Forum Discussion
Bitlocker Compliance/Configuration/Endpoint Security Policy Confusion
I'm relatively new to endpoint management and AutoPilot is my second foray into it (after MAM/APP). I'm confused as to the difference between Compliance and Configuration Policies, and Endpoint Secu...
Hi Bryan,
1. Compliance policies are just rules and settings that devices must meet to be compliant. It doesn’t force config setting on devices.
2. Config and other policies get applied on Compliant devices only, so you need to setup your Compliance Policy and have the devices marked as compliant then start to apply your config policies.
Hope this helps!
Moe
1. Compliance policies are just rules and settings that devices must meet to be compliant. It doesn’t force config setting on devices.
2. Config and other policies get applied on Compliant devices only, so you need to setup your Compliance Policy and have the devices marked as compliant then start to apply your config policies.
Hope this helps!
Moe
Thanks, this definitely helps!
Re: #2, how would such timing be put into practice? Say, in an AutoPilot scenario, where we'd like to ultimately/eventually apply both configurations and require compliance, how could we configure the device before requiring compliance automatically?
The manual way would seem to be add the computers to a group that the Compliance Policy is applied to only after the configurations have been applied.
- Hi Bryan,
I won’t worry about the timing piece. Create Compliance policy that suits your environment so you know all your devices will be compliant after Enrollment. Intune will evaluate the device at Enrollment stage and then start applying policies. It should be quick!
Thanks!
MoeMoe_Kinani thanks for your help!