This guide will provide background information on creating a compliance policy that will establish a minimum settings requirement for onboarded devices to meet unless they will not be allowed access to organizational resources.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: TBD
Domain: TBD
Modifies: TBD
Creating a Device Compliance Policy
- Navigate to the Compliance Policies – Intune portal, locate and select Create Policy. A pop-out will be generated where you will be able to specify an Operating System Platform scope, the Profile Type will be manually specified based on the OS selection and cannot be modified. Select Create to proceed.
- You will supply basic identification information such as the Name and Description for the policy. Select Next to proceed.
- Next you will see a list of all the configurable settings you can require an onboarded device to meet before it can access the organizational resources. These settings can vary from custom JSON scripts to simple device settings like passwords or drive encryption. Specify the security controls to meet your needs and select Next to proceed.
- Following setting configuration, you will decide how noncompliant devices are handled. This can range from just marking the device as noncompliant in Intune, sending an email to the end user notifying them that their device is no longer compliant, or adding the device to a retire list which will offboard the device from Intune management. It will be up to you to decide noncompliance device handling. Select Next to continue.
- You will be able to configure Group Assignments or Exclusion for the policy. Locate and select the Add groups action. A pop-up will be displayed where you will supply the name of the group in the provided search bar, make sure to select the Group from the list. If done correctly they will be generated in the Selected Items section, finalize the addition by clicking Select. Select Next to proceed to revisions.
- The review page will allow you to see all configured settings for the profile type creation process, if you detect a discrepancy at this stage make note of the section and select Previous to go back to make the necessary alterations before finalization. If everything checks out, select Create to publish the policy.
- Upon successful creation the overview page will be displayed for the new policy.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.