Device Compliance Policy Creation Procedure

This admin procedure will provide background information on creating a compliance policy that will establish a minimum settings requirement for onboarded devices to meet unless they will not be allowed access to organizational resources.

This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.

Compliance Policies

Compliance Policies help protect organizational data by requiring users and devices to meet some minimum requirements prior to being allowed access to organizational resources.

Compliance Policies define:

  • The rules and settings that users and managed devices must meet to be compliant. Examples of rules include requiring devices run a minimum OS version, or devices are not allowed to be jail-broken or rooted.
  • The actions that apply to devices that don’t meet your compliance rules. Examples of actions include being remotely locked, or sending a device user email about the device status so they can fix it.

If you use Conditional Access, your Conditional Access policies can use your device compliance results to block access to resources from noncompliant devices.


Procedure Scope: Administrators

Required Group Membership: Admin.DeviceCompliance


 Creating Device Compliance Policies 

  1. Navigate to Compliance Policies – Intune, select Create Policy. You will be asked to select an OS platform you wish to create the policy for. Select Create to proceed.
  2. A redirect will occur to a window where you will be able to supply a name and description for the policy you are creating, the naming convention and description will be situational to what is being procured. Select Next to continue.
  3. Next you will see a list of all the configurable settings you can require an onboarded device to meet before it can access the organizational resources. These settings can vary from custom JSON scripts to simple device settings like passwords or drive encryption. Specify the security controls to meet your needs and select Next to proceed.
  4. Following setting configuration, you will decide how noncompliant devices are handled. This can range from just marking the device as noncompliant in Intune, sending an email to the end user notifying them that their device is no longer compliant, or adding the device to a retire list which will offboard the device from Intune management. It will be up to you to decide noncompliance device handling. Select Next to continue.
  5. You will now be able to assignments or exclusions for the policy, the scope can be applied to all onboarded devices, all AD registered users, or specific groups. Select Next to proceed to revisions.
  6. The final step is to review the settings configured for the policy, if there is a discrepancy in the policy make note of which section it is in and proceed back to the item using the Previous button. If all settings are right, select Create to finalize the policy creation process.
  7. Upon successful creation the new compliance policy will be generated on the list.

You're Finished!

You should have successfully created a new device compliance policy that will require the onboarded devices for the specified platform to meet a baseline settings configuration prior to being allowed access to organizational resources. For any other problems or questions, reach out to us!