Step 3. Set up compliance policies for devices with Intune

Enrolling devices to Intune gives you the ability to achieve even greater security and control of data in your environment. Step 2. Enroll devices to Intune details how to accomplish this using Intune. This article covers the next step, which is to configure device compliance policies.

Steps managing devices

You want to be sure devices that are accessing your apps and data meet minimum requirements. For example, they’re password or pin-protected and the operating system is up to date. Compliance policies are the way to define the requirements that devices must meet. MEM uses these compliance policies to mark a device as compliant or non-compliant. This binary status is passed to Azure AD which can use this status in conditional access rules to allow or prevent a device from accessing resources.

Configuring device compliance policies

This guidance is tightly coordinated with the recommended Zero Trust identity and device access policies.

This illustration highlights where the work of defining compliance policies fits into the overall Zero Trust recommended policy set.

Zero Trust identity and device access policies

In this illustration, defining device compliance policies is a dependency for achieving the recommended level of protection within the Zero Trust framework.

To configure device compliance policies, use the recommended guidance and settings prescribed in Zero Trust identity and device access policies. The table below links directly to the instructions for configuring these policies in Intune, including the recommended settings for each platform.

Policies More information Licensing
Define device compliance policies One policy for each platform Microsoft 365 E3 or E5

Next steps

Go to Step 4. Require healthy and compliant devices for instructions on how to create the conditional access rule in Azure AD.