By: Adrian Moore, Sr. PM and Sameer Yadav, Program Manager - Microsoft Endpoint Manager – Intune
The following article helps IT Pros and mobile device administrators understand the new enhancements to the noncompliance notification feature of Microsoft Intune.
A lot of customers we work with operate globally, with end-users in countries all over the world. Many of these customers standardise their IT communications in English. This certainly makes things easier from an IT perspective but can often leave some staff with limited English struggling to understand what is being asked of them. One area that we often get this feedback about is noncompliance email notifications. With Conditional Access (CA), you can control the devices and apps that can connect to your email and company resources. Intune enhances CA by adding mobile device compliance to the access controls. With an Intune compliance policy that defines requirements for devices to be compliant, you can use a device's compliance status to either allow or block access to your apps and services. You can do this by creating a CA policy that uses the setting Require device to be marked as compliant. When a device falls out of compliance, end-users are notified by email. While it has been technically possible to achieve localised language email notifications, it did require duplication of policies. We have heard your feedback, and are delighted to announce a new, streamlined approach to providing localised language support for noncompliance emails, making it easier for this part of your IT communications to be more inclusive and remove language as a barrier for self-remediation of noncompliance issues.
The current experience
Prior to our new experience, compliance policy could only have a single noncompliance email template attached to it. In practice, this means a duplicate compliance policy for each language you want and a corresponding template. Even with a few languages in play, you can see below how this can be challenging for large organisations:
Compliance policies - Policies blade
Compliance policies - Notifications blade
The feedback from our customers has been that, for many, this would result in many compliance policies to set up and maintain.
The new experience
With the new enhancements, you only need to create a single notification template, which you can add multiple localised email messages to. Let us look at this in practice.
First, create a single compliance policy (instead of one for each language):
New experience of the Compliance policies - Policies blade
Then, we create a single notification template and add multiple localised email messages to it:
Notification message templates settings
Notification message templates summary view
We then assign that template to our compliance policy (note the languages in the details pane on the right):
List of notification message templates
If you are wondering how we determine which template to send to the user, the answer lies in the user’s Microsoft 365 “Display Language” setting, which is accessed via myaccount.microsoft.com:
Microsoft 365 - Settings & Privacy - Display Language setting
This means the language that the user has set themselves will be what Intune uses to trigger the localised email message. However, some customers may want to manage this centrally, in which case you have a couple of options:
Leverage Microsoft Graph and patch the “preferredLanguage” attribute at
If a user’s display or preferred language cannot be determined, they will receive the default template selected by their IT admin.
The above methods for setting the user’s language only applies to cloud-only accounts. For those customers who are using Azure Active Directory (Azure AD) Connect to sync their identities from their on-premises Active Directory, the language must be set on-premises and then sync’d to Azure AD. If this is the case, your users will see the following:
Language & Region - Display language for Hybrid users
To set the language in your local Active Directory, navigate to the user object and edit the attribute:
preferredLanguage setting for a user object in local Active Directory
This may be something you leverage scripting for as, in large organizations, you may run into scale challenges without scripting.
As our customers move towards more inclusive workplaces, technology needs to move with it. Keeping your end-users productive demands that, should their device become noncompliant for any reason, they can self-remediate the problem quickly and, ideally, without the help of others. Ensuring your end-users always receive their noncompliant email notifications in their preferred language means they can easily understand what they need to do to get their corporate access back - without language being a barrier.
More info and feedback
For further resources on this subject, please see the links below.