Configuration Manager has the ability to import the Security Compliance Manager GPO settings. Using these imported settings, you can audit, notify, and report on machine and device compliance. This is particularly useful for security administrators who wish to know that the policies defined are in place across an organization.
For example, if an administrator has overridden a policy manually on a Windows desktop, or if administrators have blocked group policy inheritance for an organizational unit, there would be no way of knowing about it unless it were reported by a user or technician.
The Configuration Manager agent can report on whether the desired compliance settings are in place so that when you have implemented domain-wide or other group policy settings, you can validate that they are deployed and take action based on the information reported in Configuration Manager.
The recipe then shows...