There’s a known issue with the noncompliance messaging details that appear in Company Portal for Windows 10/11 devices. When a device is identified as noncompliant due to having a Windows build outside the ranges an admin specifies in the Intune compliance policy, a remediation message is displayed in the Company Portal indicating the operating system (OS) needs updating along with a valid range of OS versions. However, when multiple OS ranges are specified in the policy by configuring the Valid operating system builds compliance setting, the message in the Company Portal will only display the first OS build range rather than all acceptable ranges.
The compliance policy is being enforced correctly despite the missing ranges in the remediation messaging. To make the device compliant, update the device OS build to a version within the specified acceptable range in the compliance policy.
Here’s an example of the scenario, the compliance policy below has two ranges within the Valid operating system builds setting 10.0.19044.1288 - 10.0.19044.1949 and 10.0.22000.438 - 10.0.22000.918.
Screenshot of a new Windows 10/11 compliance policy with a few settings configured from this blog post.
If a device’s OS falls outside of those ranges, they’ll correctly receive a remediation message in the Company Portal, but the message will only display the first range: 10.0.19044.1288 - 10.0.19044.1949.
Screenshot of a managed Windows 11 PC and its current compliance settings under the Intune Company Portal.
If you have any questions or comments for the Intune team, reply to this post or reach out to @IntuneSuppTeam on Twitter.