Creating a partner device compliance policy
Create a partner device compliance policy on Core and apply the desired label. The partner compliance policy reports the device compliance status to Azure for conditional access. This is done through Microsoft Intune APIs. Once the policy is pushed to the device enrolled in Core and after the first check-in of the device, the device's compliance status will be reported to Azure. Thereafter, whenever there is a change in compliance status of the device - or once a week - the status will be reported. If there is no change in the compliance status, the status is reported to Intune once a week, as required by Microsoft. To view the Azure device compliance status, go to the Device Details page under the specific device.
Before you begin
You must have an Azure Tenant ID set up. See Connecting Microsoft Azure to Core.
Procedure
- In Core, go to Policies & Configurations > Policies.
- Click Add New > Partner Device Compliance. The Add Partner Device Compliance Policy dialog box opens.
- Use the below form to enter your settings:
Item |
Description |
Name |
Enter a name for the policy. |
Status |
Select the relevant radio button to indicate whether the policy is Active or Inactive. Only one active policy can be applied to a device. |
Priority |
Specifies the priority of this policy relative to the other custom policies of the same type. This priority determines which policy is applied if more than one policy is available. Select Higher than or Lower than, then select an existing policy from the drop-down list. For example, to give Policy A higher priority than Policy B, you would select “Higher than” and “Policy B”. |
Description |
Enter an explanation of the purpose of this policy. |
Report Device Compliance Status to Azure for iOS and Android devices |
Selected by default. If you do not see this field, you need to set up your Azure Tenant ID first. See Connecting Microsoft Azure to Core. If the Report Device Compliance Status to Azure for iOS and Android devices check box is enabled, and the compliance policy is applied to the client, the client will display the option in Settings under "Microsoft 365 Access." The compliance status of the device will be then reported to Azure under the following conditions:
|
- Click Save.
Device status reporting
For the following cases, Core reports device inventory and compliance status to Azure.
-
On-device compliance state change
-
On-device inventory change, for example, an OS upgrade
-
Once a week, Core reports compliance and inventory status to Azure
Depending on the action chosen in the compliance policy, the following device status will be sent to Azure:
Action |
What Core sends to Azure |
Block Email, AppConnect Apps |
Non-compliant to Azure |
Send Alert |
Compliant to Azure |
For more information, see Compliance actions policy violations.
Next steps