Configuring and deploying a Windows custom compliance policy
Sometimes, you will find that your compliance may not meet what is available with the built-in settings. For example, you may have third-party products that you need to monitor or want to block machines with particular software installed. You could also restrict your environment to a specific hardware type, manufacturer, and amount of RAM – anything that can be detected by PowerShell can be used for compliance.
Once the script has been configured, you can set a JSON policy within Intune that looks at the output from PowerShell and compares it to the settings we specified in the JSON and their values. If the expected value meets the actual value, that setting is compliant. If not, it is non-compliant.
One non-compliant setting is enough to mark a device as non-compliant.
Now that we know how it works, we can configure our scripts.
Getting started
Before we create the policy, we need to create the two...