E8‑COMPLY‑iOS/iPadOS

✅ Enforce Essential Eight–aligned device compliance for iOS and iPadOS devices.

➡️ Ensures only devices with a basic security posture (passcode protection and non‑jailbroken state) are considered compliant when accessing corporate resources.

✅ Users: All licensed users
🚫 Exclusions: None

➡️ Users must access corporate resources from a compliant iOS/iPadOS device.

✅ Applications: Microsoft 365 and other Entra‑integrated cloud applications
✅ Platforms: iOS and iPadOS

➡️ Access is permitted only when the device reports as compliant.

✅ Passcode is required on the device
✅ Simple passcodes are blocked
✅ Jailbroken devices are marked non‑compliant
✅ Enforcement occurs via Intune Compliance paired with Conditional Access

➡️ Non‑compliant devices are blocked from access after a grace period.

ℹ️ Note:
OS version enforcement, threat protection, and advanced controls are intentionally not configured to maintain an IBP / Maturity Level 1 posture.

🚫 Minimum or maximum OS version
🚫 Passcode expiration or inactivity timeouts
🚫 Threat protection / MTD integration
🚫 Managed email profile requirement
🚫 Restricted applications

➡️ These controls may be introduced at higher Essential Eight maturity levels.

✅ Enabled
✅ Enforced via Intune Compliance
✅ Conditional Access blocks access after 24‑hour grace period

✅ Supports Essential Eight – COMPLY
✅ Enforces baseline device security controls
ℹ️ Additional restrictions align with M2/M3 and are not required at this stage

This compliance policy ensures that:

✅ Mobile devices are protected with a passcode
✅ Jailbroken devices cannot access corporate resources
✅ Users have time to remediate before access is blocked

This establishes a baseline mobile compliance posture aligned to Essential Eight while allowing for future uplift as security maturity increases.