cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Intune enhancements to noncompliance email notifications
By
Intune_Support_Team
Published Feb 03 2021 12:21 PM 14.4K Views
Intune_Support_Team
Microsoft
‎Feb 03 2021 12:21 PM

Microsoft Intune enhancements to noncompliance email notifications

‎Feb 03 2021 12:21 PM

By: Adrian Moore, Sr. PM and Sameer Yadav, Program Manager - Microsoft Endpoint Manager – Intune

 

The following article helps IT Pros and mobile device administrators understand the new enhancements to the noncompliance notification feature of Microsoft Intune.

 

A lot of customers we work with operate globally, with end-users in countries all over the world. Many of these customers standardise their IT communications in English. This certainly makes things easier from an IT perspective but can often leave some staff with limited English struggling to understand what is being asked of them. One area that we often get this feedback about is noncompliance email notifications. With Conditional Access (CA), you can control the devices and apps that can connect to your email and company resources. Intune enhances CA by adding mobile device compliance to the access controls. With an Intune compliance policy that defines requirements for devices to be compliant, you can use a device's compliance status to either allow or block access to your apps and services. You can do this by creating a CA policy that uses the setting Require device to be marked as compliant. When a device falls out of compliance, end-users are notified by email. While it has been technically possible to achieve localised language email notifications, it did require duplication of policies. We have heard your feedback, and are delighted to announce a new, streamlined approach to providing localised language support for noncompliance emails, making it easier for this part of your IT communications to be more inclusive and remove language as a barrier for self-remediation of noncompliance issues.

 

The current experience

Prior to our new experience, compliance policy could only have a single noncompliance email template attached to it. In practice, this means a duplicate compliance policy for each language you want and a corresponding template. Even with a few languages in play, you can see below how this can be challenging for large organisations:

 

Compliance policies - Policies bladeCompliance policies - Policies blade

 

Compliance policies - Notifications bladeCompliance policies - Notifications blade

 

The feedback from our customers has been that, for many, this would result in many compliance policies to set up and maintain.

 

The new experience

With the new enhancements, you only need to create a single notification template, which you can add multiple localised email messages to. Let us look at this in practice.

 

First, create a single compliance policy (instead of one for each language):

 

New experience of the Compliance policies - Policies bladeNew experience of the Compliance policies - Policies blade

 

Then, we create a single notification template and add multiple localised email messages to it:

 

Notification message templates settingsNotification message templates settings

 

Notification message templates summary viewNotification message templates summary view

 

We then assign that template to our compliance policy (note the languages in the details pane on the right):

 

List of notification message templatesList of notification message templates

 

If you are wondering how we determine which template to send to the user, the answer lies in the user’s Microsoft 365 “Display Language” setting, which is accessed via myaccount.microsoft.com:

 

Microsoft 365 - Settings & Privacy - Display Language settingMicrosoft 365 - Settings & Privacy - Display Language setting

 

This means the language that the user has set themselves will be what Intune uses to trigger the localised email message. However, some customers may want to manage this centrally, in which case you have a couple of options:

 

  • Leverage Microsoft Graph and patch the “preferredLanguage” attribute at
    https://graph.microsoft.com/v1.0/users/{user id}
  • Use Powershell scripts

 

Note:

You must use a defined language tag (for example en-US for the US, or es-ES for Spain). Supported languages can be found at the Supported Language Packs and Language Interface Packs page.

 

If a user’s display or preferred language cannot be determined, they will receive the default template selected by their IT admin.

 

Hybrid environments

The above methods for setting the user’s language only applies to cloud-only accounts. For those customers who are using Azure Active Directory (Azure AD) Connect to sync their identities from their on-premises Active Directory, the language must be set on-premises and then sync’d to Azure AD. If this is the case, your users will see the following:

 

Language & Region - Display language for Hybrid usersLanguage & Region - Display language for Hybrid users

 

To set the language in your local Active Directory, navigate to the user object and edit the attribute:

 

preferredLanguage setting for a user object in local Active DirectorypreferredLanguage setting for a user object in local Active Directory

 

This may be something you leverage scripting for as, in large organizations, you may run into scale challenges without scripting.

 

Conclusion

As our customers move towards more inclusive workplaces, technology needs to move with it. Keeping your end-users productive demands that, should their device become noncompliant for any reason, they can self-remediate the problem quickly and, ideally, without the help of others. Ensuring your end-users always receive their noncompliant email notifications in their preferred language means they can easily understand what they need to do to get their corporate access back - without language being a barrier.

 

More info and feedback

For further resources on this subject, please see the links below.

 

Use compliance policies to set rules for devices you manage with Intune

How to set language and region settings for Office 365

Supported Language Packs and Language Interface Packs

 

As always, we want to hear from you! If you have any suggestions, questions, or comments, please visit us on our Tech Community Page, or leave a comment below.

 

Follow @MSIntune and @IntuneSuppTeam on Twitter and feel free to ask any questions about implementing this new feature to the @IntuneSuppTeam on Twitter!

6 Comments
Mal_G
Copper Contributor
‎Feb 04 2021 02:52 AM
‎Feb 04 2021 02:52 AM

Has there been any thought about linking in Microsoft's own translation services to such email notifications?  An option to "Translate" the default email notification could be presented to a user for them to select, on-demand, to translate the message to a language of their choice. 

Derek_H
Copper Contributor
‎Feb 11 2021 12:32 PM
‎Feb 11 2021 12:32 PM

Would love to see more features in these email template around rich html content so they can match our corporate branding requirements. And also to be able to customize the From address. Too many of our users ignore these because of how they look and the from address being a generic Microsoft account. Side effect of phishing awareness programs I guess.

 

 

 

 

naved495
Copper Contributor
‎Apr 14 2022 07:04 AM
‎Apr 14 2022 07:04 AM

Once a compliance policy is created with non-compliant notifications sent out, it would be great to monitor if those messages of non-compliant are being sent out. They (non-compliant notifications) are currently set in my environment, but I have no idea if they are being sent unless the user responds or I run an email message trace. If I run a schedule of non-compliant notifications, it would be great to ensure the end-user receives them. 

0 Likes
Like
Intune_Support_Team
Microsoft
‎Apr 19 2022 09:43 AM
‎Apr 19 2022 09:43 AM

Hi @naved495, thanks for the feedback and we welcome your feedback in improving Intune! Feel free to suggest this over on our Feedback portal: aka.ms/IntuneFeedback so that other customers can vote and comment on the same. We look forward to seeing this great suggestion! 

0 Likes
Like
quinzy
Copper Contributor
‎May 25 2022 01:40 AM
‎May 25 2022 01:40 AM

If I want to create a notification, we like to add the devicename that is not compliant with for example bitlocker in the notification.
Some of our users has more than 1 devices, so when they receive the notification in there email. They do not know what device is not compliant

Is it possible to add the devicename (is there a variable available) to the notification ?

if not, can it be added, this has a great value to have that.

Intune_Support_Team
Microsoft
‎Jun 01 2022 07:31 AM
‎Jun 01 2022 07:31 AM

Hi @quinzy, thanks for the info. We are always listening for ways to improve Intune and we appreciate feedback from the MEM community. If this is a feature you love, we'd love to see your suggestion on our Feedback portal where other users can comment and vote. See: aka.ms/IntuneFeedback. We look forward to seeing this great suggestion! 

0 Likes
Like
Version history
Last update:
‎Nov 30 2023 04:12 PM
Updated by: