Intune Compliance issue

Question

Hi Guys&nbsp;I have been facing this issue regarding Intune compliance for sometime.&nbsp;We have a CA policy in place which allows only complaint devices to access the company resources.&nbsp;But for some users, Intune portal shows the device is compliant and all checks are green but they are unable to access company resources and face the error that device is not complaint due to which they cant access the resources.&nbsp;Please advise. TIA

rahuljindal-mvp · Answer

Xin3n&nbsp;what does it say in the entra sign-in logs? Also, under which scenarios is the access restricted? Browser, local apps?

rudy_ooms_mvp · Answer

Well Intune can say its compliant... but that doesnt mean , Entra thinks the same :)... So just like rahuljindal was asking... the entra logs should tell you more

Did you also tried to t sync from the device?

kaj__ · Answer

I recommend configuring your compliance policy actions with a minimum schedule of 2 days. The compliance checks currently occur only every 8 hours. By doing so, you can avoid having any devices marked as non-compliant, which can be particularly challenging when combined with conditional access policies.

You also can for a compliance check on the device

Start-Process -FilePath "C:\Program Files (x86)\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe" -ArgumentList "intunemanagementextension://synccompliance"

rudy_ooms_mvp · Answer

Hi..The checkcompliance script you posted ... doesnt check for compliance :)... it checks for the custom compliance scripts policies... nothing more... nothing less 🙂 Also... i assume you mean maximum of 2 days :)... if the user is prompted to reboot his device after it has been enrolled with autopilot, normally 1 day would be enough

kaj__ · Answer

Well yes, sorry for confusing - thanks for your blog post https://call4cloud.nl/2021/11/the-last-days-of-custom-compliance/

Forum Discussion

Intune Compliance issue

9 Replies

Resources