Welcome to Device Compliance Policies.

Device compliance policies in Intune are used to define rules and settings that users and managed devices need to meet in order to be considered compliant. For example, organizations will often create device compliance policies to ensure that all managed devices run a minimum OS version, or that those devices not be jail-broken.

Organizations will also often use device compliance policies to define support actions that should apply to devices that don’t meet their defined compliance rules. For example, an organization might configure a policy with an action that remotely locks non-compliant devices. In such cases, the organization would typically also configure an action to send the non-compliant device user an email about the device’s non-compliant status so the user can fix it.

When you create a device compliance policy, what you’ll typically do is deploy it to all users within a user group, or to all devices in a device group. Deploying device compliance policies to users ensures that all devices associated with each user are checked for compliance. Device groups make compliance reporting easier.

Organizations that use Conditional Access in their environments can integrate device compliance with conditional access. Essentially, the defined Conditional Access policies can use the results of device compliance to prevent non-compliant devices from accessing corporate resources. This actually works really well. We’ll talk about it in a bit more detail later on.

Now, the settings that are available to you when defining a compliance policy will depend on the platform type that you choose when creating the policy. This makes sense, since different device platforms will inherently offer and support different settings. That being the case, it also stands to reason, that each platform type in your environment will require a separate policy. So, if you support Androids, iPhones, and Windows 10 devices, you’ll need at least 3 different policies.

Visit the URL that you see on your screen to review all the different settings that are available for all the different device platforms. I wouldn’t worry about memorizing these, but just understand that they can vary widely from platform to platform. This URL is also linked in the transcript of this lesson.

When you create a device compliance policy, you’ll need to complete 5 steps. You’ll need to complete the Basics section, a Compliance Settings section, Actions for Noncompliance, and then you’ll need to Define Assignments. Once you’ve done all this, you’ll Review and Create the policy. 

In the basics section, you’ll need to provide a name for the policy and some other basic info for your policy. The compliance settings that you configure will essentially set the condition for determining whether a device is compliant with the policy or not. Actions for noncompliance does what it sounds like. It allows you to specify what happens when a device is found to be non-compliant. You use assignments to tell the policy which users or devices should receive the policy.

Once you’ve done all this fun work, you get to review your settings and then create the policy. We’ll walk through a quick demo later on, so you can see how this is all done.