FAQ for device compliance policies

Author: ChristianMontoya

windows-365/enterprise/known-issues-enterprise.md

@@ -64,6 +64,24 @@ Only the default Enrollment Status Page (ESP) profile is supported for Windows 3
 
 For default ESP profiles, when using hybrid Azure Active Directory (Azure AD) Join, you must set the **Only show page to devices provisioned by out-of-box experience (OOBE)** setting to **No**.
 
+## Device compliance policies for Windows 365 Cloud PCs
+
+The following device compliance settings report as **Not applicable** when being evaluated for a Cloud PC:
+
+- **Trusted Platform Module (TPM)**
+- **Require encryption of data storage on device.**
+
+The following device compliance settings report as **Not Compliant** when being evaluated for a Cloud PC:
+
+- **Require BitLocker**
+- **Require Secure Boot to be enabled on the device.**
+
+**Troubleshooting steps**: Follow these steps:
+
+- [Create a filter for all Cloud PCs](create-filter.md#create-a-filter-for-all-cloud-pcs).
+- For any existing device compliance policies that both evaluate to a Cloud PC and contain either of the **Not Compliant** settings, use this new filter to exclude Cloud PCs from the policy assignment.
+- Create a new device compliance policy without either of the **Not Compliant** settings and use this new filter to include Cloud PCs for the policy assignment. 
+
 ## Next steps
 
 [Troubleshoot Windows 365 Enterprise Cloud PC](troubleshooting.md)