How to Setup Intune Compliance Policy for Windows 10 Devices

This post will help you to plan and design Intune compliance policies for Windows devices.

0

In this post, we will see how to setup Intune Compliance Policy for Windows 10. Managing Windows 10 devices are very critical in modern device management. Intune compliance policies are the first step of the protection before providing access to corporate applications. Intune Compliance Policy for Windows 10 is to help to protect company data; the organization needs to make sure that the devices used to access company apps and data comply with certain rules. These rules might include using a password/PIN to access devices and encrypting data stored on devices. These set of such rules is called a compliance policy. The best option is to use compliance policy with Azure AD Conditional Access.

Checkout the Video tutorial to setup Intune compliance policies for Windows 10 – here

  • Intune Compliance policy setup for Android Devices here
  • Intune Compliance policy setup for iOS Devices here 

How to setup Intune Compliance Policy for Windows 10 in the Azure portal?

1.  Sign in to the Azure portal with an account that has Intune admin access.
2.  Select More services, enter Intune in the text box, and then select Enter.
3. Select IntuneDevice ComplianceCompliancePolicies –  and Click on +Create policy button to create new compliance policy and select platform as “Windows 10”.How to Setup Intune Compliance Policy for Windows 10 Devices 1
4. Settings configurations are really important for compliance policy. There are some improvements in Azure portal Windows 10 compliance policies. There are 3 categories in Windows 10 compliance policies, and those are Device Health, Device Properties, and System Security.
5. Device Health is the setting where compliance engine will check whether Windows 10 devices to be reported as healthy by Windows device Health Attestation Service (HAS). Device health attestation service has loads of checks included like TPM 2.0 (for the latest build of Windows 10 the requirement is TPM 1.0), BitLocker encryption, etc..How to Setup Intune Compliance Policy for Windows 10 Devices 2
6. Device Properties is the setting where Intune Admins define the minimum and the maximum versions of operating system details for the corporate application access.
Operating System Version
Minimum OS version
Maximum OS version
Minimum OS version for mobile devices
Maximum OS version for mobile devices
7.  System Security is the setting where Intune Admins define password policies for the Windows devices. There are 2 sections in these settings- Password and Encryption.
Password Policy – We don’t need to set Windows password policy here if you are already using “Windows Hello for Business.”
How to Setup Intune Compliance Policy for Windows 10 Devices 3
Require a password to unlock mobile devices
Simple passwords
Password type
Device defaultDevice defaultAlphanumericNumeric
Minimum password length
Maximum minutes of inactivity before password is required
Password expiration (days)
Number of previous passwords to prevent reuse
Require password when device returns from idle state (mobile only)

Encryption – If you have enabled HAS in the above policy you don’t need to enable this encryption policy.

Encryption of data storage on a device.

8. Deploy Windows 10 compliance to All Windows devices dynamic device group

(Update Device Groups are not supported for Compliance policies – hence use user groups for Intune compliance policies)

Click on Assignment and select the dynamic device group. I would use AAD dynamic device groups to deploy compliance policies rather than AAD user groups.

How to Setup Intune Compliance Policy for Windows 10 Devices 4
Reference :-
What is device compliance in Intune Azure preview – here

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.