Hi Noah, I don't really care how it is done as long as it is enforced and there is no workaround other than full disenrollment. Our Windows machines have both MDM (via settings) and agent installed. Say, if password is enforced by an agent and I have a policy checking for that, I don't want users to uninstall agent, disable passwords/pin codes and still be "compliant" on the Dashboard because MDM is unable to check whether password is present or not. Ideally, I'd prefer something similar to how OS X devices are managed. They don't require an agent for a basic security constraints we are after. Also, I understand that implementing full Bitlocker support takes time, is it possible to roll out a simple encryption status check and report it to the dashboard? It used to be there before.
... View more