Free Tool

Intune Policy Builder

Generate NCSC and CIS Benchmark-aligned compliance and configuration profiles for Windows, macOS, iOS and Android — export as Intune-ready JSON.

NCSC Cyber Essentials CIS Benchmark 100% Free

⚙️

Configure your policy

1Platform

🪟

Windows

🍎

macOS

📱

iOS

🤖

Android

2Policy type

✅ Compliance

Rules devices must meet

⚙️ Configuration

Settings pushed to devices

3Policy details

4Settings — click ▸ to see NCSC/CIS rationale

Output will appear here

📋

Select your platform and settings, then click Generate.

📥 How to import into Intune

⚠️ Always test policies on a pilot group before broad deployment. Use a ring-based rollout.

Compliance Policy

Open Intune admin centre

Go to intune.microsoft.com → Devices → Compliance → Policies

Create policy via Graph API (recommended)

Open graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies in Graph Explorer. Set method to POST, paste your JSON and click Run Query.

Or import via PowerShell

Use New-MgDeviceManagementDeviceCompliancePolicy from the Microsoft.Graph PowerShell SDK with your JSON as the body parameter.

Assign to a group

After creation, go to the policy → Properties → Assignments → assign to your pilot Azure AD group first.

Configuration Profile

Go to Configuration Profiles

intune.microsoft.com → Devices → Configuration → + Create → Import policy

Upload the JSON file

Click Download .json above, then upload the file in the Import policy wizard. Intune will parse the @odata.type automatically.

Review and assign

Review all settings after import. Assign to a pilot group, monitor under Device status for 48 hours before wider rollout.

Monitor compliance

Go to Reports → Device compliance to track which devices are compliant. Non-compliant devices will be blocked per your Conditional Access policies.