Forum Discussion

sysad42's avatar
sysad42
Copper Contributor
Dec 01, 2022

Report-Only Device Compliance Policy

I am attempting to create a device compliance conditional access policy in report-only for testing, however, I get the warning that even report only may force devices to select a device certificate and require compliance. I cant seem to find any more information than that warning, so what should I expect users to see or for their devices to do if we enable this? What device certificate would they be selecting, intunes or their own? Whats that look like? 

    • sysad42's avatar
      sysad42
      Copper Contributor

      rahuljindal-MVP 

       

      When you go to make a CA policy with device compliance there is a warning that says

      Warning

      Policies in report-only mode that require compliant devices may prompt users on Mac, iOS, and Android to select a device certificate during policy evaluation, even though device compliance is not enforced. These prompts may repeat until the device is made compliant. To prevent end users from receiving prompts during sign-in, exclude device platforms Mac, iOS and Android from report-only policies that perform device compliance checks. Note that report-only mode is not applicable for Conditional Access policies with "User Actions" scope.

       

      https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-report-only

       

  • Moe_Kinani's avatar
    Moe_Kinani
    Bronze Contributor
    Echoing my colleague @ rahuljindal-MVP, Screenshot of the warning would be great.

Resources