > Compliance policies > Policies > Create Policy.

3. Select Platform

  • Choose a target platform:
    • Windows 10/11
    • iOS/iPadOS
    • Android
    • macOS

4. Configure Compliance Settings

  • Define compliance rules:
    • Require BitLocker (Windows) / FileVault (macOS).
    • Require password complexity and minimum length.
    • Block jailbroken or rooted devices.
    • Set minimum supported OS version.
    • Require antivirus/antimalware enabled.

5. Configure Actions for Noncompliance

  • Available options:
    • Send notification email to user.
    • Mark device noncompliant immediately.
    • Provide a grace period (e.g., 3 days).
    • Integrate with Conditional Access to block access.

6. Assign the Policy

  • Add Azure AD groups:
    • All Devices
    • All Users
    • Department-specific groups

7. Review and Create

  • Review settings.
  • Click Create.

8. Monitor Compliance

  • Navigate: Devices > Monitor > Device compliance.
  • View compliance status of devices.

Notes

  • Compliance policies do not block access by themselves.
  • Use with Conditional Access policies in Azure AD to enforce compliance.
  • Multiple compliance policies can apply to the same platform.

Home > Microsoft Intune > Compliance Policy via Intune

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Compliance_Policy_via_Intune&oldid=9475"