This weeks short blogpost is all about the new Device Compliance Notification functionality in Microsoft Intune. With this new option you can send notifications to your users when the device of the user becomes non-compliant. This is a great new way of informing users about the compliance state of their device. When using Device Compliance in AzureAD Conditional Access it’s very important to inform your users about the compliance state of the device. Users can view the compliance state in the Intune Company portal and this is just a new additional functionality.
Configuring this new functionality is a 2-step process. First you will need to configure a notification and when created you need to link this notification to a compliance policy. Let’s configure both steps now:
- Go to the Azure portal (https://portal.azure.com) and go to the Intune section;
- Go to Device Compliance –> Notifications and click on Create Notification;
- Fill-in the information and click on Create;
- Next step is to configure this notification inside your Compliance Policies. Go to the compliance policies section and open one of your compliance policies.
- Click on Properties;
- Click on Actions for noncompliance and click on Add;
- Select your notification template and select the number of days of noncompliance before the email should be send to your users:
- Click on OK and save the policy.
The users should see the following mail arriving when the device is not compliant:
This notification is send from the Microsoft Intune Notification service. If you’ve configured a Company Logo for the Company Portal this logo can be added to the notification to make it more personalized. It would be great if in the future the reason of being not-compliant is added to the email so that your users can see the reason directly in the mail and don’t have to go to the Company Portal for that.
Note 1: On Twitter I received a question: “Will the mail arrive even if the device is marked as non-compliant”. The answer is that in my tests the mail arrived on my workstations even when the device was marked as non-compliant.”
Thanks for making me aware of this 🙂
You’re welcome! 🙂
Hello, thanks for the guide. Do you know what is the frequency of the mail?
Hi,
There is no frequency on the notification. It’s send only onetime.
Regards, Arjan
I want to know, whenever our device will non-compliant then our admin also receive a notification.
Users do not care about these emails – 99% will delete, never to think about it again…. I don’t understand how MS has taken AWAY the ffeature to notify an admin on issues. Old InTune had an elerts -> email option. Somehow, new “improved” InTune lacks this very, very, VERY basic feature. I just don’t get it. Why do we care if the users have this info? DO we trust the users? HELL NO. We the admins need to know so we can act on this information. Asking an admin who is looking over 10 tenants to monitor 10 dashboards hourly is asinine.