Step-by-Step Guide to Create a Device Compliance Policy

Prerequisites

1. Microsoft Intune Subscription: Ensure you have an active Intune subscription.
2. Administrative Access: You need to have the appropriate administrative permissions in Intune.

Steps to Create a Device Compliance Policy

1. Sign in to the Microsoft Endpoint Manager Admin Center

   • Open your browser and go to the Microsoft Endpoint Manager admin center.
   • Sign in with your admin credentials.

2. Navigate to Device Compliance Policies

   • In the left-hand pane, select Devices.
   • Under Policy, select Compliance policies.
   • Click on Create Policy.

3. Select Platform

   • Choose the platform for which you want to create the compliance policy (e.g., Windows 10 and later, iOS/iPadOS, Android).
   • Click Create.

4. Configure Policy Settings

   • Enter a Name and an optional Description for the policy.
   • Click Next.

5. Define Compliance Rules

   • Configure settings under each category (e.g., Device Health, Device Properties, System Security, etc.). Common settings include:
     • Password Requirements: Enforce password policies like minimum length, complexity, and expiration.
     • Device Health: Require devices to be free from malware and have encryption enabled.
     • Operating System Version: Specify minimum and maximum OS versions allowed.
     • System Security: Require features like BitLocker for Windows devices or FileVault for macOS.

6. Actions for Noncompliance

   • Specify the actions to be taken if a device is found noncompliant. Common actions include:
     • Sending an email to the user.
     • Marking the device as noncompliant.
     • Remotely locking the device.
   • Click Next.

7. Assign the Policy

   • Select Assignments to specify which users or groups the policy applies to.
   • You can choose to include or exclude specific groups.
   • Click Next.

8. Review and Create

   • Review the settings you have configured.
   • Click Create to finalize and deploy the policy.