Forum Discussion
--AIM--
Oct 10, 2023Copper Contributor
Risk with Users with a Device with Multiple Compliances
Hi,
I'm a support agent that uses Intune vs. an admin. I'm looking at non-compliant devices in Intune, and I have a few examples of users that are using 1 device, but that same device is in multiple compliance states in Intune: both compliant and non-compliant. I notice that the OS is different: personally-owned work profile vs. device administrator. What I'm curious about is if this poses a security risk and if so, what? Thanks for your help!
Hi --AIM--,
A device with multiple compliance states in Intune can pose a security risk because it may be able to access resources that it should not be able to access, depending on the compliance state of the device.
For example, if a device is enrolled in Intune as a personally-owned work profile device, it may be able to access corporate resources even if the device is not compliant with corporate security policies. This is because the personally-owned work profile device has its own separate work profile that is isolated from the personal profile.
Another example is if a device is enrolled in Intune as a device administrator device, it may be able to access corporate resources even if the device is not compliant with corporate security policies. This is because the device administrator has full control over the device.
To mitigate these risks, it is important to ensure that all devices that are enrolled in Intune are compliant with corporate security policies. You can do this by creating and assigning device compliance policies in Intune.
You can also use Conditional Access to block devices from accessing corporate resources if they are not compliant.- Use compliance policies to set rules for devices you manage with Intune: https://learn.microsoft.com/en-us/mem/intune/protect/create-compliance-policy
- Monitor results of your Intune Device compliance policies: https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-monitor
- Security risks of devices with multiple compliance states in Intune: https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
- LeonPavesicSilver Contributor
Hi --AIM--,
A device with multiple compliance states in Intune can pose a security risk because it may be able to access resources that it should not be able to access, depending on the compliance state of the device.
For example, if a device is enrolled in Intune as a personally-owned work profile device, it may be able to access corporate resources even if the device is not compliant with corporate security policies. This is because the personally-owned work profile device has its own separate work profile that is isolated from the personal profile.
Another example is if a device is enrolled in Intune as a device administrator device, it may be able to access corporate resources even if the device is not compliant with corporate security policies. This is because the device administrator has full control over the device.
To mitigate these risks, it is important to ensure that all devices that are enrolled in Intune are compliant with corporate security policies. You can do this by creating and assigning device compliance policies in Intune.
You can also use Conditional Access to block devices from accessing corporate resources if they are not compliant.- Use compliance policies to set rules for devices you manage with Intune: https://learn.microsoft.com/en-us/mem/intune/protect/create-compliance-policy
- Monitor results of your Intune Device compliance policies: https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-monitor
- Security risks of devices with multiple compliance states in Intune: https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)