Forum Discussion

Alberto Palma's avatar
Alberto Palma
Copper Contributor
Aug 23, 2020

Device not compliant based on service running

Hello, does anybody know if intune allows you mark a device not compliant if a certain windows 10 service is not running? If it is posible, what is the most restrictive action that we can take? Can we lock windows 10 for example and not allow user to continue working?

  • Thijs Lecomte's avatar
    Thijs Lecomte
    Bronze Contributor
    It's not possible throug device compliance.
    Compliance in intune is pretty limited.

    You can look into remediation scripts from endpoint analytics. That might help you
    • Alberto Palma's avatar
      Alberto Palma
      Copper Contributor

      Hi Thijs Lecomte 

       

      I am not getting your idea, are you proposing to detect that a service is not running or installed and then launch an script to start or install it?

       

      Can we use that to mark the device as not compliance and then apply some restrictions like not allowing to access office 365? can you think in another solution

       

      Thanks in advanced!

      • Rudy_Ooms_MVP's avatar
        Rudy_Ooms_MVP
        MVP

        Alberto Palma 

         

        I guess what I am proposing will be a very stupid idea 🙂 but it's just an idea!

         

        When you create proactive remediations which runs every hour to check if a specific service ain't running... and if it ain't running it will fire up a remedation script.

         

        In that remediation script you could make sure real time protection will be disabled (again it's not what you want !! its all about the idea nothing more)

         

        And when configure a compliance rule to detect if the device is compliant and you have your ca rules in place.... it will be blocked

         

        Again ... i am not recommending this 🙂 !

         

         

Resources