Professional Documents
Culture Documents
Get started
with use
device
compliance
policies,
overview of
Device status and
compliance severity
policies in levels, using
Microsoft the
brenduns brenduns dougeby
Intune - InGracePeriod
Azure | status,
Microsoft working with
Docs Conditional
Access, and
handling
devices
without an
assigned
policy.
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/protect/device-compliance-get-started.md 1/7
05/09/2023 21:04 IntuneDocs/intune/protect/device-compliance-get-started.md at main · MicrosoftDocs/IntuneDocs · GitHub
Intune
Many mobile device management (MDM) solutions help protect organizational data by
requiring users and devices to meet some requirements. In Intune, this feature is called
"compliance policies". Compliance policies define the rules and settings that users and
devices must meet to be compliant. When combined with Conditional Access,
administrators can block users and devices that don't meet the rules.
You can also use this feature to monitor the compliance status on devices in your
organization.
Important
Intune follows the device check-in schedule for all compliance evaluations on the
device. Policy and profile refresh cycles lists the estimated refresh times.
Conditional Access and common ways to use Conditional Access describe this
feature as it relates to Intune.
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/protect/device-compliance-get-started.md 2/7
05/09/2023 21:04 IntuneDocs/intune/protect/device-compliance-get-started.md at main · MicrosoftDocs/IntuneDocs · GitHub
For devices that comply to policy rules, you can give those devices access to email and
other organization resources. If the devices don't comply to policy rules, then they
don't get access to organization resources. This is Conditional Access.
Intune also includes a set of built-in compliance policy settings. The following built-in
policies get evaluated on all devices enrolled in Intune:
Mark devices with no compliance policy assigned as: This property has two
values:
Enhanced jailbreak detection: When enabled, this setting causes jailbroken device
status to happen more frequently on iOS/iPadOS devices. This setting only affects
devices that are targeted with a compliance policy that blocks jailbroken devices.
Enabling this property uses the device’s location services and may impact battery
usage. The user location data isn't stored by Intune and is only used to trigger
jailbreak detection more frequently in the background.
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/protect/device-compliance-get-started.md 3/7
05/09/2023 21:04 IntuneDocs/intune/protect/device-compliance-get-started.md at main · MicrosoftDocs/IntuneDocs · GitHub
Compliance status validity period (days): Enter the time period that devices report
the status for all received compliance policies. Devices that don't return the status
within this time period are treated as noncompliant. The default value is 30 days.
The minimum value is 1 day.
This setting shows as the Is active default compliance policy (Devices > Monitor >
Setting compliance). The background task for this policy runs once a day.
You can use these built-in policies to monitor these settings. Intune also refreshes or
checks for updates at different intervals, depending on the device platform. Common
questions, issues, and resolutions with device policies and profiles in Microsoft Intune is
a good resource.
Compliance reports are a great way to check the status of devices. Monitor compliance
policies includes some guidance.
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/protect/device-compliance-get-started.md 4/7
05/09/2023 21:04 IntuneDocs/intune/protect/device-compliance-get-started.md at main · MicrosoftDocs/IntuneDocs · GitHub
Device encryption
- iOS 8.0 and later: Remediated (by setting PIN)
- macOS 10.11 and later: Remediated (by setting PIN)
Email profile
- iOS 8.0 and later: Quarantined
- macOS 10.11 and later: Quarantined
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/protect/device-compliance-get-started.md 5/7
05/09/2023 21:04 IntuneDocs/intune/protect/device-compliance-get-started.md at main · MicrosoftDocs/IntuneDocs · GitHub
Maximum OS version
- iOS 8.0 and later: Quarantined
- macOS 10.11 and later: Quarantined
Windows health
- iOS 8.0 and later: Not applicable
attestation
- macOS 10.11 and later: Not applicable
Remediated: The device operating system enforces compliance. For example, the user
is forced to set a PIN.
Quarantined: The device operating system doesn't enforce compliance. For example,
Android and Android Enterprise devices don't force the user to encrypt the device.
When the device isn't compliant, the following actions take place:
Next steps
Create a policy and view the prerequisites.
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/protect/device-compliance-get-started.md 6/7
05/09/2023 21:04 IntuneDocs/intune/protect/device-compliance-get-started.md at main · MicrosoftDocs/IntuneDocs · GitHub
Android
Android Enterprise
iOS
macOS
Windows Holographic for Business
Windows Phone 8.1
Windows 8.1 and later
Windows 10 and later
Reference for policy entities has information about the Intune Data Warehouse
policy entities.
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/protect/device-compliance-get-started.md 7/7