When designing your Intune security solution, you need to ensure that the settings match in all four sections or there will be conflicts and devices will show as non-compliant.
The Security Baseline, Configuration Profile for Device Restriction, Compliance Policy and Windows Hello settings must match.
Personally, I no longer create a Configuration Profile for Device Restriction to set the password requirements as the Security Baseline is the preferred route now.
My personal recommendation is the following -
Security Baseline - configure as per business needs
Windows Hello for Business - match the Security Baseline configuration
Compliance Policy - update to match the Security Baseline configuration
Configuration Profile (Device Restriction) - Password settings not needed - do not create
=======================================================================
Examples of the mismatch of default configurations -
Configuration Profile for Device Restriction - Default minimum password length - four
Compliance Policy - Default length for minimum password length is four
Windows Hello for Business default - six digit Minimum PIN length
Security Baseline default - 8 digit minimum password length
=======================================================================
About the author -
Terry Munro is an IT specialist based in Brisbane, Australia.
He
draws upon over 20 years experience designing and delivering technical
solutions to a variety of enterprise clients in the private, Government
and Education sectors, to revolutionise client businesses through
collaboration and getting the most value from a variety of cloud
solutions.
He is passionate about learning new technologies and is a
firm believer in sharing knowledge to provide a better experience for
all.
You can connect with Terry on LinkedIn - https://www.linkedin.com/in/terry-munro/
No comments:
Post a Comment