Intune Hybrid – Creating compliance setting for iOS device in the ConfigMgr console

In this post, I will be using hybrid Intune with ConfigMgr to create a compliance policy to control the security settings on iOS device, in particular, iPhones. It will also show the user experience on the iPhone. First I will create the Configuration Item for iOS, then I will add the Configuration Item to a Baseline, and then deploy the Baseline to a collection where my Intune enrolled users are located.

I am using ConfigMgr Current Branch 1610 with an Intune subscription and have an iPhone 6 enrolled.

Right click on Configuration Items and select Create Configuration Item


Give the configuration item a name first, then under Settings for devices without the Configuration Manager client, select iOS and Mac OS X


I am only using this for iPhones so I have selected iPhone as the platform.


A list of groups for the device settings are displayed. In this example I have only selected Password. You can select the other groups to view which settings you can control.


In this example, I have selected the Minimum password length (characters) to be 6. Currently the iPhone has a passcode of 4 characters. I have selected the Number of failed logon attempts before device is wiped to 4. I have also selected Password complexity to be Strong and Number of complex Characters required in password to be 2.



Now that the configuration item has been created, it needs to be added to a Baseline.Right click on Configuration Baselines and select Create Configuration Baseline.


Give the baseline a name and click on Add, then Configuration Items.


Select the Configuration Item that was created before and click Add.


Now I will deploy the Baseline. Right click the Baseline and select Deploy.


The configuration baseline is already selected. I have selected Remediate noncompliant rules when supported. I have also selected a user collection I would like to deploy the baseline to.


This iPhone had a 4 digit passcode originally. The configuration item I configured said the iPhone needs a 6 character passcode length. Because the iPhone is not compliant, a Passcode Requirement prompt is on the iPhone giving the user 60 minutes to configure the new passcode. Once the user presses continue, the user is forced to set a 6 character passcode with 2 special characters.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s