Intune Hybrid – Creating compliance setting for iOS device in the ConfigMgr console

In this post, I will be using hybrid Intune with ConfigMgr to create a compliance policy to control the security settings on iOS device, in particular, iPhones. It will also show the user experience on the iPhone. First I will create the Configuration Item for iOS, then I will add the Configuration Item to a Baseline, and then deploy the Baseline to a collection where my Intune enrolled users are located.

I am using ConfigMgr Current Branch 1610 with an Intune subscription and have an iPhone 6 enrolled.

Right click on Configuration Items and select Create Configuration Item

intunecomp1

Give the configuration item a name first, then under Settings for devices without the Configuration Manager client, select iOS and Mac OS X

intunecomp2

I am only using this for iPhones so I have selected iPhone as the platform.

intunecomp3

A list of groups for the device settings are displayed. In this example I have only selected Password. You can select the other groups to view which settings you can control.

intunecomp4

In this example, I have selected the Minimum password length (characters) to be 6. Currently the iPhone has a passcode of 4 characters. I have selected the Number of failed logon attempts before device is wiped to 4. I have also selected Password complexity to be Strong and Number of complex Characters required in password to be 2.

intunecomp5

intunecomp6

Now that the configuration item has been created, it needs to be added to a Baseline.Right click on Configuration Baselines and select Create Configuration Baseline.

intunecomp7

Give the baseline a name and click on Add, then Configuration Items.

intunecomp8

Select the Configuration Item that was created before and click Add.

intunecomp9intunecomp10

Now I will deploy the Baseline. Right click the Baseline and select Deploy.

intunecomp11

The configuration baseline is already selected. I have selected Remediate noncompliant rules when supported. I have also selected a user collection I would like to deploy the baseline to.

intunecomp12

This iPhone had a 4 digit passcode originally. The configuration item I configured said the iPhone needs a 6 character passcode length. Because the iPhone is not compliant, a Passcode Requirement prompt is on the iPhone giving the user 60 minutes to configure the new passcode. Once the user presses continue, the user is forced to set a 6 character passcode with 2 special characters.

intunecomp13intunecomp14

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s