Forum Discussion

Brass Contributor

Aug 18, 2022

Hybrid Azure AD joined Devices WITHOUT Intune show up as Non Compliant

Hello, We do not use Intune for Windows at the moment. Everything is blocked e.g. Enrollment Polices, not Autopilot etc. At the moment we are seeing some devices in AAD under Devices that s...

Conditional Access

MVP

Aug 19, 2022

How did you configured the default compliance policy.... "mark devices without compliance policy" compliant or not compliant.

Als wondering about the mdm scope etc as described here
https://call4cloud.nl/2021/08/the-battle-between-aadj-and-aadr/ (i know its aadr/aadj... but )

ErikVet
Brass Contributor
Aug 19, 2022
Rudy_Ooms_MVP .. thanks for you comments

Default Compliance is configured as "not compliant" but the effected "Not Compliant Devices" without and MDM Scope (AADHJ devices) under AzureAD Devices do not show up in Endpoint Mgr.

But changing this would also effect not only windows devices right ... all the mobile devices too ...

Scope for Windows Enrollment is set to "Some" but is 100% sure that none of the affected devices/user where in that group.
- Rudy_Ooms_MVP
  MVP
  Aug 19, 2022
  Mmm pretty weird... as you should normally say that when a device isn't enrolled into intune it doesn't have the possibility to get a compliant state.
  
  Could you find out the reason why its not compliant? ( I assume the build in ones) or?
  - ErikVet
    Brass Contributor
    Aug 23, 2022
    Rudy_Ooms_MVP
    
    Indeed that is pretty weird. It looks like only devices which where "setup" in last couple of months. But also older ones are affected.
    
    As they show not in intune it is just guessing what compliance rules trigger it. Is this somehow possible of the Graph API but I have look for that in detail.
    
    Maybe some Intune/Device/AzureAD MVP can ask the product team .. I do not have those connections . Or even MS is reading this and can give some hints as this is definitely not normal.
    
    Thx
    Erik

Resources