Microsoft Intune Policies – Windows Compliance

Microsoft Intune Policies – Windows Compliance

In this next post focusing on Intune, we will talk about Compliance polices. These policies are fairly basic, and mainly focus on device security. I will present a best practices setup, but you should always define these in accordance with your company’s policy. Pay attention to the support OS when looking at these policies. Some things, especially for Windows x86 and x64, cannot be configured here.

To create a compliance policy, go to the Policies section of the Intune management webpage and click on “Compliance Policies”. Click New to create a new policy. You can give your policy a name and description.

System Security

All of the options for System Security revolve around passwords and encryption. The applicable operating systems will be shown once you enable the policy.

1

The first two settings should be left as the default. The only one you might consider changing is the minimum password length by making it more than four. Remember though that your users will have to type this in every time they unlock the device, and they likely will not have a keyboard. I prefer to have six, because I also allow the passwords to never expire (more on this in a minute). The simple password option here prevents users from using a password like 1234 or 1111. You cannot define the definition of simple password.

2

Next is some advanced password settings. Again, these are my preference. I prefer not to have the password expire, and to only require numeric passwords. This is why I set my minimum length to six characters. I allow them to never expire because we’re talking about physical access to the device. I can lock and wipe the device if needed, so I’m not concerned about password expiration. I do require six characters so that it’s more difficult to brute-force the device.

3

Next is encryption. You’ll notice that this is supported on everything but iOS, because iOS devices are encrypted by default. If you open the information tab, it says something to this affect. Basically, you just need a password to encrypt an iOS device. Also note that this setting will only apply if the device itself supports encryption.

Device Health

4

Finally, we have a setting that will not allow Intune to function on a jailbroken or rooted device, for obvious security reasons.

After you have configured your compliance policy, you can deploy it to your devices.

Compliance Policy Settings

There’s a button at the top of the Compliance Policies view that we need to talk about:

5

When you click the “Compliance policy settings” button, you get this:

6

This configures a global policy that says if a device does report a status in x days, the device is treated as noncompliant. The default is 30 days, which is probably a good number considering an Intune-managed device can communicate with only an Internet connection. You should configure this as it fits with your company.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=