fbpx

COMP-DV01: Windows 10 and Later Secure Device Compliance

Introduction

This policy checks for the following requirements of Windows 10 and later devices to ensure the Device is healthy and has the following baseline protections enabled:

Policy Settings

Device Health

Require BitLockerRequire
Require Secure Boot to be enabled on the deviceRequire
Require code integrityRequire

System Security

FirewallRequire
Trusted Platform Module (TPM)Require
AntivirusRequire
AntispywareRequire

Actions for Non-Compliance

We recommend allowing 1 day as a grace period before the device is marked as noncompliant. This is due Windows telemetry errors caused by due to Device Health Attestation

Mark device noncompliant1 day

Assignments

Users, Groups and Devices

Includes– All Users

Get Started!

The first three tenants are free! No credit card required.

Sign Up