Support Tip: Using Device Health Attestation Settings as Part of Your Intune Compliance Policy

Hi Jan,

For a long time I thought exactly the same as you - that compliance policy would only check the current setting of interest, mark the device as compliant or not  and not be involved in its enforcement  at all. However that is not the case. For many settings, of which "require encryption" is one, it does prompt the user to perform the necessary remediation steps. So on Windows it puts up the notification for the user that encryption is needed.

Another example would be say a compliance policy for device pin length - if your iPad had a 6 digit pin and you change iOS compliance policy to require 8 digits then when  that policy lands the device will prompt the user about the  new passcode requirement. 

So in many cases the compliance policy is both measuring the current value and prompting the end user to remediate as necessary.

I'll have look to see if there is any internal guidance along the lines you suggest for DHA Bitlocker  and or "Require Encryption but the one thing that strikes me immediately is that the DHA setting is purely for measurement.

Thanks

Rob