COMP-DV01: Windows 10 and Later Secure Device Compliance


This policy checks for the following requirements of Windows 10 and later devices to ensure the Device is healthy and has the following baseline protections enabled:

Policy Settings

Device Health

Require BitLockerRequire
Require Secure Boot to be enabled on the deviceRequire
Require code integrityRequire

System Security

Trusted Platform Module (TPM)Require

Actions for Non-Compliance

We recommend allowing 1 day as a grace period before the device is marked as noncompliant. This is due Windows telemetry errors caused by due to Device Health Attestation

Mark device noncompliant1 day


Users, Groups and Devices

Includes– All Users

Get Started!

The first three tenants are free! No credit card required.

Sign Up