Extended Checks for Screen Lock and Antivirus - Iru (Kandji) & Microsoft Intune

Overview

Sprinto’s enhanced integrations with supported MDMs (Mobile Device Management tools) now support automated monitoring of two additional compliance checks:

• Screen lock — Verifies that devices automatically lock after a defined period of inactivity.

• Antivirus — Detects the presence of recognised antivirus protection on staff devices.

This enhancement enables real-time compliance tracking and removes the need for manual evidence submissions.

This article explains how to configure your MDM (Iru (Kandji) or Microsoft Intune) so Sprinto can enforce these extended checks.

Prerequisites

Before enabling extended checks, ensure that:

• You have admin access to your MDM account (Iru (Kandji) or Intune).

• You can create or edit compliance policies or profiles in your MDM.

• You can update API token permissions (Iru (Kandji)) or re-integrate the account (Intune).

Configure in Iru (Kandji) (macOS)

Step 1 – Configure Screen Lock

Create or edit a Passcode profile with these settings:

• Require passcode — Enabled

• Require Passcode After Sleep or Screen Saver Begins — Immediately

• Start Screen Saver After — 15 minutes or less

Assign the Passcode profile to your Blueprints.

Step 2 – Update API Key Permissions

Ensure the API key used in Sprinto has the following Device permissions enabled:

• Device Library Items

• Application List

Antivirus Detection

Sprinto checks the installed applications list via Iru (Kandji) API. A device passes if any recognised antivirus is found (e.g., Microsoft Defender, CrowdStrike, Sophos, Bitdefender, SentinelOne, McAfee, Malwarebytes, etc.).

Configure in Microsoft Intune (Windows & macOS)

Step 1 – Configure Antivirus Requirement (Windows only)

In your Intune compliance policies, set one of the following to Require:

• Encryption → Antivirus field

• Defender → Defender field

Step 2 – Configure Screen Lock Requirement

In Intune compliance policy:

• Navigate to System security → Password.

• Set Maximum minutes of inactivity before password is required to 15 minutes or less.

• Apply for both Windows and macOS devices.

Step 3 – Re-integrate Intune with Sprinto

After updating compliance policies:

• In Sprinto, go to Settings → Integrations → Active Integrations.

• Select Microsoft Intune → Manage → Update Connection.

• Re-connect to the same account so Sprinto updates the integration.

How Sprinto Tracks Antivirus

• Iru (Kandji): Reads installed apps via API, flags devices without recognised antivirus.

• Intune: Reads compliance status directly from your configured antivirus settings.

Next Steps

Once configuration is complete:

• New monitors for Screen Lock and Antivirus appear under Staff Devices in Sprinto.

• Non-compliant devices are flagged automatically.

• Remediation tasks are created where required.

• Compliance status updates in real time based on Iru (Kandji) or Intune data.