Compliance Policy via Intune
From Notes_Wiki
Home > Microsoft Intune > Compliance Policy via Intune
Compliance Policy via Intune
Overview
Compliance policies in Intune help ensure only trusted and secure devices can access company resources such as Outlook, Teams, and SharePoint.
Prerequisites
- Intune Administrator, Security Administrator, or Global Administrator role.
- Devices must be Intune-enrolled.
- Azure AD Conditional Access recommended for enforcement.
Steps
1. Sign in
- Open Microsoft Intune Admin Center.
- Sign in with administrator credentials.
- Go to: Devices > Compliance policies > Policies > Create Policy.
3. Select Platform
- Choose a target platform:
- Windows 10/11
- iOS/iPadOS
- Android
- macOS
4. Configure Compliance Settings
- Define compliance rules:
- Require BitLocker (Windows) / FileVault (macOS).
- Require password complexity and minimum length.
- Block jailbroken or rooted devices.
- Set minimum supported OS version.
- Require antivirus/antimalware enabled.
5. Configure Actions for Noncompliance
- Available options:
- Send notification email to user.
- Mark device noncompliant immediately.
- Provide a grace period (e.g., 3 days).
- Integrate with Conditional Access to block access.
6. Assign the Policy
- Add Azure AD groups:
- All Devices
- All Users
- Department-specific groups
7. Review and Create
- Review settings.
- Click Create.
8. Monitor Compliance
- Navigate: Devices > Monitor > Device compliance.
- View compliance status of devices.
Notes
- Compliance policies do not block access by themselves.
- Use with Conditional Access policies in Azure AD to enforce compliance.
- Multiple compliance policies can apply to the same platform.