Hello All – In this post, we will see a quick over of how to create an Intune compliance policy for Windows 10 devices. Also, we shall discuss the options of creating a custom Intune compliance policy.
Create Intune Compliance Policy for Windows 10 Devices
- Open Endpoint.microsoft.com with appropriate Intune RBAC access
- Navigate via Devices – Compliance Policies

- Click on policies – Create Policy

- Platform – Windows 10 or Later
- Click NEXT

- Enter Name and Description

Main Logic User Intune Compliance Policy for Windows 10
Device Health
- Device Health
- Windows Health Attestation Service evaluation rules Require BitLocker
- Require
- Not configured
- Require Secure Boot to be enabled on the device
- Require
- Not configured
- Require code integrity
- Windows Health Attestation Service evaluation rules Require BitLocker
Operating System Version
- Operating System Version
- Minimum OS version
- Maximum OS version
- Minimum OS version for mobile devices
- Maximum OS version for mobile devices
- The valid operating system builds
- Configuration Manager Compliance
- Require device compliance from Configuration Manager

System Security
- Password Require a password to unlock mobile devices.
- Require
- Not configured
- Simple passwords
- Block
- Not configured
- Minimum password length
- Password expiration (days)
- Number of previous passwords to prevent reuse
- Require a password when the device returns from the idle state (Mobile and Holographic)
- Require
- Not configured
- Encryption of data storage on the device.
- Require
- Not configured
- Device Security Firewall
- Require
- Not configured
- Trusted Platform Module (TPM)
- Require
- Not configured
- Antivirus
- Require
- Not configured
- Antispyware
- Require
- Not configured
- Defender Microsoft Defender Antimalware
- Require
- Not configured
- Microsoft Defender Antimalware minimum version
- Microsoft Defender Antimalware security intelligence up-to-date
- Require
- Not configured
- Real-time protection
- Require
- Not configured

Actions of Noncompliance Policy
- Actions for noncompliance
- Mark device noncompliance
- Retire the noncompliance
- Immideitly after 30 days
- The value must be at least 0. The value must be at most 365. The value must not be empty. The minimum number of days for retire action in 30 days (Intune Compliance Policy for Windows 10)
- Mark device noncompliance

Scope Tags
- Select Scope Tags –
- Click NEXT to continue

Assignments – Target
- Select AAD User Groups to deploy compliance policies
- Click on NEXT

Create
- Click on Create to complete Intune Compliance Policy for Win 10

Custom Compliance Policy
We recently got a question in the HTMD Community forum third-part compliance check is possible with Intune or not. More details – https://forum.howtomanagedevices.com/endpointmanager/intune/third-party-compliance-check/