By: Tyler Castaldo – Sr. Product Manager | Microsoft Intune
Reporting is crucial to any organization’s device compliance story. This is even more important when using Azure Active Directory (Azure AD) Conditional Access policies that restrict access to your organization’s resources based on Intune compliance status. As we’ve continued to receive feedback from customers on how to make this reporting better, we’ve been working on specific improvements to the device compliance reports in Intune. Some of these are available today, while others are just around the corner. We also published a Message Center: MC591858 detailing these updates.
These improvements focus on:
- Modernizing our reporting infrastructure.
- Providing a consistent and simple report experience
- Updating the compliance policy monitoring experience.
Modernizing the compliance reporting infrastructure
To improve consistency between reports, including between top-level summaries and their detailed sub-reports or views, we’re consolidating back-end data sources, wherever possible. Using fewer data sources means these reports pull from the same data, ensuring consistency throughout the Intune admin center.
This infrastructure change also gives us the opportunity to make queries more efficient. In cases where the data source consolidation doesn’t allow us to load reports faster, such as data heavy, comprehensive reports, we’ve redesigned these as organizational reports. These organization reports will appear in the Reports section in Intune admin center and will have an improved, long-running-task experience that allows you to run a report in the background, from start to finish, while you perform other tasks in the admin center. Regardless of whether you run an operational report or a monitor, generated automatically, or an organizational report that’s generated manually, these reports are designed to load without timing out.
We’re also standardizing all compliance reports to show only one compliance state per device (or one compliance state per policy per device). If multiple users share the same device, only the user who used the device during the last compliance update will appear in reporting. If a compliance policy is deployed to a device group and no user was signed in during the last compliance update, “System account” will be displayed instead (this includes the built-in compliance policy). This change will clarify the latest compliance state of the device as well as eliminate double counting in aggregate reports (such as the Policy compliance and Setting compliance reports).
This infrastructure update allows us to support policies based on the settings catalog, which means we’re adding Linux support to all compliance reports (except the Windows health attestation report that is only scoped to Windows devices).
Simplifying the reporting experience
In addition to improving the data and performance of the reports, the updates to the infrastructure, coupled with improvements to the user interface tools, ensures all compliance reports will support:
- Efficient paging for reports with many rows
- Exporting data in CSV format
- Searching for partial values in all columns
- Filtering columns that have a constant set of values (such as operating systems)
- Those with varying values, such as devices or usernames, can still be searched on
- Sorting all columns
- Scope tags
- Important: Scope tag support means that some admins who were able to see all compliance details, or numbers of compliant or noncompliant devices or settings for the entire tenant, might no longer have access to this data. We recommend reviewing your role-based access control (RBAC) roles and scope tags to ensure all admins have the access they need for their specific roles.
Updating the compliance policy monitoring experience
As part of our reporting experience improvements, we’re also redesigning the overview and properties experience for compliance policies to be a similar reporting experience for device configuration profiles and the overall new Devices experience currently in public preview.
These are the specific changes you’ll see in the coming weeks:
- The pane navigation will be retired and replaced by a single pane split into two tabs, Overview and Properties.
- The Overview tab will contain:
- A device compliance summary in bar chart format. This summary links to a detailed Device status report, which includes the same paging, exporting, searching, filtering, and sorting functionality described earlier.
- A link to a refreshed Per-setting status report, which will also have the paging, exporting, searching, filtering, and sorting functionality.
- The Properties tab will contain the same information and experience as seen today in the Properties pane under the Manage header in the pane navigation. This is still the place you’ll go to edit existing policies.
- The Overview tab will contain:
We’re retiring the following elements:
- The circular (donut) summary charts on the current Overview pane—being replaced by the Device compliance summary and Device status report.
- The Essentials section—this information can already be found in the Properties pane and will continue to appear in the Properties tab.
- The User status report—the data found in this report today can be found in the new Device status report by either:
- Sorting the device report by the User Principal Name column.
- Searching for a specific username in the search box, which will limit the records to those matching that user.
Additional improvements and updates
We’ve already made improvements to the following reports and monitors:
- Under Reports > Device compliance > Reports
- Device compliance
- Device compliance trends
- Noncompliant devices and settings
- Devices without compliance policy
- Under Devices > Monitor
- Noncompliant devices
- Policy noncompliance
- Within a device’s Monitor section
- Device compliance
- Under Devices > Compliance policies
- Retire noncompliant device
In addition to the updates to the compliance monitoring experience discussed above, we’re also going to release new versions of the Policy compliance and Setting compliance reports under Reports > Device compliance > Reports, then remove the existing versions that are currently under Devices > Monitor once the preview ends in the coming weeks.
We hope these improvements enhance your management experience, stay tuned to What’s new in Intune for the release! If you have any questions or feedback leave a comment below or reach out to us on Twitter @IntuneSuppTeam.
