It depends on why it is noncompliant and what measures you have in place to establish compliance. Formatting is quick but investigation is key to understanding why. It's also important to remember that the goal is secure access to corporate resources; blocking noncompliant devices until they are compliant and understanding what's going on with the device is a great practice.

That is going to greatly depend on your scenarios.   

Exporting data and creating custom dashboards is definitely an option and will allow you to join with your data that Intune doesn't have, and create custom views and dashboards.  Another benefit is you can store historical data, and generate those kind of reports.  However, this is more complicated to build and maintain, depending on your experience.

In Intune, we are continuing to expand Explorer's capabilities and combined with Device Query you will be able to use or create custom queries that can become a good in-console solution, and we are exploring how we can continue to make this better.  These approaches will be simpler to create and will be hosted in the Intune console.

Hopefully this gives you some insight how to think about choosing the best path for your scenario... you may find you use both, for different situations.

-David Guyer
Principal Product Manager - Intune

For custom reporting views, I would highly recommend checking out Explorer.
Explore Intune data with natural language and take action - Microsoft Intune | Microsoft Learn

Thanks for the responses. The tricky part is if device is auto-deleted after 6 months. We auto delete because inactive devices lowers our defender score, clutters the our portal, etc.

Example, we had a lost iOS device suddenly resurface on intune after 1 year. It looks to have been factory reset using DFU mode. so they were able to get to the home screen, but not enroll so no access to company resources. I was able to place it on lost mode, but thief did another DFU reset (i think) and so I lost mode it again.

It was whack a mole until they gave up. I've since created an iOS enrollment profile that places the device in single app mode (comp portal) when it auto pilots, and moved lost devices to this profile. That way thieves can not use it at all. 

I was curious if this approach can be done on Windows devices, and Android.

For Android devices, you'll also want to take a look at the available device actions. Depending on the scenario, actions such as Delete, Remote Lock, Retire, and Wipe may be appropriate.

SCawed​ ,

The place to look is at device actions.  Select the device under Devices, and then when the device page comes up the Overview page has a bar at the top of the actions you can take, which depends on the OS.  For example, for Windows, you can initiate a Wipe, and even unenroll the device from Intune, and there's additional options.  You can also rotate local admin passwords, do an autopilot reset, or try to locate the device... all potentially useful tools for lost devices.

I do recommend testing these options before you need them to ensure you are familiar with how they work and their device impact.

HTH,

-David Guyer
Principal Product Manager - Intune

I would recommend checking out the new App inventory reports or Explorer if creating a group is needed.
App inventory for Windows devices - Microsoft Intune | Microsoft Learn

Explore Intune data with natural language and take action - Microsoft Intune | Microsoft Learn

C00kieMonster​ ,

We are in transition today, so there are two solutions in Intune today.   The older solution is Discovered Apps, which is reporting on the device and also under All App / Monitor, which shows the inventory of apps and which devices have those apps.

The newer solution is only available today on a per-device basis.  Select a device, then All Apps, then the App Inventory tab.  This view shows the apps for that device, along with a lot more detail like last checked date, last updated, install location, and more.   We are working on bringing that data to an All Apps in my Tenant view, like the one I mentioned above.

At this time, there isn't a way to use app inventory in policy targeting.  It's something we get lots of feedback about and are investigating. It turns out to be more complicated than it appears on the surface, while the benefits are quite clear.

Hope this helps point you in the right direction... the data is available in Intune, may need a bit more data export and PowerShell scripting today to get the behaviors you are looking for, and we are moving to provide richer data, faster, and integrating it better into the console.

-David Guyer
Principal Product Manager - Intune (Apps & App Inventory)

Great question, I would suggest looking into using filters during assignment directly in Intune and seeing if these devices have the same device category or similar that could be used in a filter.
Filters documentation: Create assignment filters in Microsoft Intune - Microsoft Intune | Microsoft Learn

Available properties:
Assignment filter properties and operators reference - Microsoft Intune | Microsoft Learn