COMPLIANCE POLICIES IN INTUNE
The course is part of these learning paths
This course will provide you with a solid understanding of compliance policies and where they fit into Microsoft 365. You'll also have the chance to watch a guided demonstration showing you how to create a Compliance Policy in Microsoft Intune.
- Learn the basics of compliance policies in Microsoft 365
- Gain an understanding of Compliance Policy Settings and Device Compliance Policies
- Learn how to integrate compliance policies and conditional access
- Learn how to create a compliance policy in Endpoint Security within the Microsoft Endpoint Manager admin center
This quick-hitting course is intended for those who wish to learn about using Compliance Policies in Microsoft 365.
To get the most out of this course, it would be beneficial to have a basic understanding of compliance in general, as well as some basic experience using Microsoft 365.
Hello and welcome to Compliance Policies in InTune.
Microsoft InTune is a Mobile device management solution that is used to protect organizational data. Leveraging it allows you to require users and devices to meet certain requirements set forth by the organization. In Intune, compliance policies are used to accomplish this.
When you create a compliance policy, what you are doing is defining a set of rules and settings that users and devices must meet in order to be considered compliant. In addition to defining the rules and settings that users and devices must meet, you also specify actions that should apply to non-compliant devices. For example, you might specify an action that notifies a user that their device is non-compliant while protecting the data on the non-compliant device.
You can even combine compliance policies with Conditional Access in order to block non-compliant users and devices from accessing corporate resources. We’ll touch on this combination later on.
There are two parts to compliance policies in Intune. They include compliance policy settings and the device compliance policy.
Compliance policy settings are tenant-wide settings that every device receives – sort of like a built-in compliance policy. You use compliance policy settings to establish a set baseline for how compliance policy will function in your Intune environment. For example, you might configure a setting that governs the compliance status of a device that hasn’t yet received any compliance policies. Some companies may deem a device that hasn’t received a compliance policy to be non-compliant right out of the gate, while other companies might deem those same devices to be compliant – at least until a compliance policy is applied and determines the device is NOT compliant for some reason.
The second part I mentioned, Device compliance policy, consists of platform-specific rules that you define and then deploy to your users or devices. For example, you might use a device compliance policy to enforce minimum requirements for devices. You might want to specify a minimum operating system for your devices, or you might want to ensure all devices use disk encryption. If a device doesn’t meet these requirements, the device is considered to be non-compliant.
Compliance policy evaluations occur when devices check in with Intune. What happens is, Intune will notify a device to check in with the Intune service. When it checks in, it’s evaluated. If a non-compliant device becomes compliant, this is reflected. A device that’s currently compliant can also been deemed non-compliant if something changes since the last check-in.
If a device doesn't check in to get a policy after the first notification, Intune will try three more times. If a device is offline for some reason, it obviously won’t receive the notifications. When this happens, the offline device gets the policy during its next scheduled check-in with the Intune service.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.