Send Notifications for Noncompliant Devices in Intune

Let’s check how you can configure and send Notifications for Noncompliant Devices in Intune. In this post, you will also learn how to create notifications in Intune Admin portal for Noncompliant Devices.

Compliance policy configuration is an important design decision while managing devices with Intune. Intune compliance policies are the first step of the protection before providing access to corporate applications, along with Conditional Access policies.

By default, when Intune detects a device that isn’t compliant, Intune immediately marks the device as noncompliant. Azure AD Conditional Access then blocks the device. When a device isn’t compliant, Intune allows you to add actions for noncompliance, which gives you the flexibility to decide what to do

Intune Compliance Policy for device help to protect company data; the organization needs to make sure that the devices used to access company apps and data comply with certain rules. The default compliance policy rules include password/PIN, Encryption, and more.

Patch My PC

Starting with Intune Service release 2209, IT admins can create a custom message and include information in the notification about how to report an unrecognized device. Intune delivers enrollment notifications via email or push notifications, Configure Device Enrollment Notifications In Intune.

Send Notifications for Noncompliant Devices in Intune

The following steps provide you with details on how to create notifications for Noncompliant devices in Intune. To create an enrollment notification, you must be a Global Administrator or Intune Administrator.

  • Sign in to the Microsoft Intune admin center https://endpoint.microsoft.com/
  • Select Endpoint security > Device compliance > Notifications > Create notification.
Configure Notifications for Noncompliant Devices in Intune Fig.1
Configure Notifications for Noncompliant Devices in Intune Fig.1

In Basics, configure the appropriate Name for the notification and provide the following settings and click Next to proceed.

  • Email header – Include company logo (default = Enable) – The logo you upload as part of the Company Portal branding is used for email templates.
  • Email footer – Include company name (default = Enable)
  • Email footer – Include contact information (default = Enable)
  • Company Portal Website Link (default = Disable) – When set to Enable, the email includes a link to the Company Portal website.
Configure Notifications for Noncompliant Devices in Intune Fig.2
Configure Notifications for Noncompliant Devices in Intune Fig.2

On the Notification message templates page, configure one or more messages. Before continuing, you must select the checkbox for Is Default for one of the messages. For each message, specify the following details:

Adaptiva
  • Locale
  • Subject – The maximum number of characters for the Subject is 78.
  • Message body text – The maximum number of characters for the message body text is 2000.
Configure Notifications for Noncompliant Devices in Intune Fig.3
Configure Notifications for Noncompliant Devices in Intune Fig.3

Scope tags are filtering options provided in Intune to ease the admin jobs. In the scope tag section, you will get an option to configure scope tags for the rules. Click on Next.

Configure Notifications for Noncompliant Devices in Intune Fig.4
Configure Notifications for Noncompliant Devices in Intune Fig.4

Under Review + create, review your configurations to ensure the notification message template is ready to use. Select Create to complete the creation of the notification.

A notification will appear automatically in the top right-hand corner with a message. You can see that the Notification message template successfully created. The template is displayed in the list of Compliance policies Notifications.

Configure Notifications for Noncompliant Devices in Intune Fig.5
Configure Notifications for Noncompliant Devices in Intune Fig.5

You can start creating compliance policies from the Intune admin center portal. The Devices Node and from the Endpoint Security node. The following steps will Create Intune Compliance Policy for Windows.

After you have created a noncompliance policy, you can set an action to take place with the device is out of compliance. Select your Windows compliance policy from the list.

In the Windows compliance policy overview pane, select Properties. Next to the Action for noncompliance section, click Edit.

This section of the compliance policy settings for Windows devices and Cloud PC + Azure Virtual Desktop persistent single session devices. The default value I put in is 1 day, but you can change it to 4 hours or 5 days as per your requirement.

Configure Notifications for Noncompliant Devices in Intune Fig.6
Configure Notifications for Noncompliant Devices in Intune Fig.6

In the Action drop-down box, select Send email to end users. In the Schedule (days after noncompliance drop-down box, select 0. Under Message template, click None selected to display the Notification message templates pane.

Click the template you created earlier in this topic, and then click Select to select the message template. Click Review + save to save your compliance policy.

Configure Notifications for Noncompliant Devices in Intune Fig.7
Configure Notifications for Noncompliant Devices in Intune Fig.7

The following blog will help you make it more flexible using MS Graph and PS script. We already have a blog post from Mark Thomas to guide you through quickly enforcing the Intune compliance policy rules on Windows Devices, including Cloud PCs and AVDs.

Author

About Author – JiteshMicrosoft MVP, has over five years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.