Nov 24 2021 04:09 AM
I have an enrolled windows device (we are using Azure AD, no hybrid), where I changed the primary user.
The compliance policy and the build-in device compliance policy for the new primary user is showing compliant.
But the build-in compliance policy for the user, who has enrolled the device is showing "not compliant" see screenshots
Do you have any ideas how to solve this?
Nov 24 2021 04:43 AM
Nov 24 2021 05:22 AM
Nov 24 2021 06:05 AM
@AlexdeJong
thank you for your reply, I checked your points:
Only one compliance profile is assigned.
The client syncronized 30 minutes ago.
The enrolled user still exists.
I will think about reenrolling the device.
Nov 24 2021 10:22 AM
Nov 25 2021 01:51 AM
We do not have any clients without a compliance policy, but you are right, I will change this setting 🙂
Jan 18 2023 04:08 AM
@gerardoamadeus Do you know if this is still an ongoing issue with MS? Do you have a link for MS page where this known problem is outlined?
Mar 06 2023 12:16 PM
Mar 10 2023 12:45 PM
Mar 14 2023 03:58 PM
This probably won't help others, but in your case...
You note that a different user was used for enrollment. I think you can clear your error by logging into the device as that enrollment account (the account with the compliance policy showing as not active). So, reboot and then login and let the device sit for 5-10 minutes. If you don't reboot, then you might need to click Sync in the Intune console, and on the device in Settings > Accounts > Access Work / School > click domain > click Info button > scroll down and click the Sync button. I'd also open Company Portal > Settings > Sync too, but since it isn't the primary user, this may not do too much, but I'd still do it to cover all my bases. If this is a user device who I don't want to inconvenience with another disruption, then I'd probably reboot after the 10 minutes, login as the enrollment account and let it sit for another 5 minutes. It will probably take the Intune console longer than the 5-10 minutes to fully refresh, but I think it will clear in the 10-30 minute window.
Mar 20 2023 10:39 AM
Mar 20 2023 01:49 PM
@CutlerTS We have this issue quite often in our Shared PC environment. The device has a shared policy, has no primary user and has a valid compliance policy with active devices. They somehow STILL get marked as non-compliant. I logged in with the original administrative account that enrolled the device. This made no difference, despite much syncing and rebooting. The only thing that worked was to reenrol the device again. This isn't an acceptable solution, as this issue crops up randomly and frequently. It's really frustrating, as it's a constant upkeep. If it was a valid flag, it wouldn't be so bad, but it gets to the point where there is so much 'noise', the valid issues are lost in the haystack. Microsoft, you need to sort this out!
Mar 21 2023 01:50 AM
Mar 21 2023 02:00 AM
@Cena10 That’s nonsense isn’t it? We have a complete shared environment. It’s unworkable to keep re-enrolling. Common sense suggests it’s a bug but the advisor isn’t aware. I’d never be able to keep up with that. It must depend on who answers the query, as I’ve had corkers advised to me. On a different topic - “don’t switch off the PC, or you’ll have to set up the client rules again” 🤣🤣🤣. I’ll keep the damned ticket open until they fix it!!
Mar 24 2023 03:43 AM - edited Mar 24 2023 06:13 AM
Hi All and @MrNuggets
We have a similar problem. Several windows 10 machines were not enrolled by the user himself but by an IT colleague who then set the user as Primary user. Unfortunately, in the compliance policy settings e.g. "has a compliance policy assigned" or "Require Bitlocker" the user who enrolled the machine has non compliant values. The Primary user is green. Do you have any idea how can we make compliant the user who enrolled the device or how can we solve this non compliant values?
Thank You!
Mar 24 2023 06:17 AM
@Sunyix the MS technician who is working on my ticket was stating to log back in with the user that is incompliant and start a sync with that user. I already tried that on one of our machines and a day later it got incompliant again with the same way as it was before.
Mar 27 2023 04:25 PM