The Intune team is aware of compliance reporting behavior in the Microsoft Endpoint Manager admin center that causes confusion among some of our customers. With this post, we’d like to make you aware of these issues while we work on providing better experiences in the future.
We are aware of an issue where targeting a device with a compliance policy that has one or more of the following settings enabled can cause the compliance policy to show a “Not applicable” status, even though the settings actually do apply:
Note: This issue does not occur if you include another setting in the same policy, such as a minimum or maximum OS version.
The reason this occurs is due to how reporting data is calculated. The reporting data for these settings may not be immediately reflected until the system has had a chance to process all of the reporting data, usually within 24 hours.
While this is a known issue, the compliance setting status should resolve itself within 24 hours. If it doesn’t resolve after 24 hours, ensure that the device configuration profile has been applied appropriately. We are working to fix this issue so that the correct compliance status is always shown.
Compliance reports help you understand when devices fail to meet your compliance configurations and help you identify compliance-related issues in your organization. The Setting compliance report (Devices > Monitor > Setting compliance) displays the number of devices in each compliance state for each compliance setting within a compliance policy in your environment. So, you may notice the number of compliant devices listed doesn’t match the number of enrolled devices the policy has been applied to.
Setting compliance report in Microsoft Endpoint Manager admin center
The numbers in each column reflect the number of compliance records Intune has for each compliance setting. When multiple users check-in on the same device, multiple reporting records are captured for the same policy for each user. This occurs most often with devices shared among multiple users, such as desktop PCs.
We are working on improving reporting views, including the Setting compliance report, to only count each device once.
Refer to Monitor results of your device compliance policies in Microsoft Intune for more information on monitoring device compliance.
When a device becomes noncompliant to a policy, the device is added to the Noncompliant devices report and may be included in the Retire noncompliant devices list if the Retire the noncompliant device action for noncompliance is configured. While the report and list may appear similar, they have different purposes:
We are working on changes to make the purpose of the Retire noncompliant devices list clearer in the Endpoint Manager admin center.
We will continue to update this post as new information becomes available. If you have questions or comments for the Intune team, reply to this post or reach out to @IntuneSuppTeam on Twitter.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.