Thresholds can be set on individual policies (config and compliance) and Managed Apps. They determine the Red/Amber/Green (RAG) state that a policy/app will be put in when issues are detected. When there are issues with policies/managed apps it is possible to set them to never move from green state – this can be useful to help reduce noise in issues generated as when Eido is connected to your other tools this will result in notifications/Incidents being raised for them. Note threshold changes wont change your Config/Compliance/Managed App polices in Intune itself.
If we look at the example of the below policies:
The Background, Defender & Search Policy is not critical so it is set to go green when there are issues in applying the policy or it fails. The result of this Config Policy where it fails:
By contrast the “Defender Baseline…” policy is critical for security reasons. If it fails, the policy and so the device will be seen as red. It does not matter how long it is in failed state for, the policy will never be marked in the amber state on the way to red.
When Issues are detected by Eido (when something changes RAG status away from green) an Issue is raised and will be seen in Eido’s Issues list. Where Alerts are configured, it is possible to get notified when Issues are raised in the tools the rest of your teams use for their day to day work such as notifications being pushed to Microsoft Teams or Incidents being raised in ServiceNow. It is possible to configure each Alert to only fire on specific criteria (EG only when a Config Policy issue is raised that is in Red state) and if you wish in a specific case to not trigger Alerts you will need it to either not change RAG status for that specific case (EG set a specific Config Policy to never change from green RAG status) or to configure Eido’s Alerts to not send alerts with criteria that would be matched (EG configure Alerts only for Compliance policies).
When Issues are detected by Eido (when something changes RAG status away from green) an Issue is raised and will be seen in Eido’s Issues list. Eido’s Trends functionality is designed to show how the RAG status of Config/Compliance/App/OS Patch has improved or regressed over time and so the RAG status of individual policies over time is taken into account when calculating the trend for a given point in time. There is configuration within Trends to include only Red or Amber statues in its calculations and to calculate the minimum, maximum and average (median) RAG status at each point in time being plotted. See the Trends feature documentation for more information.