Compliance Policy Creation

This guide will provide background information on creating a compliance policy that will establish a minimum settings requirement for onboarded devices to meet unless they will not be allowed access to organizational resources.

Compliance Policies

Compliance Policies help protect organizational data by requiring users and devices to meet some minimum requirements prior to being allowed access to organizational resources.

Compliance Policies define:

• The rules and settings that users and managed devices must meet to be compliant. Examples of rules include requiring devices run a minimum OS version, or devices are not allowed to be jail-broken or rooted.
• The actions that apply to devices that don’t meet your compliance rules. Examples of actions include being remotely locked or sending a device user email about the device status so they can fix it.

If you use Conditional Access, your Conditional Access policies can use your device compliance results to block access to resources from noncompliant devices.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.Security

Handbook Reference

Package: TBD

Domain: TBD

Modifies: TBD

Creating a Device Compliance Policy 

1. Navigate to the Compliance Policies – Intune portal, locate and select Create Policy. A pop-out will be generated where you will be able to specify an Operating System Platform scope, the Profile Type will be manually specified based on the OS selection and cannot be modified. Select Create to proceed.
   
2. You will supply basic identification information such as the Name and Description for the policy. Select Next to proceed.
   
3. Next you will see a list of all the configurable settings you can require an onboarded device to meet before it can access the organizational resources. These settings can vary from custom JSON scripts to simple device settings like passwords or drive encryption. Specify the security controls to meet your needs and select Next to proceed.
   
4. Following setting configuration, you will decide how noncompliant devices are handled. This can range from just marking the device as noncompliant in Intune, sending an email to the end user notifying them that their device is no longer compliant, or adding the device to a retire list which will offboard the device from Intune management. It will be up to you to decide noncompliance device handling. Select Next to continue.
   
5. You will be able to configure Group Assignments or Exclusion for the policy. Locate and select the Add groups action. A pop-up will be displayed where you will supply the name of the group in the provided search bar, make sure to select the Group from the list. If done correctly they will be generated in the Selected Items section, finalize the addition by clicking Select. Select Next to proceed to revisions.
   
6. The review page will allow you to see all configured settings for the profile type creation process, if you detect a discrepancy at this stage make note of the section and select Previous to go back to make the necessary alterations before finalization. If everything checks out, select Create to publish the policy.
   
7. Upon successful creation the overview page will be displayed for the new policy.
   

Need Assistance?