Ensure device compliance with Configuration Manager

Applies to: Configuration Manager (current branch)

Compliance settings in Configuration Manager gives you the tools and resources you need to manage the configuration and compliance of devices in your organization. This helps you support the following business requirements:

  • Compare the configuration of Windows PCs, Macs computers, servers, and mobile devices you manage against best practices configurations you create, or obtain from other vendors

  • Identify unauthorized device configurations

  • Report compliance with regulatory policies and in-house security policies

  • Identify security vulnerabilities

  • Provide the help desk with the information to detect probable causes of reported incidents and problems by identifying noncompliant configurations

  • Automatically remediate some noncompliant settings on mobile devices

  • Remediate noncompliance by deploying applications, packages and programs, or scripts to a collection that is automatically populated with devices that report that they are out of compliance

Get started

Learn the basics about compliance settings, and the tasks you can accomplish with them.

Get started with compliance settings

Plan and design

Before you start working with compliance settings, make sure you have implemented the necessary prerequisites that you'll find in this topic.

Plan for and configure compliance settings

Common tasks

In this section, you'll find some common scenarios that will help you learn to use compliance settings in Configuration Manager.

Common tasks for managing compliance

Remote connection profiles

This configuration item type allows you to configure your user's PCs to remotely connect to work computers when they are not connected to the domain or if their personal computers are connected over the Internet.

Create remote connection profiles

User data and profiles

This configuration item type contains settings that can manage folder redirection, offline files and roaming profiles on computers that run Windows 8 and later for users in your hierarchy.

Create user data and profiles configuration items

Windows edition upgrade policy

The edition upgrade policy lets you automatically upgrade Windows 10 devices to a newer version. You can specify a product key to upgrade Windows 10 desktop versions, or a license file that can be used to upgrade devices running Windows 10 Mobile and Windows 10 Holographic.

Upgrade Windows devices with the edition upgrade policy