MT.1054 - Ensure built-in Device Compliance Policy marks devices with no compliance policy assigned as 'Not compliant'
Overview
Ensure the built-in Device Compliance Policy marks devices with no compliance policy assigned as 'Not compliant'.
Set your Intune built-in Device Compliance Policy to mark devices with no compliance policy assigned as 'Not compliant'. This ensures that new devices that do not have any policies assigned are not compliant per default.
Remediation action:
To change the built-in device compliance policy:
- Navigate to Microsoft Intune admin center.
- Click Devices scroll down to Manage devices.
- Select Compliance and Select Compliance settings.
- Set Mark devices with no compliance policy assigned as to Not compliant
- Click Save.
Related links
Test Metadata
| Field | Value |
|---|---|
| Test ID | MT.1054 |
| Severity | Medium |
| Suite | Maester |
| Category | Intune |
| PowerShell test | Test-MtDeviceComplianceSettings |
| Tags | Intune, Maester, MT.1054 |
Source
- Pester test:
tests/Maester/Intune/Test-MtIntunePlatform.Tests.ps1 - PowerShell source:
powershell/public/maester/intune/Test-MtDeviceComplianceSettings.ps1