How to Setup Intune Compliance Policy for iOS Devices | Microsoft Endpoint Manager | MEMCM? In this post, we will see how to set up Intune Compliance Policy for iOS. Intune Compliance Policy for iOS devices to help to protect company data. The organization needs to ensure that the devices used to access company apps and data comply with certain rules.
These rules might include using a password/PIN to access devices and encrypting data stored on devices. This set of such rules is called a compliance policy. The best option is to use a compliance policy with Azure AD Conditional Access.
Video Tutorial to setup Intune Compliance Policy for iOS
Video tutorial How to Setup Intune Compliance Policy for iOS Devices | Microsoft Endpoint Manager | MEMCM?
- Intune Compliance policy setup for Windows 10 Devices here
- Intune Compliance policy setup for Android Devices here
How to setup Intune Compliance Policy for iOS?
Let’s see How to Setup Intune Compliance Policy for iOS Devices | Microsoft Endpoint Manager | MEMCM.
- Sign in to the Azure portal with an account that has Intune admin access.
- Select More services, enter Intune in the text box, and select Enter.
- Select Intune – Device Compliance – Compliance – Policies – and Click on the +Create policy button to create a new compliance policy and select the platform as “iOS”.
- Settings configurations are really important for compliance policy. There are some improvements in Azure portal iOS compliance policies in terms of password settings.
- There are 4 categories in iOS compliance policies those are Email, Device Health, Device Properties, and System Security.
- Email setting requires mobile devices to have a managed email profile to access corporate resources.
- The device Health setting will check whether the device is jailbroken or not. If the iOS device is Jailbroken, it won’t provide mail access to that device.
- The device Properties setting will check the OS version of the device and the minimum version of the iOS OS.
- System Security setting is basally on password settings. There are some improvements over Intune Silverlight portal here. We can have the option not to configure some of the settings like “Number of non-alphanumeric characters in password”. This was not possible with Intune Silverlight portal.
Require a password to unlock mobile devices.
Minimum password length
Number of non-alphanumeric characters in the password
Maximum minutes of inactivity before a password is required
Password expiration (days)
Number of previous passwords to prevent reuse
10. Deploy Intune Compliance Policy for iOS to All iOS devices dynamic device group. Click on Assignment and select the dynamic device group. I would use AAD dynamic device groups to deploy compliance policies rather than AAD user groups.
(Update Device Groups are not supported for Compliance policies – hence use user groups for Intune compliance policies)/ How to Setup Intune Compliance Policy for iOS Devices | Microsoft Endpoint Manager | MEMCM.
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…
5 thoughts on “How to Setup Intune Compliance Policy for iOS Devices | Microsoft Endpoint Manager | MEMCM”
i’m trying to set PIN on iOS Device with the simple password not permitted. Why the combination 307989 is considered too simple? thanks
It’s simple because it just has number so special characters.
Great writeup but should include images of the end user experience on the phone.
Thanks Anoop! Great articles.
I get “This Action is not allowed by your organisation” when trying to open a document attachment in Outlook for Android.
Check the event logs to get more details? Any group policy/security restriction in place?