Forum Discussion
Device not compliant based on service running
Hello, does anybody know if intune allows you mark a device not compliant if a certain windows 10 service is not running? If it is posible, what is the most restrictive action that we can take? Can we lock windows 10 for example and not allow user to continue working?
3 Replies
- It's not possible throug device compliance.
Compliance in intune is pretty limited.
You can look into remediation scripts from endpoint analytics. That might help youI am not getting your idea, are you proposing to detect that a service is not running or installed and then launch an script to start or install it?
Can we use that to mark the device as not compliance and then apply some restrictions like not allowing to access office 365? can you think in another solution
Thanks in advanced!
I guess what I am proposing will be a very stupid idea 🙂 but it's just an idea!
When you create proactive remediations which runs every hour to check if a specific service ain't running... and if it ain't running it will fire up a remedation script.
In that remediation script you could make sure real time protection will be disabled (again it's not what you want !! its all about the idea nothing more)
And when configure a compliance rule to detect if the device is compliant and you have your ca rules in place.... it will be blocked
Again ... i am not recommending this 🙂 !
