COMPLIANCE POLICIES IN INTUNE
The course is part of this learning path
This course will provide you with a solid understanding of compliance policies and where they fit into Microsoft 365. You'll also have the chance to watch a guided demonstration showing you how to create a Compliance Policy in Microsoft Intune.
- Learn the basics of compliance policies in Microsoft 365
- Gain an understanding of Compliance Policy Settings and Device Compliance Policies
- Learn how to integrate compliance policies and conditional access
- Learn how to create a compliance policy in Endpoint Security within the Microsoft Endpoint Manager admin center
This quick-hitting course is intended for those who wish to learn about using Compliance Policies in Microsoft 365.
To get the most out of this course, it would be beneficial to have a basic understanding of compliance in general, as well as some basic experience using Microsoft 365.
Welcome to Device Compliance Policies.
Device compliance policies in Intune are used to define rules and settings that users and managed devices need to meet in order to be considered compliant. For example, organizations will often create device compliance policies to ensure that all managed devices run a minimum OS version, or that those devices not be jail-broken.
Organizations will also often use device compliance policies to define support actions that should apply to devices that don’t meet their defined compliance rules. For example, an organization might configure a policy with an action that remotely locks non-compliant devices. In such cases, the organization would typically also configure an action to send the non-compliant device user an email about the device’s non-compliant status so the user can fix it.
When you create a device compliance policy, what you’ll typically do is deploy it to all users within a user group, or to all devices in a device group. Deploying device compliance policies to users ensures that all devices associated with each user are checked for compliance. Device groups make compliance reporting easier.
Organizations that use Conditional Access in their environments can integrate device compliance with conditional access. Essentially, the defined Conditional Access policies can use the results of device compliance to prevent non-compliant devices from accessing corporate resources. This actually works really well. We’ll talk about it in a bit more detail later on.
Now, the settings that are available to you when defining a compliance policy will depend on the platform type that you choose when creating the policy. This makes sense, since different device platforms will inherently offer and support different settings. That being the case, it also stands to reason, that each platform type in your environment will require a separate policy. So, if you support Androids, iPhones, and Windows 10 devices, you’ll need at least 3 different policies.
Visit the URL that you see on your screen to review all the different settings that are available for all the different device platforms. I wouldn’t worry about memorizing these, but just understand that they can vary widely from platform to platform. This URL is also linked in the transcript of this lesson.
When you create a device compliance policy, you’ll need to complete 5 steps. You’ll need to complete the Basics section, a Compliance Settings section, Actions for Noncompliance, and then you’ll need to Define Assignments. Once you’ve done all this, you’ll Review and Create the policy.
In the basics section, you’ll need to provide a name for the policy and some other basic info for your policy. The compliance settings that you configure will essentially set the condition for determining whether a device is compliant with the policy or not. Actions for noncompliance does what it sounds like. It allows you to specify what happens when a device is found to be non-compliant. You use assignments to tell the policy which users or devices should receive the policy.
Once you’ve done all this fun work, you get to review your settings and then create the policy. We’ll walk through a quick demo later on, so you can see how this is all done.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.