Before creating a device compliance policy, ensure the following:
Microsoft Intune Subscription: You must have an active Intune subscription.
Administrative Access: You need appropriate admin permissions within Microsoft Intune to create and manage compliance policies.
Open your web browser and go to the Microsoft Endpoint Manager Admin Center.
Sign in using your administrator credentials.
In the left-hand navigation menu, select Devices.
Under Policy, choose Compliance policies.
Click Create Policy.
Choose the platform for which you want to create the policy, such as:
Windows 10 and later
iOS/iPadOS
Android
Click Create to proceed.
Enter a Name for your compliance policy.
Optionally, add a Description to explain its purpose.
Click Next.
Configure compliance settings under each available category, such as:
Password Requirements:
Enforce password complexity, minimum length, and expiration rules.
Device Health:
Require devices to be free of malware and ensure encryption is enabled.
Operating System Version:
Specify minimum and maximum OS versions allowed on managed devices.
System Security:
Require security features such as BitLocker (Windows) or FileVault (macOS).
Click Next once all compliance rules are defined.
Specify actions to take if a device becomes noncompliant. Common actions include:
Sending an email notification to the user.
Marking the device as noncompliant in Intune.
Remotely locking or restricting device access.
Click Next to continue.
Under Assignments, select the users or groups that the policy will apply to.
You can also include or exclude specific groups for targeted deployment.
Click Next.
Review all policy configurations for accuracy.
Click Create to finalize and deploy the compliance policy.
Once deployed, Intune will begin evaluating managed devices based on your defined compliance rules.
