Create an Intune Compliance Policy for Windows 10 Devices Possible to Create Custom Intune Compliance Policy

Intune Compliance Policy for Windows 10

Hello All – In this post, we will see a quick over of how to create an Intune compliance policy for Windows 10 devices. Also, we shall discuss the options of creating a custom Intune compliance policy.

Create Intune Compliance Policy for Windows 10 Devices

  • Click on policies – Create Policy
  • Platform – Windows 10 or Later
  • Click NEXT
Intune Compliance Policy for Windows 10
Intune Compliance Policy for Windows 10
  • Enter Name and Description

Main Logic User Intune Compliance Policy for Windows 10

Device Health

  • Device Health
    • Windows Health Attestation Service evaluation rules Require BitLocker
      • Require
      • Not configured
    • Require Secure Boot to be enabled on the device
      • Require
      • Not configured
    • Require code integrity

Operating System Version

  • Operating System Version
    • Minimum OS version
    • Maximum OS version
    • Minimum OS version for mobile devices
    • Maximum OS version for mobile devices
    • The valid operating system builds
  • Configuration Manager Compliance
    • Require device compliance from Configuration Manager

System Security

  • Password Require a password to unlock mobile devices.
    • Require
    • Not configured
  • Simple passwords
    • Block
    • Not configured
  • Minimum password length
  • Password expiration (days)
  • Number of previous passwords to prevent reuse
  • Require a password when the device returns from the idle state (Mobile and Holographic)
    • Require
    • Not configured
  • Encryption of data storage on the device.
    • Require
    • Not configured
  • Device Security Firewall
    • Require
    • Not configured
  • Trusted Platform Module (TPM)
    • Require
    • Not configured
  • Antivirus
    • Require
    • Not configured
  • Antispyware
    • Require
    • Not configured
  • Defender Microsoft Defender Antimalware
    • Require
    • Not configured
  • Microsoft Defender Antimalware minimum version
  • Microsoft Defender Antimalware security intelligence up-to-date
    • Require
    • Not configured
  • Real-time protection
    • Require
    • Not configured
Select the required policies and click on NEXT button - Intune Compliance Policy for Windows 10
Select the required policies and click on NEXT button – Intune Compliance Policy for Windows 10

Actions of Noncompliance Policy

  • Actions for noncompliance
    • Mark device noncompliance
      • Retire the noncompliance
      • Immideitly after 30 days
    • The value must be at least 0. The value must be at most 365. The value must not be empty. The minimum number of days for retire action in 30 days (Intune Compliance Policy for Windows 10)
Actions for noncompliance devices - Intune Compliance Policy for Windows 10
Actions for noncompliance devices – Intune Compliance Policy for Windows 10

Scope Tags

  • Select Scope Tags –
  • Click NEXT to continue
+ Select Scope Tags - Intune Compliance Policy for Windows 10
+ Select Scope Tags – Intune Compliance Policy for Windows 10

Assignments – Target

  • Select AAD User Groups to deploy compliance policies
  • Click on NEXT
Assignment - Intune Compliance Policy for Windows 10
Assignment – Select Azure AD User Group – Intune Compliance Policy for Windows 10

Create

  • Click on Create to complete Intune Compliance Policy for Win 10
Create Compliance policy
Create Compliance policy

Custom Compliance Policy

We recently got a question in the HTMD Community forum third-part compliance check is possible with Intune or not. More details – https://forum.howtomanagedevices.com/endpointmanager/intune/third-party-compliance-check/

Resources

Leave a Comment

Your email address will not be published. Required fields are marked *