Forum Discussion

Baljit Aujla's avatar
Baljit Aujla
Copper Contributor
Dec 06, 2018
Solved

Device Compliance

Hi All,   Is anyone else see incorrect reporting of device compliance due to the "System Account"? As per Microsoft documentation:   "Windows 10 devices that are Azure AD joined may show the Syst...
Conditional Access
Intune
  • Hrvoje Kusulja's avatar
    Hrvoje Kusulja
    Mar 18, 2019

    Baljit Aujla I have figured out the solution.

    When you have Compliance policy, assigned to All Users, it will reflect all your Azure AD users with those logins. But what about other (local accounts), like "system account" etc.., they are not compliant.

    Resolution is to have another additional (same) compliance policy, assigned to Azure AD security group, and add those (shared) windows 10 devices to the group.

    In that case, Compliance policy is assigned on device level to the specific device, and then "system account" does not cause the problem.

    It is poorly documented, but this is something that Microsoft Support given to me...

WalterPrem's avatar
WalterPrem
Brass Contributor
May 09, 2019

Baljit Aujla 

Oliver Kieselbach 

 

I also have this problem. Devices are set to AD security group "windows 10 only" devices.

When adding the laptops to Azure AD, they will get both the system account and user account.

Sometimes, there's no problem, but other times, things like "require bitlocker" only fail on the system account, and the entire devices gets marked as non-compliant!

Laptops are on 1809.


Still no fix?

hkusulja's avatar
hkusulja
MVP
May 24, 2019

Mine is working :P sorry, not be able to help more..

Resources