Forum Discussion
Device compliance 65001 (Not Applicable) and Defender Security centre weirdness
Hi Tech community.
I have 2 questions, related to some work I am doing with a customer who's devices are Azure Hybrid AD joined and using Windows 10 1909.
1. The windows 10 devices do not have a compliance policy set......yet however I am seeing a mixture of machines where it reports its compliance as success however when I dig into the policy settings I am seeing:
Enrolled user exists - Compliant
Has a compliance policy assigned - Error - 65001 (Not applicable) Error code 0xfde9.
Is active - Compliant
The error is picking up a default device compliance policy. Is there anyway this can be ignored or removed?
2. The customer is also using Defender Security centre and are leveraging the Threat and Vulnerability dashboard which reports the state of security patching for Windows, Office, IE, Edge across the estate. The customer is using Windows update for business to manage this however we are finding it's taking a long time for data to be refreshed in Defender ATP for example if the latest quality update has been applied. Intune is stating it has been installed but this isn't being reflected in DATP. Is this expected?
Many Thanks
R
- ITnerd62Copper Contributor
- Thijs LecomteBronze ContributorHI
For question one, there is a setting 'Mark devices with my compliance policy assigned as', yours will be set to 'non-compliant'.
https://techcommunity.microsoft.com/t5/microsoft-intune/device-compliance-65001-not-applicable-and-defender-security/m-p/1343120#M4083
I would advise to keep it this way. This makes sure all computers have a good compliance policy assigned
For your second question, yes TVM in MDATP is slow :). No workaround here unfortunately. You just have to be patient- Like_A_NumberCopper Contributor
Please be clear. This error 65001 (not applicable)
1. means something or means nothing
2. This statement of yours: 'Mark devices with my compliance policy assigned as', yours will be set to 'non-compliant'. Seems to indicate that devices with a compliance policy assigned will be marked "non-compliant." This seems contradictory. Please explain tis logic.
I have this issue as well, and I've not found a satisfactory explanation on line at all. Thanks for your help.
- Thijs LecomteBronze ContributorCheck this out https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started#compliance-policy-settings
What is the value of 'Mark devices with no compliance policy assigned as' for you
- Saleem_Jan007Copper Contributor
What I think, you need to go into properties of specific machine and assign a category also check which policies has been assigned to machine, thanks.
- ShaneLaserDigitalCopper Contributor
anyone having issues with Windows 365 Boot Shared PC Device Configuration Policy