
close
close
In this article, I’m going to show you how to create a compliance policy in Intune, Microsoft’s Mobile Device Management (MDM) solution, that restricts access to resources to cloud managed and compliant devices only.
Even if your devices are registered or joined to Azure Active Directory (AD), there are still risks that could lead to compromised devices gaining access to your Microsoft 365 tenant’s resources. Hence, it’s necessary to control which types of devices are allowed to access your resources and under what conditions they are permitted to connect. Here’s a high-level overview of the entire process:
advertisment
The first step to create a policy for each device platform in the Endpoint Manager portal. For example, Android devices and/or Windows devices. You choose which controls will be enforced in the policy. For instance, you could opt to block rooted Android devices. Next, define the actions for non-compliance and assign the policy to users. And then, create a template for email notifications, informing users that their device has been blocked. Finally, you specify remediation actions for non-compliant devices.
Let’s take a brief look at some examples of compliance policies that an admin may want to configure in the Endpoint Manager portal. Here you will create a new compliance policy to handle personally owned Android devices.
Create a new compliance policy in Microsoft Intune
2. The next step is to configure the settings that will determine whether a device is allowed to connect.
advertisment
Choose the settings that determine whether a device is allowed to connect.
You can define various controls here and we will look at a few of them:
Under Device security there are more settings like ‘Block apps from unknown sources’ and ‘Company portal app integrity check’, which can also be configured.
Now you must decide what to do with non-compliant devices. You can view the basic actions configured in the screenshot here.
Choose the actions for non-compliant devices.
Next, assign this policy to users or groups.
advertisment
Assign the compliance policy to users.
On the final page you can review your selections and then create the policy. Likewise, you can create policies for iOS devices and for Windows or Mac OS.
It’s important to educate end users whenever their devices fail to meet the compliance standards. This can be done by sending emails to users. Here, we will see how you can create a template for such events.
Create a new email notification template.
2. On the next tab, create a template.
Design your email notification template.
3. And on the final page, review the settings and click Create to have email notifications enabled.
In the next section, you will learn how to use this template to send emails.
You have already seen how to create a remediation action while creating new compliance policies in Intune. You may even add more actions to those as seen here. As per the policy we created in this tenant, a non-compliant device owner gets a maximum of 10 days before the device is retired. They will receive an email alerting them as soon as their device becomes non-compliant. The device will also be marked as noncompliant right away. A push notification is sent to the user a week after this event.
Here, we also decide to send emails to owners of non-compliant devices using the template created in the previous section.
Choose the actions for non-compliant devices.
And that is it! Now you have a policy to control which devices can access your Microsoft 365 tenant.
More from Vignesh Mudliar
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Security
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Microsoft's New Security Experts Service Protects Businesses Against Ransomware Attacks
May 9, 2022 | Rabia Noureen
Microsoft, Google, and Apple to Expand Passwordless Login Across All Major Platforms
May 5, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group