Built-in Device Compliance Policy - is active - Not Compliant

%3CLINGO-SUB%20id%3D%22lingo-sub-3001230%22%20slang%3D%22en-US%22%3EBuilt-in%20Device%20Compliance%20Policy%20-%20is%20active%20-%20Not%20Compliant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3001230%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20an%20enrolled%20windows%20device%20(we%20are%20using%20Azure%20AD%2C%20no%20hybrid)%2C%20where%20I%20changed%20the%20primary%20user.%3CBR%20%2F%3EThe%20compliance%20policy%20and%20the%20build-in%20device%20compliance%20policy%20for%20the%20new%20primary%20user%20is%20showing%20compliant.%3CBR%20%2F%3EBut%20the%20build-in%20compliance%20policy%20for%20the%20user%2C%20who%20has%20enrolled%20the%20device%20is%20showing%20%22not%20compliant%22%20see%20screenshots%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22not%20compliant.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F329132i649CBCD41F81DF57%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22not%20compliant.jpg%22%20alt%3D%22not%20compliant.jpg%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22not%20compliant2.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F329133i2EBCD7F9289DFCAD%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22not%20compliant2.jpg%22%20alt%3D%22not%20compliant2.jpg%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22not%20compliant3.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F329134iDF6D9108F8A36F4E%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22not%20compliant3.jpg%22%20alt%3D%22not%20compliant3.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20have%20any%20ideas%20how%20to%20solve%20this%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3001230%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECompliance%20Policy%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3001360%22%20slang%3D%22en-US%22%3ERe%3A%20Built-in%20Device%20Compliance%20Policy%20-%20is%20active%20-%20Not%20Compliant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3001360%22%20slang%3D%22en-US%22%3EHi%20MrNuggets%2C%3CBR%20%2F%3E%3CBR%20%2F%3Ethis%20is%20something%20I%20see%20appearing%20and%20disappearing%20every%20now%20and%20then.%20Seems%20like%20a%20refresh%20issue.%20However%2C%20there%20are%20a%20few%20things%20you%20can%20check%3A%3CBR%20%2F%3E%3CBR%20%2F%3E-%20check%20whether%20the%20device%20has%20another%20compliance%20policy%20assigned%3CBR%20%2F%3E-%20check%20whether%20the%20device%20is%20active%20(recently%20synchronized)%3CBR%20%2F%3E-%20check%20whether%20the%20user%20that%20enrolled%20the%20device%20(still)%20exists%20in%20AAD%3CBR%20%2F%3E%3CBR%20%2F%3Eif%20all%20answers%20are%20YES%2C%20then%20you%20can%20also%20try%20to%20re-enroll%20the%20device%20to%20get%20all%20data%20populated%20all%20new%20in%20the%20Intune%20database.%3CBR%20%2F%3E%3CBR%20%2F%3Ehope%20it%20helps%3CBR%20%2F%3E%3CBR%20%2F%3EAlex%3C%2FLINGO-BODY%3E
New Contributor

I have an enrolled windows device (we are using Azure AD, no hybrid), where I changed the primary user.
The compliance policy and the build-in device compliance policy for the new primary user is showing compliant.
But the build-in compliance policy for the user, who has enrolled the device is showing "not compliant" see screenshotsnot compliant.jpgnot compliant2.jpgnot compliant3.jpg

 

Do you have any ideas how to solve this? 

5 Replies
Hi MrNuggets,

this is something I see appearing and disappearing every now and then. Seems like a refresh issue. However, there are a few things you can check:

- check whether the device has another compliance policy assigned
- check whether the device is active (recently synchronized)
- check whether the user that enrolled the device (still) exists in AAD

if all answers are YES, then you can also try to re-enroll the device to get all data populated all new in the Intune database.

hope it helps

Alex
Hi,

If the user is active and everything good there is a known issue with this built in compliance policy that Microsoft knows about. Our tenant have hundreds of these even if they are "compliant".

@AlexdeJong 

thank you for your reply, I checked your points:
Only one compliance profile is assigned.
The client syncronized 30 minutes ago.
The enrolled user still exists.

I will think about reenrolling the device.
 

Hi

<Maybe offtopic but :p
Just looking at the pictures.. but just wondering... but are you okay with the settings: mark devices with no compliance policy --> compliant?

@Rudy_Ooms 

 

We do not have any clients without a compliance policy, but you are right, I will change this setting :)