Creating a partner device compliance policy

Create a partner device compliance policy on Core and apply the desired label. The partner compliance policy reports the device compliance status to Azure for conditional access. This is done through Microsoft Intune APIs. Once the policy is pushed to the device enrolled in Core and after the first check-in of the device, the device's compliance status will be reported to Azure. Thereafter, whenever there is a change in compliance status of the device - or once a week - the status will be reported. If there is no change in the compliance status, the status is reported to Intune once a week, as required by Microsoft. To view the Azure device compliance status, go to the Device Details page under the specific device.

Before you begin 

You must have an Azure Tenant ID set up. See Connecting Microsoft Azure to Core.

Procedure 

  1. In Core, go to Policies & Configurations > Policies.
  2. Click Add New > Partner Device Compliance. The Add Partner Device Compliance Policy dialog box opens.
  3. Use the below form to enter your settings:

Item

Description

Name

Enter a name for the policy.

Status

Select the relevant radio button to indicate whether the policy is Active or Inactive.

Only one active policy can be applied to a device.

Priority

Specifies the priority of this policy relative to the other custom policies of the same type. This priority determines which policy is applied if more than one policy is available.

Select Higher than or Lower than, then select an existing policy from the drop-down list.

For example, to give Policy A higher priority than Policy B, you would select “Higher than” and “Policy B”.

Description

Enter an explanation of the purpose of this policy.

Report Device Compliance Status to Azure for iOS and Android devices

Selected by default. If you do not see this field, you need to set up your Azure Tenant ID first. See Connecting Microsoft Azure to Core.

If the Report Device Compliance Status to Azure for iOS and Android devices check box is enabled, and the compliance policy is applied to the client, the client will display the option in Settings under "Microsoft 365 Access." The compliance status of the device will be then reported to Azure under the following conditions:

  • when device is out of compliance

  • when the device is compliant

  • when the device returns to compliance after being out of compliance

  • If there is no change in the status, a report is sent once a week / every seven days.

  1. Click Save.

Device status reporting

For the following cases, Core reports device inventory and compliance status to Azure.

  • On-device compliance state change

  • On-device inventory change, for example, an OS upgrade

  • Once a week, Core reports compliance and inventory status to Azure

Depending on the action chosen in the compliance policy, the following device status will be sent to Azure:

Table 1. Actions in compliance policy

Action

What Core sends to Azure

Block Email, AppConnect Apps

Non-compliant to Azure

Send Alert

Compliant to Azure

For more information, see Compliance actions policy violations.

Next steps 

De-provisioning of the Azure tenant