ASD's Blueprint for Secure Cloud

Windows 10/11 Compliance Policy

This section describes the configuration of device compliance policies within Microsoft Intune associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

Basics

ItemValue
NameWindows 10/11 Compliance Policy
Description
PlatformWindows 10 and later
Profile typeWindows 10/11 compliance policy

Compliance settings

Custom Compliance

ItemValue
Custom complianceNot configured

Device Health

ItemValue
BitLockerRequire
Secure BootRequire
Code integrityRequire

Device Properties

ItemValue
Minimum OS version10.0.19043.10000
Maximum OS versionNot configured
Minimum OS version for mobile devices10.0.19043.10000
Maximum OS version for mobile devicesNot configured

Configuration Manager Compliance

ItemValue
Require device compliance from Configuration ManagerNot configured

System Security

ItemValue
Password
Require a password to unlock mobile devicesRequire
Simple passwordsBlock
Password typeAlphanumeric
Password complexityRequire digits, lowercase, uppercase, and special characters
Minimum password length14
Maximum minutes of inactivity before password is required15 minutes
Password expiration (days)365
Number of previous passwords to prevent reuse5
Require password when device returns from idle stateRequire
Encryption
Require encryption of data storage on deviceRequire
Device Security
FirewallRequire
Trusted Platform Module (TPM)Require
AntivirusRequire
AntispywareRequire
Defender
Microsoft Defender AntimalwareRequire
Microsoft Defender Antimalware minimum version4.18.0.0
Microsoft Defender Antimalware security intelligence up-to-dateRequire
Real-time protectionRequire

Microsoft Defender for Endpoint

ItemValue
Require the device to be at or under the machine risk scoreMedium

Actions for noncompliance

ItemValue
Action
Mark device noncompliant1

Scope tags

ItemValue
Scope tagsDefault

Assignments

Included groups

ItemValue
Groupsrol--administrators
rol--users

Excluded groups

No results.

Security & Governance

  • None identified

Design

  • None identified

Configuration

  • None identified

References

  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra