Compliance Policy Intune

Microsoft Endpoint Manager Compliance Policy

Microsoft Endpoint Manager: Compliance Policy

Download Presentation: Microsoft Endpoint Manager- Compliance Policy Intune

Mobile device management (MDM) solutions like Intune can help protect organizational data by requiring users and devices to meet some requirements. In Intune, this feature is called compliance policies.

Compliance policies in Intune:

  • Define the rules and settings that users and devices must meet to be compliant.
  • Include actions that apply to devices that are noncompliant. Actions for noncompliance can alert users to the conditions of noncompliance and safeguard data on noncompliant devices.
  • Can be combined with Conditional Access, which can then block users and devices that don’t meet the rules.

There are two parts to compliance policies in Intune:

  • Compliance policy settings – Tenant-wide settings that are like a built-in compliance policy that every device receives. Compliance policy settings set a baseline for how compliance policy works in your Intune environment, including whether devices that haven’t received any device compliance policies are compliant or noncompliant.
  • Device compliance policy – Platform-specific rules you configure and deploy to groups of users or devices. These rules define requirements for devices, like minimum operating systems or the use of disk encryption. Devices must meet these rules to be considered compliant.

Switch Compliance policy From SCCM to Intune

Conditional Access with Intune

When you use Conditional Access, you can configure your Conditional Access policies to use the results of your device compliance policies to determine which devices can access your organizational resources. This access control is in addition to and separate from the actions for noncompliance that you include in your device compliance policies.

When a device enrolls in Intune it registers in Azure AD. The compliance status for devices is reported to Azure AD. If your Conditional Access policies have Access controls set to Require device to be marked as compliant, Conditional access uses that compliance status to determine whether to grant or block access to email and other organization resources.

If you’ll use device compliance status with Conditional Access policies, review how your tenant has configured Mark devices with no compliance policy assigned as, which you manage under Compliance policy settings.

Microsoft 365 Compliance Manager

Microsoft Compliance Manager is a feature in the Microsoft 365 compliance center that helps you manage your organization’s compliance requirements with greater ease and convenience.

Microsoft Compliance Manager provides a comprehensive set of templates for creating assessments. These templates can help your organization comply with national, regional, and industry-specific requirements governing the collection and use of data.

Templates are added to Compliance Manager as new laws and regulations are enacted. Compliance Manager also updates its templates when the underlying laws or regulations change


Use compliance policies to set rules for devices you manage with Intune


Device Compliance settings for Windows 10/11 in Intune


Microsoft 365 Compliance Manager


Show More

Related Articles

Back to top button