Apply CI/Baseline as an action on a failed compliance policy
In tech-preview 1606 an awesome feature has been added that let's you take an action on a compliance policy if it is not met.
What would be awesome would be the ability to apply a configuration item/baseline on the non compliant device.
E.g. If an intune device such as iOS has a malicious threat installed (combined with the compliance setting maximum threat level an action to remediate the threat by applying a configuration item that completely locks down that device)
See Suzanne Grant (Intune MSFT) for full scenario. Great work guys!