Tech Community Live: Endpoint Manager edition
Jul 21 2022, 08:00 AM - 12:00 PM (PDT)

Built-in Device Compliance Policy - is active - Not Compliant

%3CLINGO-SUB%20id%3D%22lingo-sub-3001230%22%20slang%3D%22en-US%22%3EBuilt-in%20Device%20Compliance%20Policy%20-%20is%20active%20-%20Not%20Compliant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3001230%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20an%20enrolled%20windows%20device%20(we%20are%20using%20Azure%20AD%2C%20no%20hybrid)%2C%20where%20I%20changed%20the%20primary%20user.%3CBR%20%2F%3EThe%20compliance%20policy%20and%20the%20build-in%20device%20compliance%20policy%20for%20the%20new%20primary%20user%20is%20showing%20compliant.%3CBR%20%2F%3EBut%20the%20build-in%20compliance%20policy%20for%20the%20user%2C%20who%20has%20enrolled%20the%20device%20is%20showing%20%22not%20compliant%22%20see%20screenshots%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22not%20compliant.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F329132i649CBCD41F81DF57%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22not%20compliant.jpg%22%20alt%3D%22not%20compliant.jpg%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22not%20compliant2.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F329133i2EBCD7F9289DFCAD%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22not%20compliant2.jpg%22%20alt%3D%22not%20compliant2.jpg%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22not%20compliant3.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F329134iDF6D9108F8A36F4E%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22not%20compliant3.jpg%22%20alt%3D%22not%20compliant3.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20have%20any%20ideas%20how%20to%20solve%20this%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3001230%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECompliance%20Policy%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3001360%22%20slang%3D%22en-US%22%3ERe%3A%20Built-in%20Device%20Compliance%20Policy%20-%20is%20active%20-%20Not%20Compliant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3001360%22%20slang%3D%22en-US%22%3EHi%20MrNuggets%2C%3CBR%20%2F%3E%3CBR%20%2F%3Ethis%20is%20something%20I%20see%20appearing%20and%20disappearing%20every%20now%20and%20then.%20Seems%20like%20a%20refresh%20issue.%20However%2C%20there%20are%20a%20few%20things%20you%20can%20check%3A%3CBR%20%2F%3E%3CBR%20%2F%3E-%20check%20whether%20the%20device%20has%20another%20compliance%20policy%20assigned%3CBR%20%2F%3E-%20check%20whether%20the%20device%20is%20active%20(recently%20synchronized)%3CBR%20%2F%3E-%20check%20whether%20the%20user%20that%20enrolled%20the%20device%20(still)%20exists%20in%20AAD%3CBR%20%2F%3E%3CBR%20%2F%3Eif%20all%20answers%20are%20YES%2C%20then%20you%20can%20also%20try%20to%20re-enroll%20the%20device%20to%20get%20all%20data%20populated%20all%20new%20in%20the%20Intune%20database.%3CBR%20%2F%3E%3CBR%20%2F%3Ehope%20it%20helps%3CBR%20%2F%3E%3CBR%20%2F%3EAlex%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3001528%22%20slang%3D%22en-US%22%3ERe%3A%20Built-in%20Device%20Compliance%20Policy%20-%20is%20active%20-%20Not%20Compliant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3001528%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20the%20user%20is%20active%20and%20everything%20good%20there%20is%20a%20known%20issue%20with%20this%20built%20in%20compliance%20policy%20that%20Microsoft%20knows%20about.%20Our%20tenant%20have%20hundreds%20of%20these%20even%20if%20they%20are%20%22compliant%22.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3001698%22%20slang%3D%22en-US%22%3ERe%3A%20Built-in%20Device%20Compliance%20Policy%20-%20is%20active%20-%20Not%20Compliant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3001698%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1225418%22%20target%3D%22_blank%22%3E%40AlexdeJong%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3Ethank%20you%20for%20your%20reply%2C%20I%20checked%20your%20points%3A%3CBR%20%2F%3EOnly%20one%20compliance%20profile%20is%20assigned.%3CBR%20%2F%3EThe%20client%20syncronized%2030%20minutes%20ago.%3CBR%20%2F%3EThe%20enrolled%20user%20still%20exists.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20will%20think%20about%20reenrolling%20the%20device.%3CBR%20%2F%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3002680%22%20slang%3D%22en-US%22%3ERe%3A%20Built-in%20Device%20Compliance%20Policy%20-%20is%20active%20-%20Not%20Compliant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3002680%22%20slang%3D%22en-US%22%3EHi%3CBR%20%2F%3E%3CBR%20%2F%3E%3CMAYBE%20offtopic%3D%22%22%20but%3D%22%22%20p%3D%22%22%3E%3CBR%20%2F%3EJust%20looking%20at%20the%20pictures..%20but%20just%20wondering...%20but%20are%20you%20okay%20with%20the%20settings%3A%20mark%20devices%20with%20no%20compliance%20policy%20--%26gt%3B%20compliant%3F%3C%2FMAYBE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3004934%22%20slang%3D%22en-US%22%3ERe%3A%20Built-in%20Device%20Compliance%20Policy%20-%20is%20active%20-%20Not%20Compliant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3004934%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F620702%22%20target%3D%22_blank%22%3E%40Rudy_Ooms_MVP%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20do%20not%20have%20any%20clients%20without%20a%20compliance%20policy%2C%20but%20you%20are%20right%2C%20I%20will%20change%20this%20setting%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

I have an enrolled windows device (we are using Azure AD, no hybrid), where I changed the primary user.
The compliance policy and the build-in device compliance policy for the new primary user is showing compliant.
But the build-in compliance policy for the user, who has enrolled the device is showing "not compliant" see screenshotsnot compliant.jpgnot compliant2.jpgnot compliant3.jpg

 

Do you have any ideas how to solve this? 

5 Replies
Hi MrNuggets,

this is something I see appearing and disappearing every now and then. Seems like a refresh issue. However, there are a few things you can check:

- check whether the device has another compliance policy assigned
- check whether the device is active (recently synchronized)
- check whether the user that enrolled the device (still) exists in AAD

if all answers are YES, then you can also try to re-enroll the device to get all data populated all new in the Intune database.

hope it helps

Alex
Hi,

If the user is active and everything good there is a known issue with this built in compliance policy that Microsoft knows about. Our tenant have hundreds of these even if they are "compliant".

@AlexdeJong 

thank you for your reply, I checked your points:
Only one compliance profile is assigned.
The client syncronized 30 minutes ago.
The enrolled user still exists.

I will think about reenrolling the device.
 

Hi

<Maybe offtopic but :p
Just looking at the pictures.. but just wondering... but are you okay with the settings: mark devices with no compliance policy --> compliant?

@Rudy_Ooms_MVP 

 

We do not have any clients without a compliance policy, but you are right, I will change this setting :)