 Note |
|---|
| The information in this topic applies only to System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager. |
You can configure compliance settings for mobile devices that are enrolled by the Windows Intune connector.
Applying Compliance Settings by
Using the Windows Intune Connector
Create configuration items to define configurations that you want to manage and assess for compliance on mobile devices. The steps you have to take to manage compliance settings are as follows.
| Step | Description |
|---|---|
|
Step 1: Create a configuration item for mobile devices. |
To create configuration items for mobile devices that you enroll by using the Windows Intune connector, see How to Create Mobile Device Configuration Items for Compliance Settings in Configuration Manager. |
|
Step 2: Create a configuration baseline. |
For more information about how to create the configuration baseline, see How to Create Configuration Baselines for Compliance Settings in Configuration Manager. |
|
Step 3: Deploy the configuration baseline. |
After a configuration baseline is created, you can apply it to a user or device collection. If you apply the settings to a user collection, the compliance settings are applied to all the enrolled devices for those users. For more information, see How to Deploy Configuration Baselines in Configuration Manager. |
Compliance Settings for
System Center 2012 R2
Configuration Manager
The following table lists the compliance settings available to Windows 8.1, Windows Phone 8, Windows RT, Android, and iOS devices. The Exchange connector settings are also listed but do not necessarily apply to all mobile devices, for information on what devices the exchange connector settings apply to, see the Exchange ActiveSync Client Comparison Table.
| Note |
|---|
| If a setting exists and is not on this list, then that setting is not supported by any platform. |
| Note |
|---|
| If an iOS device is modified or an Android device is rooted, you can detect this through the query, All jailbroken or rooted devices, or through the report, Jailbroken or rooted devices. |
| Note |
|---|
| The System Security settings, Network Firewall, Virus Protection, and Virus Protection signatures are up-to-date cannot be disabled. |
| Note |
|---|
| Disabling or enabling the Voice roaming or Data roaming settings does not affect the carrier setting. These settings will only affect the device to which the policy is applied. |
| Note |
|---|
This table lists the compliance settings available for mobile
devices, it is not a feature list, for information on management
capabilities, see:
|
| Device Setting Group | Settings | Windows Phone 8 | Windows RT | Windows 8.1 and Windows RT 8.1 (enrolled by Windows Intune) | iOS | Android (for devices with the Android company portal app installed) | Exchange Connector (these settings do not necessarily apply to all mobile devices) |
|---|---|---|---|---|---|---|---|
|
Browser |
Default browser |
No |
No |
No |
Yes |
No |
Yes |
|
Browser |
Autofill |
No |
No |
Yes |
Yes |
No |
No |
|
Browser |
Plug-ins |
No |
No |
Yes |
No |
No |
No |
|
Browser |
Active scripting |
No |
No |
Yes |
Yes |
No |
No |
|
Browser |
Pop-ups |
No |
No |
Yes |
Yes |
No |
No |
|
Browser |
Fraud warning |
No |
No |
Yes |
Yes |
No |
No |
|
Browser |
Cookies |
No |
No |
No |
Yes |
No |
No |
|
Cloud |
Encrypted backup |
No |
No |
No |
Yes |
No |
No |
|
Cloud |
Document synchronization |
No |
No |
No |
Yes |
No |
No |
|
Cloud |
Photo synchronization |
No |
No |
No |
Yes |
No |
No |
|
Cloud |
Cloud backup |
No |
No |
No |
Yes |
No |
No |
|
Cloud |
Settings synchronization |
No |
No |
Yes (GET only) |
No |
No |
No |
|
Cloud |
Credentials synchronization |
No |
No |
Yes (GET only) |
No |
No |
No |
|
Cloud |
Synchronization over metered connection |
No |
No |
Yes (GET only) |
No |
No |
No |
|
Content Rating |
Adult Content in media store |
No |
No |
No |
Yes |
No |
No |
|
Content Rating |
Ratings Region |
No |
No |
No |
Yes |
No |
No |
|
Content Rating |
Movie Rating |
No |
No |
No |
Yes |
No |
No |
|
Content Rating |
TV Show Rating |
No |
No |
No |
Yes |
No |
No |
|
Content Rating |
App Rating |
No |
No |
No |
Yes |
No |
No |
|
Device |
Voice Dialing |
No |
No |
No |
Yes |
No |
No |
|
Device |
Voice Assistant |
No |
No |
No |
Yes |
No |
No |
|
Device |
Voice Assistant while Locked |
No |
No |
No |
Yes |
No |
No |
|
Device |
Screen Capture |
No |
No |
No |
Yes |
No |
No |
|
Device |
Video Conferencing |
No |
No |
No |
Yes |
No |
No |
|
Device |
Game Center |
No |
No |
No |
Yes |
No |
No |
|
Device |
Add Game Center friends |
No |
No |
No |
Yes |
No |
No |
|
Device |
