Device policies

  • Last update on November 11th, 2024

The remediation action for Device management policies is NOT available in the Essentials solution.

 

These policies are designed to enhance Intune management and security.

The list below provides an overview of the Device management out-of-the-box policies, what type of remediation action they are set to execute, and which remediation settings you can configure.


Intune devices not compliant with compliance policies

Show more

Description

This policy identifies devices that are not compliant with specific compliance policies within the organization.

It displays the device display name, instance, UPN associated with the device, policy category, email address of the user, managed device ID, the name of the policy that the device is violating, the current status of non-compliance for that policy, and the date when the policy violation occurred. 

This tool assists administrators in monitoring and enforcing policy adherence across devices used within the company's network or infrastructure.

Impact on your tenant

This policy will flag devices that fail to meet your organisation's required security and compliance standards. Users on these devices may face access restrictions to certain resources or applications until compliance is achieved. It aims to enhance security but may temporarily inconvenience users as they work to resolve compliance issues.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 
 

Intune devices not compliant with configuration policies

Show more

Description

This policy identifies devices that are not compliant with configuration policies set within the organization. 

It displays the device name, device display name, email address associated with the device user, the specific policy ID that the device violates, the name of the policy, the current non-compliant status of the device for that policy, and any additional settings or details related to the policy violation. 

This tool enables administrators to monitor and enforce configuration policy compliance across devices connected to the company's network or systems.

Impact on your tenant

This policy will flag devices that fail to meet the required security and configuration standards set by your organization. Users on these devices may face access restrictions to certain resources or applications until compliance is achieved. It aims to enhance security but may temporarily inconvenience users as they work to resolve compliance issues.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 
 

Intune devices with encryption status in error

Show more

Description

This policy is designed to identify devices that are experiencing errors with their encryption status. 

It lists the device ID, device display name, the email address associated with the device user, the policy category related to encryption, the name of the encryption policy, and the current policy status showing an error.

Additionally, it provides the date when the encryption error occurred, the profile source detailing where the encryption policy is sourced from, and any relevant settings or names linked to the encryption issue.

Impact on your tenant

This policy targets devices that have encountered issues with encryption policies, potentially leaving sensitive data vulnerable. Ensuring encryption compliance is crucial for data security but may require user intervention to resolve errors.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 
 

Intune devices with pending actions

Show more

Description

This policy is designed to identify devices that are experiencing errors with their encryption status.

It lists the device ID, device display name, the email address associated with the device user, the policy category related to encryption, the name of the encryption policy, and the current policy status showing an error. 

Additionally, it provides the date when the encryption error occurred, the profile source detailing where the encryption policy is sourced from, and any relevant settings or names linked to the encryption issue. 

This tool enables IT administrators to quickly pinpoint and troubleshoot devices facing encryption problems, which is crucial for maintaining data security across the organization's device fleet.

Impact on your tenant

Users may experience delays or be prompted to complete these actions before proceeding with certain tasks. It ensures devices remain compliant and secure but may temporarily impact user experience until actions are resolved.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 
 

Intune devices without Intune sync

Show more

Description

This policy lists devices that are not currently syncing with the organization's Intune management system. 

It displays the device display name, the user's display name associated with the device, the device OS type, the user's principal name, the instance name, the last time the device successfully synced with Intune, the current device display status, and the device trust type indicating if it is a trusted or untrusted device. 

Additionally, it provides the approximate last sync time, whether the device is managed or unmanaged, the managed device owner if applicable, and the unique managed device ID. 

This tool allows IT admins to identify devices that may be out of sync with Intune policies, updates, or management, enabling them to take appropriate actions to bring those devices back into compliance.

Impact on your tenant

Intune devices without recent syncs may indicate outdated security policies or missing updates. Ensuring all devices are regularly synced helps maintain compliance and security.

Remediation action

Delete matched devices

What you can configure

  • Set the policy to target Intune devices without Intune sync in the previous 60 or 90 days.
  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
  • Enable/disable the email alert if the workflow fails