Hi Ritesh,
There are two parts to compliance policies in Intune:
- Compliance policy settings – Tenant-wide settings that are like a built-in compliance policy that every device receives. Compliance policy settings set a baseline for how compliance policy works in your Intune environment, including whether devices that haven’t received any device compliance policies are compliant or noncompliant.
- Device compliance policy – Platform-specific rules you configure and deploy to groups of users or devices. These rules define requirements for devices, like minimum operating systems or the use of disk encryption. Devices must meet these rules to be considered compliant.
Compliance policy settings include the following settings ([https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started#compliance-policy-settings):
- Mark devices with no compliance policy assigned as Compliant / Non-Compliant
- Enhanced jailbreak detection (applies only to iOS/iPadOS)
- Compliance status validity period (days)
Intune device compliance policies([https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started#device-compliance-policies):
- Define the rules and settings that users and managed devices must meet to be compliant. Examples of rules include requiring devices run a minimum OS version, not being jail-broken or rooted, and being at or under a threat level as specified by threat management software you’ve integrated with Intune.
- Support actions that apply to devices that don’t meet your compliance rules. Examples of actions include being remotely locked, or sending a device user email about the device status so they can fix it.
- Deploy to users in user groups or devices in device groups. When a compliance policy is deployed to a user, all the user's devices are checked for compliance. Using device groups in this scenario helps with compliance reporting.
If you use Conditional Access, your Conditional Access policies can use your device compliance results to block access to resources from noncompliant devices.
The available settings you can specify in a device compliance policy depend on the platform type you select when you create a policy. Different device platforms support different settings, and each platform type requires a separate policy.
Depending on the configuration of your compliance policies, the device will be marked as non-compliant. The compliance state is checked according to the following process ([https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned)
Intune notifies the device to check in with the Intune service. The notification times vary, including immediately up to a few hours. These notification times also vary between platforms.
If a device doesn't check in to get the policy or profile after the first notification, Intune makes three more attempts. An offline device, such as turned off, or not connected to a network, may not receive the notifications. In this case, the device gets the policy or profile on its next scheduled check-in with the Intune service. The same applies to checks for non-compliance, including devices that move from a compliant to a non-compliant state.
Estimated frequencies:
|
|
Platform |
Refresh Cycle |
iOS/iPadOS |
About every 8 hours |
macOS |
About every 8 hours |
Android |
About every 8 hours |
Windows 10/11 PCs enrolled as devices |
About every 8 hours |
Windows 8.1 |
About every 8 hours |
If devices recently enroll, then the compliance, non-compliance, and configuration check-in runs more frequently. The check-ins are estimated at:
|
|
Platform |
Frequency |
iOS/iPadOS |
Every 15 minutes for 1 hour, and then around every 8 hours |
macOS |
Every 15 minutes for 1 hour, and then around every 8 hours |
Android |
Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours |
Windows 10/11 PCs enrolled as devices |
Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours |
Windows 8.1 |
Every 5 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours |
At any time, users can open the Company Portal app, Devices > Check Status or Settings > Sync to immediately check for policy or profile updates.
I hope this helps