Forum Discussion

smf9211's avatar
smf9211
Copper Contributor
Jan 16, 2022

Intune device showing non compliant and per user status different

Device is showing as non-compliant, when we click on the device-->Device Compliance, it shows multiple users on the same device, some showing compliant and some showing Not Compliant.

 

Question:

How the device compliance is decided when multiple users sign-in on a device?

 

Thanks

SM

  • Hi

    It sort of says it here :
    https://docs.microsoft.com/en-us/mem/intune/protect/create-compliance-policy#before-you-begin

    "Enroll devices to one user, or enroll without a primary user. Devices enrolled to multiple users aren't supported."

    Resume: Intune will track compliance for every user on that device, so if one fails... the whole device fails... And this is done for every user who logs in..

     

    Did you also tried with a device with the primary user removed, so it really becomes a shared device?

    • smf9211's avatar
      smf9211
      Copper Contributor
      Thanks, i didn't try that yet but got the answer, will try that.
      So any user who logs in to that Hybrid azure ad join machine will be visible in Intune because same policies applies to all users, Any way to remove those additional users from compliance setting of the device? Cant find that option
      • You have your built in compliance policies, some custom-made compliance policies and your default set of compliance policies , (that you need to target to users.) so you could add "all users" and use the filters to exclude some devices/users.

        But you will always have your built in compliance which you can't do anything about 🙂 Like is active, enrolled user exists etc
  • rahuljindal-MVP's avatar
    rahuljindal-MVP
    Bronze Contributor
    I got around this issue by targeting user based group for the compliance policy instead of a device based group.