DV-03MediumMaximum Security
Require Device Compliance for All Users
Conditional Access control for Microsoft 365 and Entra ID
Why This Control Matters
Unmanaged devices can have keyloggers, malware, or lack encryption. Requiring device compliance for all users ensures corporate data is only accessed from endpoints you control. This is a comprehensive Zero Trust control.
Expected State
When this control is compliant, your tenant should meet these criteria:
- 1A Conditional Access policy requires compliant or hybrid-joined device for all users
- 2All cloud applications are covered
- 3Emergency access accounts are excluded
Enforcement
Default Mode
Advisory
Alerts on deviations but does not make changes
Auto-Remediation
Available
Creates CA policy requiring device compliance in report-only mode. PREREQUISITE: Intune enrollment required.
Ready to implement this control?
TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.