087: Compliance policy

Overview

1. Compliance Settings:

   • Microsoft Defender for Endpoint: You can set a maximum allowed machine risk score for devices evaluated by Microsoft Defender for Endpoint. Devices exceeding this score are marked as noncompliant.
   • Device Health: Specify the maximum allowed device threat level evaluated by your mobile threat defense service. Devices exceeding this threat level are marked noncompliant.
   • System Security: Configure settings related to password rules, minimum or maximum OS versions, app restrictions, and more.

2. Benefits:

   • Security: Compliance policies help protect organizational resources by ensuring devices meet security standards.
   • Granularity: You can target policies at groups of devices, not users, allowing precise control.
   • Conditional Access: Compliant devices can access enterprise resources protected by Conditional Access policies.

3. Drawbacks:

   • Complexity: Setting up and managing policies requires understanding of Android Enterprise and Intune.
   • User Impact: Noncompliant devices may lose access to resources, affecting productivity.

Reference

• Android Enterprise compliance settings in Microsoft Intune. https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-android-for-work.