Windows 10 and later

Device Health

Bitlocker: Required

Secure Boot: Required

Device Properties

Minimum OS version: 10

Configuration Manager Compliance

Require device compliance from Configuration Manager

System Security

Require encryption of data storage on device

Firewall

Antivirus

Antispyware

Microsoft Defender Antimalware

Microsoft Defender Antimalware security intelligence up-to-date

Real-time protection

Device Security

Require a password to unlock mobile devices

Required password type: At least alphanumeric

Require password when device returns from idle state (Mobile and Holographic)

Maximum minutes of inactivity before password is required: 5 minutes

Require the device to be at or under the machine risk score: Medium