Microsoft Intune service must display the Standard Mandatory DOD Notice and Consent Banner and have the user acknowledge acceptance of the access conditions before granting access to the application.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-267315 | MSIN-24-000150 | SV-267315r1026051_rule | Medium |
| Description |
| STIG | Date |
| Microsoft Intune Service Desktop Security Technical Implementation Guide | 2024-10-04 |
Details
| Check Text (C-71239r1025798_chk) |
| Verify Entra ID has been configured to display the DOD login banner when an Intune user logs in. Have an authorized Intune administrator log in to the Intune admin center and verify the DOD banner is displayed and the user is forced to acknowledge acceptance of the access conditions. If an authorized Intune administrator log does not find the DOD login banner when logging in to Intune and is not forced to acknowledge acceptance of the access conditions, this is a finding. |
| Fix Text (F-71142r1026051_fix) |
| Intune administrator account authentication is managed by Entra ID. To create the standard DOD banner in Entra ID, do the following: 1. Sign in to the Microsoft Entra admin center as a Global Administrator. 2. Search for "Company Branding" in the search bar. 3. Select "Customize" under "Default sign-in experience". 4. Configure format of the banner as desired. Refer to https://learn.microsoft.com/en-us/entra/fundamentals/how-to-customize-branding for more information. 5. Place the required DOD banner text in either the "Display text" box of the banner footer or the "Sign-in page text" box of the "Sign-in form" based on local preference. 6. Select "Create". |