Compliance Policy via Intune

Overview

Compliance policies in Intune help ensure only trusted and secure devices can access company resources such as Outlook, Teams, and SharePoint.

Prerequisites

• Intune Administrator, Security Administrator, or Global Administrator role.
• Devices must be Intune-enrolled.
• Azure AD Conditional Access recommended for enforcement.

Steps

1. Sign in

• Open Microsoft Intune Admin Center.
• Sign in with administrator credentials.

2. Navigate to Compliance Policies

• Go to: Devices > Compliance policies > Policies > Create Policy.

3. Select Platform

• Choose a target platform:
  • Windows 10/11
  • iOS/iPadOS
  • Android
  • macOS

4. Configure Compliance Settings

• Define compliance rules:
  • Require BitLocker (Windows) / FileVault (macOS).
  • Require password complexity and minimum length.
  • Block jailbroken or rooted devices.
  • Set minimum supported OS version.
  • Require antivirus/antimalware enabled.

5. Configure Actions for Noncompliance

• Available options:
  • Send notification email to user.
  • Mark device noncompliant immediately.
  • Provide a grace period (e.g., 3 days).
  • Integrate with Conditional Access to block access.

6. Assign the Policy

• Add Azure AD groups:
  • All Devices
  • All Users
  • Department-specific groups

7. Review and Create

• Review settings.
• Click Create.

8. Monitor Compliance

• Navigate: Devices > Monitor > Device compliance.
• View compliance status of devices.

Notes

• Compliance policies do not block access by themselves.
• Use with Conditional Access policies in Azure AD to enforce compliance.
• Multiple compliance policies can apply to the same platform.