Forum Discussion
Built-in Device Compliance Policy - is active - Not Compliant
I have an enrolled windows device (we are using Azure AD, no hybrid), where I changed the primary user. The compliance policy and the build-in device compliance policy for the new primary user is sh...
Sunyix the MS technician who is working on my ticket was stating to log back in with the user that is incompliant and start a sync with that user. I already tried that on one of our machines and a day later it got incompliant again with the same way as it was before.
One thing that does seem to work is if you’re having different people potentially logging into the same device (which we do) and we have Shared PC policies, removing the Primary User altogether (so no primary user exists) seems to just show the device compliance against the last person that logged in. Microsoft didn’t mention this specifically but they did say that the compliance policies are ALWAYS evaluated against the user and NOT the device. I’d set up device groups. The advice online is if you want a PC or laptop to always have a circumstance, such as bitlocker to be valid, then use device groups or all devices. However, if the compliance policies are only ever going to be user evaluated, then clearly, this isn’t going to work. It should be:
Compliance policy - Users
Configuration profiles Devices.
Bit confusing, but what I have seems to work ok in our Shared PC environment with a Shared PC profile.
Compliance policy - Users
Configuration profiles Devices.
Bit confusing, but what I have seems to work ok in our Shared PC environment with a Shared PC profile.
