Forum Discussion
Hybrid Azure AD joined Devices WITHOUT Intune show up as Non Compliant
Hello, We do not use Intune for Windows at the moment. Everything is blocked e.g. Enrollment Polices, not Autopilot etc. At the moment we are seeing some devices in AAD under Devices that s...
Okay but as you configured nothing in Intune and you are enrolling those devices into intune…? you also have no compliance policies configured etc so… one of the build in compliance policies is: has a compliance policy assigned… guess what happens when it doesnt gets or has one 🙂
So we have AAD conditional access policy configured to allow only hybrid AAD joined (Win10) devices or compliant devices(iOS & Android) using compliance partner configured in Intune with AirWatch. no Win devices are enrolled or show up in Intune - Device blade. These devices are only visible in AAD - All Devices blade. there are about 4000 devices hybrid joined and only half of the devices show Compliant = NO other shows compliant = NA.
- Are you 100% sure those devices got targetted with the gpo and successfully enrolled those devices into Intune? (registry settings configured
Did you also looked at the event logs mentioned in this blog?
https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy
YoWe have GPO configured to push these devices as hybrid joined in Azure so they can pass the conditional access. there is nothing else configured to manage these devices in Intune. All users are currently licensed to Intune and other services under E5.
- Those devices that show n/a thats of course obvious... but those "NO" are weird as normally you need intune to deliver that "judgment" 🙂
https://docs.microsoft.com/en-us/answers/questions/909847/non-compliance-of-devices-in-azure-ad-without-intu.html