# Extended Checks for Screen Lock and Antivirus - Iru (Kandji) & Microsoft Intune ### Overview Sprinto’s enhanced integrations with supported MDMs (Mobile Device Management tools) now support automated monitoring of two additional compliance checks: * **Screen lock** — Verifies that devices automatically lock after a defined period of inactivity. * **Antivirus** — Detects the presence of recognised antivirus protection on staff devices. This enhancement enables real-time compliance tracking and removes the need for manual evidence submissions. This article explains how to configure your MDM (Iru (Kandji) or Microsoft Intune) so Sprinto can enforce these extended checks. *** ### Prerequisites Before enabling extended checks, ensure that: * You have **admin access** to your MDM account (Iru (Kandji) or Intune). * You can create or edit **compliance policies** or **profiles** in your MDM. * You can update API token permissions (Iru (Kandji)) or re-integrate the account (Intune). *** ### Configure in Iru (Kandji) (macOS) #### Step 1 – Configure Screen Lock Create or edit a **Passcode profile** with these settings: * Require passcode — Enabled * Require Passcode After Sleep or Screen Saver Begins — Immediately * Start Screen Saver After — 15 minutes or less Assign the Passcode profile to your **Blueprints**. #### Step 2 – Update API Key Permissions Ensure the API key used in Sprinto has the following **Device permissions** enabled: * Device Library Items * Application List #### Antivirus Detection Sprinto checks the installed applications list via Iru (Kandji) API. A device passes if any recognised antivirus is found (e.g., Microsoft Defender, CrowdStrike, Sophos, Bitdefender, SentinelOne, McAfee, Malwarebytes, etc.). *** ### Configure in Microsoft Intune (Windows & macOS) #### Step 1 – Configure Antivirus Requirement (Windows only) In your Intune **compliance policies**, set one of the following to **Require**: * Encryption → Antivirus field * Defender → Defender field #### Step 2 – Configure Screen Lock Requirement In Intune compliance policy: * Navigate to **System security → Password**. * Set **Maximum minutes of inactivity before password is required** to 15 minutes or less. * Apply for both Windows and macOS devices. #### Step 3 – Re-integrate Intune with Sprinto After updating compliance policies: * In Sprinto, go to **Settings → Integrations → Active Integrations**. * Select **Microsoft Intune → Manage → Update Connection**. * Re-connect to the same account so Sprinto updates the integration. *** ### How Sprinto Tracks Antivirus * **Iru (Kandji)**: Reads installed apps via API, flags devices without recognised antivirus. * **Intune**: Reads compliance status directly from your configured antivirus settings. *** ### Next Steps Once configuration is complete: * **New monitors** for Screen Lock and Antivirus appear under **Staff Devices** in Sprinto. * Non-compliant devices are flagged automatically. * **Remediation tasks** are created where required. * Compliance status updates in real time based on Iru (Kandji) or Intune data.