By: Adrian Moore, Sr. PM and Sameer Yadav, Program Manager - Microsoft Endpoint Manager – Intune
The following article helps IT Pros and mobile device administrators understand the new enhancements to the noncompliance notification feature of Microsoft Intune.
A lot of customers we work with operate globally, with end-users in countries all over the world. Many of these customers standardise their IT communications in English. This certainly makes things easier from an IT perspective but can often leave some staff with limited English struggling to understand what is being asked of them. One area that we often get this feedback about is noncompliance email notifications. With Conditional Access (CA), you can control the devices and apps that can connect to your email and company resources. Intune enhances CA by adding mobile device compliance to the access controls. With an Intune compliance policy that defines requirements for devices to be compliant, you can use a device's compliance status to either allow or block access to your apps and services. You can do this by creating a CA policy that uses the setting Require device to be marked as compliant. When a device falls out of compliance, end-users are notified by email. While it has been technically possible to achieve localised language email notifications, it did require duplication of policies. We have heard your feedback, and are delighted to announce a new, streamlined approach to providing localised language support for noncompliance emails, making it easier for this part of your IT communications to be more inclusive and remove language as a barrier for self-remediation of noncompliance issues.
The current experience
Prior to our new experience, compliance policy could only have a single noncompliance email template attached to it. In practice, this means a duplicate compliance policy for each language you want and a corresponding template. Even with a few languages in play, you can see below how this can be challenging for large organisations:
The feedback from our customers has been that, for many, this would result in many compliance policies to set up and maintain.
The new experience
With the new enhancements, you only need to create a single notification template, which you can add multiple localised email messages to. Let us look at this in practice.
First, create a single compliance policy (instead of one for each language):
Then, we create a single notification template and add multiple localised email messages to it:
We then assign that template to our compliance policy (note the languages in the details pane on the right):
If you are wondering how we determine which template to send to the user, the answer lies in the user’s Microsoft 365 “Display Language” setting, which is accessed via myaccount.microsoft.com:
This means the language that the user has set themselves will be what Intune uses to trigger the localised email message. However, some customers may want to manage this centrally, in which case you have a couple of options:
- Leverage Microsoft Graph and patch the “preferredLanguage” attribute at
https://graph.microsoft.com/v1.0/users/{user id} - Use Powershell scripts
Note:
You must use a defined language tag (for example en-US for the US, or es-ES for Spain). Supported languages can be found at the Supported Language Packs and Language Interface Packs page.
If a user’s display or preferred language cannot be determined, they will receive the default template selected by their IT admin.
Hybrid environments
The above methods for setting the user’s language only applies to cloud-only accounts. For those customers who are using Azure Active Directory (Azure AD) Connect to sync their identities from their on-premises Active Directory, the language must be set on-premises and then sync’d to Azure AD. If this is the case, your users will see the following:
To set the language in your local Active Directory, navigate to the user object and edit the attribute:
This may be something you leverage scripting for as, in large organizations, you may run into scale challenges without scripting.
Conclusion
As our customers move towards more inclusive workplaces, technology needs to move with it. Keeping your end-users productive demands that, should their device become noncompliant for any reason, they can self-remediate the problem quickly and, ideally, without the help of others. Ensuring your end-users always receive their noncompliant email notifications in their preferred language means they can easily understand what they need to do to get their corporate access back - without language being a barrier.
More info and feedback
For further resources on this subject, please see the links below.
Use compliance policies to set rules for devices you manage with Intune
How to set language and region settings for Office 365
Supported Language Packs and Language Interface Packs
As always, we want to hear from you! If you have any suggestions, questions, or comments, please visit us on our Tech Community Page, or leave a comment below.
Follow @MSIntune and @IntuneSuppTeam on Twitter and feel free to ask any questions about implementing this new feature to the @IntuneSuppTeam on Twitter!