Configuration Manager has the ability to import the Security Compliance Manager GPO settings. Using these imported settings, you can audit, notify, and report on machine and device compliance. This is particularly useful for security administrators who wish to know that the policies defined are in place across an organization.

For example, if an administrator has overridden a policy manually on a Windows desktop, or if administrators have blocked group policy inheritance for an organizational unit, there would be no way of knowing about it unless it were reported by a user or technician.

The Configuration Manager agent can report on whether the desired ...