Forum Discussion
Managed devices being detected as unmanaged in Access policy
I have an Access policy that targets devices that are not hybrid AD joined to block the OneDrive client syncing on personal devices. This is tested and working, but i'm finding that 1 of my pilot managed devices is intermittently displaying the cloud apps popup when OneDrive is being accessed.
The device in question is a corporate laptop running Windows 11 with a join type of "Microsoft Entra joined".
When I look at the logs all OneDrive activities are allowed except for the ones with a description of "open in native app" which are being blocked, these have an activity type of "Download File". Under User Agent Tag it only shows Intune Compliant, although I am not targeting this in the Access policy. I've noticed many computers in Entra ID are showing as non-compliant and didnt initially want to restrict them so did not tick it, should I?
Given a fleet of 17,000 devices, I need to understand why we are getting false positives and fix it before I roll out the policy to all of them. Any help is appreciated.
Thanks.
Cameron_Stephens In my opinion it is better because you can also give more timely exclusions (e.g., device filters) ; in my case I put that to use the Office 365 app (which also includes one drive sync) the device must be compliant (so managed device)
- Hi, can you take a screen shot of the policy?
Himicheleariis please see the picture attached of the policy I have created.
- Hi, to do this I used conditional access; had you tried those?
- Hi Cam, I have the same issue with the devices in my company. It's driving me crazy.
I'm using Conditional Access but no luck.- Hi HairongX, glad i'm not the only one experiencing this issue. While I can implement CA policies, my preference is to use MDFCA for this so all relevant policies are in the same place. I'm continuing to troubleshoot and will provide an update if I find a solution.
