Table of Contents
Introduction #
This policy checks for the following requirements of Windows 10 and later devices to ensure the Device is healthy and has the following baseline protections enabled:
Policy Settings #
Device Health
Require BitLocker | Require |
Require Secure Boot to be enabled on the device | Require |
Require code integrity | Require |
System Security
Firewall | Require |
Trusted Platform Module (TPM) | Require |
Antivirus | Require |
Antispyware | Require |
Actions for Non-Compliance #
We recommend allowing 1 day as a grace period before the device is marked as noncompliant. This is due Windows telemetry errors caused by due to Device Health Attestation
Mark device noncompliant | 1 day |
Assignments #
Users, Groups and Devices
Includes | – All Users |