Custom compliance JSON files for Microsoft Intune

To support custom settings for compliance for Microsoft Intune, you create a JSON file that identifies the settings and value pairs that you want to use for custom compliance. The JSON defines what a discovery script will evaluate for compliance on the device.

You’ll upload the JSON file when you create a compliance policy that includes custom compliance settings.

A correctly formatted JSON file must include the following information:

  • SettingName - The name of the custom setting to use for base compliance. This name is case-sensitive.
  • Operator - Represents a specific action that is used to build a compliance rule. For options, see the following list of supported operators.
  • DataType - The type of data that you can use to build your compliance rule. For options, see the following list of supported DataTypes.
  • Operand - Represent the values that the operator works on.
  • MoreInfoURL - A URL that’s shown to device users so they can learn more about the compliance requirement when their device is noncompliant for a setting. You can also use this to link to instructions to help users bring their device into compliance for this setting.
  • RemediationStrings - Information that gets displayed in the Company Portal when a device is noncompliant to a setting. This information is intended to help users understand the remediation options to bring a device to a compliant state. There must be at least one string for the language "en_US", but you can also specify additional remediation string languages as in the example below.

Your policy can be up to 100 KB and include 100 rules.

Supported operators:

  • IsEquals
  • NotEquals
  • GreaterThan
  • GreaterEquals
  • LessThan
  • LessEquals

Supported DataTypes:

  • Boolean
  • Int64
  • Double
  • String
  • DateTime
  • Version

Supported Languages:

  • cs_CZ
  • da_DK
  • de_DE
  • el_GR
  • en_US
  • es_ES
  • fi_FI
  • fr_FR
  • hu_HU
  • it_IT
  • ja_JP
  • ko_KR
  • nb_NO
  • nl_NL
  • pl_PL
  • pt_BR
  • ro_RO
  • ru_RU
  • sv_SE
  • tr_TR
  • zh_CN
  • zh_TW

For more information, see Available languages for Windows.

Example JSON file

{
"Rules":[ 
    { 
       "SettingName":"BiosVersion",
       "Operator":"GreaterEquals",
       "DataType":"Version",
       "Operand":"2.3",
       "MoreInfoUrl":"https://bing.com",
       "RemediationStrings":[ 
          { 
             "Language":"en_US",
             "Title":"BIOS Version needs to be upgraded to at least 2.3. Value discovered was {ActualValue}.",
             "Description": "BIOS must be updated. Please refer to the link above"
          },
          {
             "Language":"de_DE",
             "Title":"BIOS-Version muss auf mindestens 2.3 aktualisiert werden. Der erkannte Wert lautet {ActualValue}.",
             "Description": "BIOS muss aktualisiert werden. Bitte beziehen Sie sich auf den obigen Link"
          }
       ]
    },
    { 
       "SettingName":"TPMChipPresent",
       "Operator":"IsEquals",
       "DataType":"Boolean",
       "Operand":true,
       "MoreInfoUrl":"https://bing.com",
       "RemediationStrings":[ 
          {
             "Language": "en_US",
             "Title": "TPM chip must be enabled.",
             "Description": "TPM chip must be enabled. Please refer to the link above"
          },
          {
             "Language": "de_DE",
             "Title": "TPM-Chip muss aktiviert sein.",
             "Description": "TPM-Chip muss aktiviert sein. Bitte beziehen Sie sich auf den obigen Link"
          }
       ]
    },
    {
       "SettingName":"Manufacturer",
       "Operator":"IsEquals",
       "DataType":"String",
       "Operand":"Microsoft Corporation",
       "MoreInfoUrl":"https://bing.com",
       "RemediationStrings":[ 
          { 
             "Language": "en_US",
             "Title": "Only Microsoft devices are supported.",
             "Description": "You are not currently using a Microsoft device."
          },
          {
             "Language": "de_DE",
             "Title": "Nur Microsoft-Geräte werden unterstützt.",
             "Description": "Sie verwenden derzeit kein Microsoft-Gerät."
          }
       ]
    }
 ]
}

Next steps