Forum Discussion
Intune device compliance status not evaluated
Has anyone encountered devices taking absolutely forever to evaluate overall compliance after user enrollment ESP? (pre-provisioned devices). They just sit there in "not evaluated" and get blocked by CA policy. Most come good eventually, but some literally are taking employees offline for the whole day.
These are all Win11 AAD-joined. Microsoft has only offered me the standard "may take up to 8 hours, goodbye" response but I am pulling my hair out trying to figure out if this is just an Intune thing, or is there a trick I am missing? Some of them take so long that I give up and swap out the device so they can start working.
The individual policies are evaluating just fine, but the overall status is way behind. I'd even prefer them to be non-compliant because at least then the grace period would kick in.
I have had very limited success with rebooting and kicking off all the syncs / check access buttons, but I have a feeling those buttons have just been a placebo. It happens very sporadically too on about half of devices the user doesn't even notice it's that quick.
Thanks for any advice
5 Replies
Compliance status showing as "Not evaluated" usually means the device has not yet checked in against the compliance policy. Here are the most common causes and fixes:
1. **Policy assignment timing** — After assigning a new compliance policy, it can take up to 8 hours for all devices to pick it up. You can speed this up by triggering a sync from the device: Settings > Accounts > Access work or school > Info > Sync.
2. **Compliance evaluation schedule** — Intune evaluates compliance every 8 hours by default. For newly enrolled devices, the first check happens within the first hour. If the device has been enrolled for a while but still shows "Not evaluated", force a sync.
3. **Grace period** — If your policy has a grace period configured, the device will show as "Not yet evaluated" until the grace period expires. Check your compliance policy settings for "Mark device noncompliant" timing.
4. **Policy conflict** — If multiple compliance policies target the same device with conflicting settings, the device may fail to evaluate. Check Devices > [device] > Device compliance to see if there are conflicts.
5. **Enrolment issues** — The device might not be properly enrolled. Verify in Intune Admin Center under Devices that the device shows as "Managed by: Intune" and the management state is active.
6. **Check the Intune diagnostic logs** on the device — run MDMDiagnosticsTool.exe from an elevated command prompt to collect logs that show exactly where the compliance check is failing.
If none of these resolve it, check the Intune service health in the M365 admin center for any ongoing issues with compliance evaluation.
- hi there, you can use this to force the sync.
Start-Process -FilePath "C:\Program Files (x86)\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe" -ArgumentList "intunemanagementextension://synccompliance" - Hi, it's very strange; if on a client you open company portal does it give you some strange message or does it say it's compliant?
- on company portal I got message that can't access company resources "This device does not meet Company compliance and security policies. You need to make some changes to this device so that you can access company resources."
- Hi, this is very strange; what are the compliat policies you have configured?
