Skip to main content
Checks that the OS is up to date on all Defender-managed devices.

About

When you connect Microsoft Defender for Endpoint to DSALTA, the platform collects device posture using read-only API access. DSALTA activates this check for any device that does not meet the requirement.

Why This Matters

Laptops and phones that are unencrypted, unlocked, or running outdated software are easy targets if lost or stolen. Enforcing endpoint baselines protects company data on every device and is required by SOC 2 and ISO 27001.

How to Fix

Before you begin
  • Ensure you have access to your MDM (Microsoft Intune) or device management console.
Enforce OS update on all devices
  1. Open Microsoft Intune admin center (or your Defender / MDM portal).
  2. Create or edit a compliance or configuration policy for each platform (Windows, macOS).
  3. Configure the policy to set a minimum OS version and mark older devices non-compliant.
  4. Assign the policy to all device groups and set non-compliant devices to be flagged.
Once all managed devices comply, DSALTA retrieves the change on the next sync and sets the check status to Passing.

Frequently Asked Questions

This check runs automatically every 24 hours while the Microsoft Defender for Endpoint integration is connected. You can also trigger a manual sync from Integrations in the sidebar.
A failing check appears in your Data Library → Tests dashboard. Work through the steps above; once the underlying configuration is fixed, the status updates automatically on the next sync.
Yes. If it does not apply to your environment, mark it as Not Applicable with a justification. The exclusion is documented for auditors.
No. DSALTA uses read-only API access and never modifies, creates, or deletes resources. All remediation is performed by your team directly in Microsoft Defender for Endpoint.