Device EnrollmentDevice Compliance Policies

Device Compliance Policies

25 mins

Understanding the Concept

Device compliance policies define the security requirements that devices must meet to be considered compliant. Common compliance settings include: minimum OS version, password requirements, encryption enabled, device not jailbroken/rooted, threat level from Defender for Endpoint, and firewall status.

Compliance policies work with Conditional Access to enforce Zero Trust security. When a device doesn't meet compliance requirements, it's marked as non-compliant. Conditional Access policies can then block non-compliant devices from accessing corporate resources like Exchange Online, SharePoint, and Teams.

Compliance policy actions for non-compliance include: marking as non-compliant (immediate or after grace period), sending email notification to user, remotely locking the device, and retiring the device. Grace periods give users time to remediate before losing access.

Key Points

  • Compliance policies define minimum security requirements for devices
  • Settings: OS version, encryption, password, jailbreak detection, threat level
  • Non-compliant devices can be blocked via Conditional Access
  • Actions for non-compliance: notify, mark, lock, retire
  • Grace periods allow time for remediation before blocking access
  • Separate compliance policies needed for each platform

Compliance + Conditional Access Flow

Step 1

Policy

Define compliance requirements

Step 2

Evaluate

Devices checked against policy

Step 3

Status

Compliant or Non-compliant

Step 4

Access

CA grants or blocks resource access

Why This Matters in Real Organizations

Compliance policies are the foundation of Zero Trust security for endpoints. Without compliance enforcement, devices with outdated OS, no encryption, or active threats can access sensitive corporate data, creating significant security risks.

Common Mistakes to Avoid

Creating compliance policies without corresponding Conditional Access policies
Setting compliance requirements too strict, causing mass non-compliance
Not configuring grace periods, immediately blocking users
Forgetting to create platform-specific compliance policies

Interview Tips

  • Explain the relationship between compliance policies and Conditional Access
  • Discuss how you balance security requirements with user productivity
  • Describe your approach to rolling out compliance policies gradually

Exam Tips (MD-102)

  • Know compliance policy settings per platform
  • Understand actions for non-compliance and grace periods
  • Know how compliance integrates with Conditional Access
  • Understand the compliance evaluation cycle and device states

Course Complete!

You've finished all lessons

Previous|Next|HHome