Forum Discussion
Hi
It sort of says it here :
https://docs.microsoft.com/en-us/mem/intune/protect/create-compliance-policy#before-you-begin
"Enroll devices to one user, or enroll without a primary user. Devices enrolled to multiple users aren't supported."
Resume: Intune will track compliance for every user on that device, so if one fails... the whole device fails... And this is done for every user who logs in..Did you also tried with a device with the primary user removed, so it really becomes a shared device?
- smf9211Copper ContributorThanks, i didn't try that yet but got the answer, will try that.
So any user who logs in to that Hybrid azure ad join machine will be visible in Intune because same policies applies to all users, Any way to remove those additional users from compliance setting of the device? Cant find that option- You have your built in compliance policies, some custom-made compliance policies and your default set of compliance policies , (that you need to target to users.) so you could add "all users" and use the filters to exclude some devices/users.
But you will always have your built in compliance which you can't do anything about 🙂 Like is active, enrolled user exists etc
- rahuljindal-MVPBronze ContributorI got around this issue by targeting user based group for the compliance policy instead of a device based group.