Device management policies

  • Last update on September 26th, 2024

The remediation action for Device management policies is NOT available in the Essentials solution.

 

These policies are designed to enhance Intune management and security.

The list below provides an overview of the Device management out-of-the-box policies, what type of remediation action they are set to execute, and which remediation settings you can configure.


Intune devices not compliant with compliance policies

Show more

Description

This policy identifies devices that are not compliant with specific compliance policies within the organization.

It displays the device display name, instance, UPN associated with the device, policy category, email address of the user, managed device ID, the name of the policy that the device is violating, the current status of non-compliance for that policy, and the date when the policy violation occurred. 

This tool assists administrators in monitoring and enforcing policy adherence across devices used within the company's network or infrastructure.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 
 

Intune devices not compliant with configuration policies

Show more

Description

This policy identifies devices that are not compliant with configuration policies set within the organization. 

It displays the device name, device display name, email address associated with the device user, the specific policy ID that the device violates, the name of the policy, the current non-compliant status of the device for that policy, and any additional settings or details related to the policy violation. 

This tool enables administrators to monitor and enforce configuration policy compliance across devices connected to the company's network or systems.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 
 

Intune devices with encryption status in error

Show more

Description

This policy is designed to identify devices that are experiencing errors with their encryption status. 

It lists the device ID, device display name, the email address associated with the device user, the policy category related to encryption, the name of the encryption policy, and the current policy status showing an error.

Additionally, it provides the date when the encryption error occurred, the profile source detailing where the encryption policy is sourced from, and any relevant settings or names linked to the encryption issue.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 
 

Intune devices with pending actions

Show more

Description

This policy is designed to identify devices that are experiencing errors with their encryption status.

It lists the device ID, device display name, the email address associated with the device user, the policy category related to encryption, the name of the encryption policy, and the current policy status showing an error. 

Additionally, it provides the date when the encryption error occurred, the profile source detailing where the encryption policy is sourced from, and any relevant settings or names linked to the encryption issue. 

This tool enables IT administrators to quickly pinpoint and troubleshoot devices facing encryption problems, which is crucial for maintaining data security across the organization's device fleet.

Remediation action

Schedule and send the report to a custom recipient

What you can configure

  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
 
 

Intune devices without Intune sync

Show more

Description

This policy lists devices that are not currently syncing with the organization's Intune management system. 

It displays the device display name, the user's display name associated with the device, the device OS type, the user's principal name, the instance name, the last time the device successfully synced with Intune, the current device display status, and the device trust type indicating if it is a trusted or untrusted device. 

Additionally, it provides the approximate last sync time, whether the device is managed or unmanaged, the managed device owner if applicable, and the unique managed device ID. 

This tool allows IT admins to identify devices that may be out of sync with Intune policies, updates, or management, enabling them to take appropriate actions to bring those devices back into compliance.

Remediation action

Delete matched devices

What you can configure

  • Set the policy to target Intune devices without Intune sync in the previous 60 or 90 days.
  • Type the recipient of the email (custom address)
  • Schedule the recurrence of the remediation action
  • Enable/disable the email alert if the workflow fails