Multiplayer Gaming |
No |
No |
No |
Yes |
No |
No |
|
Device |
Personal wallet software While Locked |
No |
No |
No |
Yes |
No |
No |
|
Device |
Diagnostic data Submission |
No |
No |
Yes |
Yes |
No |
No |
|
Encryption |
File encryption on mobile device |
Yes |
No |
Yes (Get only) |
No |
Yes, for Android 4 |
Yes |
|
Internet Explorer |
Go to intranet site for single word entry |
No |
No |
Yes |
No |
No |
No |
|
Internet Explorer |
Always send Do Not Track header |
No |
No |
Yes |
No |
No |
No |
|
Internet Explorer |
Intranet security zone |
No |
No |
Yes |
No |
No |
No |
|
Internet Explorer |
Security level for internet zone |
No |
No |
Yes (GET only) |
No |
No |
No |
|
Internet Explorer |
Security level for intranet zone |
No |
No |
Yes (GET only) |
No |
No |
No |
|
Internet Explorer |
Security level for trusted sites zone |
No |
No |
Yes (GET only) |
No |
No |
No |
|
Internet Explorer |
Security level for restricted sites zone |
No |
No |
Yes (GET only) |
No |
No |
No |
|
Internet Explorer |
Namespace exists for browser security zone |
No |
No |
Yes |
No |
No |
No |
|
Password |
Require password settings on mobile devices |
Yes |
No |
No |
Yes |
Yes, for Android 4 |
Yes |
|
Password |
Password complexity |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
|
Password |
Idle time before mobile device is locked (minutes) |
Yes |
Yes |
Yes |
Yes |
Yes, for Android 4 |
Yes |
|
Password |
Minimum password length (characters) |
Yes |
Yes. Password length cannot be less than six characters. |
Yes |
Yes |
Yes, for Android 4 |
Yes |
|
Password |
Number of passwords remembered |
Yes |
Yes |
Yes |
Yes |
Yes, for Android 4 |
Yes |
|
Password |
Password expiration in days |
Yes |
Yes |
Yes |
Yes |
Yes, for Android 4 |
Yes |
|
Password |
Number of failed logon attempts before device is wiped |
Yes |
Yes |
Yes |
Yes |
Yes, for Android 4 |
Yes |
|
Password |
Minimum complex characters |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
|
Password |
Allow simple password |
Yes |
No |
No |
Yes |
No |
Yes |
|
Password |
Allow convenience logon |
No |
Yes |
Yes |
No |
No |
Yes |
|
Password |
Maximum grace period |
No |
No |
No |
Yes |
No |
No |
|
Password |
Password Quality |
No |
No |
No |
No |
Yes, for Android 4 |
No |
|
Roaming |
Allow Voice Roaming |
No |
No |
No |
Yes |
No |
No |
|
Roaming |
Allow Global Background Fetch When Roaming |
No |
No |
No |
Yes |
No |
No |
|
Roaming |
Allow Data Roaming |
No |
No |
Yes |
Yes |
No |
No |
|
Security |
Removable storage |
Yes |
No |
No |
No |
No |
Yes |
|
Security |
Camera |
No |
No |
No |
Yes |
Yes, for Android 4.1 |
Yes |
|
Security |
Bluetooth |
No |
No |
Yes (GET only) |
No |
No |
Yes |
|
Security |
Allow app installation |
No |
No |
No |
Yes |
No |
No |
|
Store |
Application Store |
No |
No |
No |
Yes |
No |
No |
|
Store |
Force Application Store Password |
No |
No |
No |
Yes, this setting applies to iTunes only |
No |
No |
|
Store |
In App Purchases |
No |
No |
No |
Yes |
No |
No |
|
System Security |
User to accept untrusted TLS certificates |
No |
No |
No |
Yes |
No |
No |
|
System Security |
User Access Control |
No |
No |
Yes |
No |
No |
No |
|
System Security |
Network Firewall |
No |
No |
Yes (GET only) |
No |
No |
No |
|
System Security |
Updates |
No |
No |
Yes |
No |
No |
No |
|
System Security |
Virus Protection |
No |
No |
Yes (GET only) |
No |
No |
No |
|
System Security |
Virus Protection signatures are up-to-date |
No |
No |
Yes (GET only) |
No |
No |
No |
|
System Security |
SmartScreen |
No |
No |
Yes |
No |
No |
No |
|
Windows Server Work Folders |
Work Folders URL |
No |
No |
Yes |
No |
No |
No |
|
Windows Server Work Folders |
Force automatic setup |
No |
No |
Yes |
No |
No |
No |
Compliance settings available
through the iOS 7 Security Settings Extension
With System Center 2012 R2 Configuration Manager, the optional iOS 7 Security Settings extension introduces new security settings to manage iOS devices using Windows Intune and is available from within the Configuration Manager console. For information on how to install the extension, see Planning to Use Extensions in Configuration Manager. The table below lists the additional settings available once you install the extension.
| Device Setting Group | Settings | At least iOS 7 |
|---|---|---|
|
System Security |
Lock screen control center |
Yes |
|
System Security |
Lock screen notification view |
Yes |
|
System Security |
Lock screen today view |
Yes |
|
System Security |
Fingerprint for unlocking |
Yes |
|
Data Protection |
Open managed documents in other unmanaged apps |
Yes |
|
Data Protection |
Open unmanaged documents in other managed apps |
Yes |