Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

How can we improve Microsoft Intune

Add firewall, AV, UAC to compliance policy

In Windows 10 1607 devicestatus.csp was extended to include support for AV, firewall and UAC status.

https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/devicestatus-csp

However none of these features can be utilised in Intune compliance policies. We would like the ability to block access to corporate resources if AV or FW are disabled etc. Whilst Windows 10 device health attestation can check for ELAM this requires TPM 2.0.

As the Windows 10 product team has added these capabilities into the OS... please add them into Intune! Unlike configuration policies we cannot create custom compliance policies in order to take advantage of these features ourselves. Allowing custom compliance policy will be my next idea :-).

59 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • sso
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Mark Thomas shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Oliver Kieselbach commented  ·   ·  Flag as inappropriate

        Hey Cathy I think the request targets the compliance check not the ability to configure it. We want to see the compliance check if AV is enabled and FW is enabled like we already have for e.g. if BitLocker is enabled. Is this something you are planning or started already?

      Feedback and Knowledge Base