Forum Discussion
Intune Default Compliance Policy
Hi folks
I'm seeking a little clarification around compliance notifications. We have email alerts set for the compliance policies we have created but can't see how we would set this for the in-built device compliance policy. This is leading to some confusion as to when the compliance error emails would be sent to the intended recipient.
For example, one of our Android compliance policies is set as below:
and we have the default compliance settings as:
I would therefor expect a notification once a device has been inactive for over 30 days as they become non-compliant, but this seems to not be the case.
I can see through reporting that Intune does correctly mark the inactive device as non-compliant but there is zero record of a notification being sent.
Is anyone able to shed any light or should I go back to crying in the corner?
6 Replies
- Hi,
It is not possible indeed to sent out emails through this mechanism (shown in your screens) for the built-in Compliance Policy. There is not a lot of info about this but for example, see this earlier discussion: https://www.reddit.com/r/Intune/comments/153waru/default_device_compliance_and_notification_policy/?share_id=GQ84FFU-aYWFu37XfS8aa&utm_content=2&utm_medium=ios_app&utm_name=iossmf&utm_source=share&utm_term=22
Best way, also stated in the URL above, is to use Graph Powershell module, it is not really difficult to create a script on last check in date that sends out emails to the users. If you need help with this let us know..I've had a look into this but I don't think I can use this for what I need. When I use Get-DeviceManagement_DeviceCompliancePolicies I don't get a policy ID for the in-built compliance policy
- You do not really need the Compliancy cmdlet, I think, maybe I am misunderstanding you. If you use this for example:
(Get-MgDeviceManagementManagedDevice).LastSyncDateTime
You get al the last-check in dates and you can base the notification actions around that...
- Cheers, I'll have a look into this. Glad to know it's not possible from within the GUI though it's a little frustrating that this isn't available as a feature.
Hi,
Do you only have this issue with the above policy?
Does the notifications work on your other policies?
Have you checked the spam folder, to make sure that there isn't any mails in there?
If it isn't too long ago the device became non-compliant, you can try to check mail flow in your tenant for this sender:The issue doesn't lie with the custom policies, these report as expected. It's device dormancy triggering an out of compliance alert that is the issue here.
