Implement device compliance policies
Device compliance policies can be used with or without conditional access policies and achieve the following outcomes:
- With conditional access Devices in compliance can access corporate resources. Devices that are not compliant will be blocked from accessing corporate resources.
- Without conditional access Effectively, these policies evaluate the compliance status of a device only. Used alone, there are no access restrictions to corporate resources because of a compliance policy.
You can use compliance policies without conditional access policies to evaluate the status of your devices. You can report information relating to device platform characteristics, such as the following:
- The number of devices that do not have compliance policies
- The number of devices that are not encrypted
- Whether devices are jailbroken or rooted
- Threat agent status
A list of the device attributes that can be reported is shown in Table 2-2.
TABLE 2-2 Device data available in Microsoft Intune
| Detail | Description | Platform |
| Name | The name of the device. | Windows, iOS |
| Management Name | The device name used only in the console. Changing this name won’t change the name on the device. | Windows, iOS |
| UDID | The device’s Unique Device identifier. | Windows, iOS |
| Intune Device ID | A GUID that uniquely identifies the device. | Windows, iOS |
| Serial Number | The device’s serial number from the manufacturer. | Windows, iOS |
| Shared Device | If Yes, the device is shared by more than one user. | Windows, iOS |
| User Approved Enrollment | If Yes, the device has user approved enrollment, which lets admins manage certain security settings on the device. | Windows, iOS |
| Operating System | The operating system used on the device. | Windows, iOS |
| Operating System Version | The version of the operating system on the device. | Windows, iOS |
| Operating System Language | The language set for the operating system on the device. | Windows, iOS |
| Total Storage Space | The total storage space on the device (in gigabytes). | Windows, iOS |
| Free Storage Space | The unused storage space on the device (in gigabytes). | Windows, iOS |
| IMEI | The device’s International Mobile Equipment Identity. | Windows, iOS, Android |
| MEID | The device’s Mobile Equipment IDentifier. | Windows, iOS, Android |
| Manufacturer | The manufacturer of the device. | Windows, iOS, Android |
| Model | The model of the device. | Windows, iOS, Android |
| Phone Number | The phone number assigned to the device. | Windows, iOS, Android |
| Subscribe Carrier | The device’s wireless carrier. | Windows, iOS, Android |
| Cellular Technology | The radio system used by the device. | Windows, iOS, Android |
| WiFi MAC | The device’s Media Access Control address. | Windows, iOS, Android |
| ICCID | The Integrated Circuit Card Identifier, which is a SIM card’s unique identification number. | Windows, iOS, Android |
| Enrolled Date | The date and time the device was enrolled in Intune. | Windows, iOS, Android |
| Last Contact | The date and time the device last connected to Intune. | Windows, iOS, Android |
| Activation Lock Bypass Code | The code that can be used to bypass the activation lock. | Windows, iOS, Android |
| Azure AD Registered | If Yes, the device is registered with Azure Directory. | Windows, iOS, Android |
| Compliance | The device’s compliance state. | Windows, iOS, Android |
| EAS Activated | If Yes, the device is synchronized with an Exchange mailbox. | Windows, iOS, Android |
| EAS Activation ID | The device’s Exchange ActiveSync identifier. | Windows, iOS, Android |
| Supervised | If Yes, administrators have enhanced control over the device. | Windows, iOS, Android |
| Encrypted | If Yes, the data stored on the device is encrypted. | Windows, iOS, Android |
