Forum Discussion
How to block non-enrolled devices
We have recently migrated from Basic Security (O365) to Intune and we're trying to setup a policy to block iOS and Android devices if they are not enrolled with the company portal app. I setup a cond...
Hi Rudy, thanks for replying. We already have a conditional access policy to block legacy authentication - is this what you mean?
Mmmm okay so you have configured the compliance policies ....how did you configure the default compliance settings (mark devices without compliance policy as compliant or not compliant)
- I think that's it! We are still in the process of migrating to intune so we left that default compliance setting as : mark devices without compliance policy as compliant - we didn't want to risk blocking devices that are still on basic security.
I discovered the test device is still in the database listed as compliant because it used to belong to another user.
I'm not sure what the best course of action to use while we are migrating to intune - leave the default compliance setting in place or set it to "mark devices without compliance policy as not compliant"- When you leave that setting to default... even people who only register their device (and not enrolling into Intune) can come "compliant" because there isn't a compliance policy targetted
https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started#compliance-policy-settings
