- Microsoft 365 Mobility and Security:Exam Guide MS-101
- Nate Chamberlain
- 479字
- 2021-06-24 12:06:28
Creating a compliance policy
Now that you understand some of the policy options, follow these steps to create your first policy:
- Go to Intune (go to devicemanagement.microsoft.com or portal.azure.com and search for Intune).
- Click on Device compliance in the left-hand pane.
- Under Manage, select Policies.
- Select + Create Policy:
- Name and describe the policy and select the particular platform this policy will apply to:
- Select Configure to begin adjusting the platform-specific settings that are available. These indicate whether a device is compliant for your organization. Each platform will differ in terms of the available options:
- In this example, we'll select System Security so that we can have a minimum password length of 12 characters for our Windows 10 devices:
- When finished, click OK until you're back in the Create Policy pane, as shown in step 5.
- Now, click on Actions for noncompliance to choose what happens when a device does not meet the requirements you've just configured. By default, the device is marked as noncompliant. You can add additional actions and set them to take effect after a certain duration if you wish:
- Click OK until you're back to just the Create Policy pane again. If you wish to configure Scope (Tags), you may. Otherwise, click Create:
- Once created, you'll be presented with a monitoring page for the new policy, along with a reminder that you need to assign the policy to a group (or multiple groups) before it can take effect. Click Assignments:
- Select the user or device group(s) to be subjected to this new device compliance policy. You can assign it to all groups except certain groups by using the Exclude option; otherwise, use the Include option to target specific groups:
- Click Save when you're finished.
- If you need to modify the policy later, repeat steps 1-3 and then select the policy you wish to modify.
- Click on Properties. Here, you'll be presented with the configuration options for the policy, just like in step 5:
After selecting a policy from Device compliance, you'll be able to view the reports of devices and the users who are subject to the policy and its current status.
- You can check additional reports, such as Device compliance, under the Monitor heading at any time to get a snapshot of your overall compliance:
Mobile device compliance in Intune does not allow or restrict access unless you use Azure AD's conditional access function. Without conditional access, mobile device compliance still provides you with some functionality, such as remote locking, running the reports of non-compliant managed devices (jailbroken systems, unencrypted systems, old operating systems, and so on), and emailing users with reminders to make their device(s) compliant.
Now, we have our first compliance policy. In the next section, we'll explore how conditional access policies in Azure AD complement the compliance policy you configured in Intune.