The following subjects link to dedicated articles for different aspects of device configuration policy.Īctions for noncompliance - Each device compliance policy includes one or more actions for noncompliance. Different device platforms support different settings, and each platform type requires a separate policy. The available settings you can specify in a device compliance policy depend on the platform type you select when you create a policy. If you use Conditional Access, your Conditional Access policies can use your device compliance results to block access to resources from noncompliant devices. Using device groups in this scenario helps with compliance reporting. When a compliance policy is deployed to a user, all the user's devices are checked for compliance. Deploy to users in user groups or devices in device groups. Examples of actions include being remotely locked, or sending a device user email about the device status so they can fix it. Support actions that apply to devices that don’t meet your compliance rules.Examples of rules include requiring devices run a minimum OS version, not being jail-broken or rooted, and being at or under a threat level as specified by threat management software you’ve integrated with Intune. Define the rules and settings that users and managed devices must meet to be compliant.For more information about this and related compliance status views, see Monitor device compliance. This setting has a name of Is active in the Setting column. Sign in to Microsoft Intune admin center and go to Devices > Monitor > Setting compliance. You can view details about a devices compliance to the validity period setting. You can configure a period from 1 to 120 days. If a device fails to report its compliance status for a policy before the validity period expires, the device is treated as noncompliant.īy default, the period is set to 30 days. Specify a period in which devices must successfully report on all their received compliance policies. If an end user isn't compliant because a policy isn't assigned to them, then the Company Portal app shows No compliance policies have been assigned. If you use Conditional Access with your device compliance policies, change this setting to Not compliant to ensure that only devices that are confirmed as compliant can access your resources. Devices that haven’t received a device compliance policy are considered noncompliant. Not compliant: This security feature is on.Devices that aren’t sent a device compliance policy are considered compliant. Compliant ( default): This security feature is off.This setting determines how Intune treats devices that haven't been assigned a device compliance policy. Mark devices with no compliance policy assigned as To manage the compliance policy settings, sign in to Microsoft Intune admin center and go to Endpoint security > Device compliance > Compliance policy settings.Ĭompliance policy settings include the following settings: These settings are distinct from the settings you configure in a device compliance policy. Compliance policy settingsĬompliance policy settings are tenant-wide settings that determine how Intune’s compliance service interacts with your devices. Like other Intune policies, compliance policy evaluations for a device depend on when the device checks-in with Intune, and policy and profile refresh cycles. Devices must meet these rules to be considered compliant. These rules define requirements for devices, like minimum operating systems or the use of disk encryption. Compliance policy settings set a baseline for how compliance policy works in your Intune environment, including whether devices that haven’t received any device compliance policies are compliant or noncompliant.ĭevice compliance policy – Platform-specific rules you configure and deploy to groups of users or devices. There are two parts to compliance policies in Intune:Ĭompliance policy settings – Tenant-wide settings that are like a built-in compliance policy that every device receives. To learn more about conflict resolution for policies, see Compliance and device configuration policies that conflict. Can override the configuration of settings that you also manage through device configuration policies.Can be combined with Conditional Access, which can then block users and devices that don't meet the rules.Actions for noncompliance can alert users to the conditions of noncompliance and safeguard data on noncompliant devices. Include actions that apply to devices that are noncompliant.Define the rules and settings that users and devices must meet to be compliant.In Intune, this feature is called compliance policies. Mobile device management (MDM) solutions like Intune can help protect organizational data by requiring users and devices to meet some requirements.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |