Microsoft Intune Policies – Windows Compliance

Microsoft Intune Policies – Windows Compliance

In this next post focusing on Intune, we will talk about Compliance polices. These policies are fairly basic, and mainly focus on device security. I will present a best practices setup, but you should always define these in accordance with your company’s policy. Pay attention to the support OS when looking at these policies. Some things, especially for Windows x86 and x64, cannot be configured here.

To create a compliance policy, go to the Policies section of the Intune management webpage and click on “Compliance Policies”. Click New to create a new policy. You can give your policy a name and description.

System Security

All of the options for System Security revolve around passwords and encryption. The applicable operating systems will be shown once you enable the policy.


The first two settings should be left as the default. The only one you might consider changing is the minimum password length by making it more than four. Remember though that your users will have to type this in every time they unlock the device, and they likely will not have a keyboard. I prefer to have six, because I also allow the passwords to never expire (more on this in a minute). The simple password option here prevents users from using a password like 1234 or 1111. You cannot define the definition of simple password.


Next is some advanced password settings. Again, these are my preference. I prefer not to have the password expire, and to only require numeric passwords. This is why I set my minimum length to six characters. I allow them to never expire because we’re talking about physical access to the device. I can lock and wipe the device if needed, so I’m not concerned about password expiration. I do require six characters so that it’s more difficult to brute-force the device.


Next is encryption. You’ll notice that this is supported on everything but iOS, because iOS devices are encrypted by default. If you open the information tab, it says something to this affect. Basically, you just need a password to encrypt an iOS device. Also note that this setting will only apply if the device itself supports encryption.

Device Health


Finally, we have a setting that will not allow Intune to function on a jailbroken or rooted device, for obvious security reasons.

After you have configured your compliance policy, you can deploy it to your devices.

Compliance Policy Settings

There’s a button at the top of the Compliance Policies view that we need to talk about:


When you click the “Compliance policy settings” button, you get this:


This configures a global policy that says if a device does report a status in x days, the device is treated as noncompliant. The default is 30 days, which is probably a good number considering an Intune-managed device can communicate with only an Internet connection. You should configure this as it fits with your company.



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.