Forum Discussion
Hi
It sort of says it here :
https://docs.microsoft.com/en-us/mem/intune/protect/create-compliance-policy#before-you-begin
"Enroll devices to one user, or enroll without a primary user. Devices enrolled to multiple users aren't supported."
Resume: Intune will track compliance for every user on that device, so if one fails... the whole device fails... And this is done for every user who logs in..
Did you also tried with a device with the primary user removed, so it really becomes a shared device?
So any user who logs in to that Hybrid azure ad join machine will be visible in Intune because same policies applies to all users, Any way to remove those additional users from compliance setting of the device? Cant find that option
- Jan 17, 2022You have your built in compliance policies, some custom-made compliance policies and your default set of compliance policies , (that you need to target to users.) so you could add "all users" and use the filters to exclude some devices/users.
But you will always have your built in compliance which you can't do anything about 🙂 Like is active, enrolled user exists etc- smf9211Jan 17, 2022Copper ContributorHmm.. thanks, yeah asking question here because these things not clear in MS Docs. One more question, we know if device is not complaint, then it is considered as "quarantined". Does it have any impact on user/device unless it is linked with conditional access policy?
Thanks in advance- Jan 17, 2022
I know 🙂 compliance policies are not very well written about.... (creating a blog about it ... but I need to find some time I guess)
Compliance policies are only to measure something (except password policies on mobile devices if I am not mistaken... as they sort of enforce a user to change their password)
So you will need to have something to sort off enforce an action when its not compliant --> Conditional access... If --> then