Compliance status showing as "Not Evaluated" on macOS device

%3CLINGO-SUB%20id%3D%22lingo-sub-1435756%22%20slang%3D%22en-US%22%3ECompliance%20status%20showing%20as%20%22Not%20Evaluated%22%20on%20macOS%20device%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1435756%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EI'm%20using%20Apple%20Business%20Manager%20to%20enrol%20macOS%20devices%20with%20Intune.%20I've%20already%20created%20the%20appropriate%20tokens%20and%20have%20added%20them%20to%20the%20appropriate%20parts%20of%20Intune.%20I%20added%20a%20small%20number%20of%20existing%20devices%20to%20Apple%20Business%20Manager%20and%20MDM%20devices%20have%20been%20installed%2C%20additional%20configuration%20profiles%20have%20been%20applied%20and%20apps%20are%20installed%20from%20the%20App%20Store.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20when%20looking%20at%20the%20Compliance%20status%20of%20these%20devices%2C%20they%20have%20a%20compliance%20status%20of%20%22Not%20Evaluated%22%2C%20which%20is%20not%20what%20I%20expected.%20With%20this%2C%20I'm%20bring%20prevented%20from%20using%20Conditional%20Access%20against%20macOS%20devices%20that%20rely%20on%20a%20device%20being%20marked%20as%20compliant.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20my%20question%20is%20this%3A%20how%20do%20I%20get%20a%20macOS%20device%20that's%20been%20added%20to%20Apple%20Business%20Manager%20to%20be%20marked%20as%20compliant%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EIs%20that%20even%20possible%3F%3C%2FLI%3E%3CLI%3EDoes%20it%20rely%20on%20other%20services%20being%20connected%20to%20Intune%20(we%20don't%20have%20Jamf%2C%20since%20we%20have%20such%20a%20small%20number%20of%20devices%20here)%3F%3C%2FLI%3E%3CLI%3EDo%20I%20need%20to%20do%20something%20within%20Apple%20Business%20Manager%20to%20ensure%20these%20devices%20are%20marked%20as%20compliant%3F%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1435756%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hello,

I'm using Apple Business Manager to enrol macOS devices with Intune. I've already created the appropriate tokens and have added them to the appropriate parts of Intune. I added a small number of existing devices to Apple Business Manager and MDM devices have been installed, additional configuration profiles have been applied and apps are installed from the App Store.

 

However, when looking at the Compliance status of these devices, they have a compliance status of "Not Evaluated", which is not what I expected. With this, I'm bring prevented from using Conditional Access against macOS devices that rely on a device being marked as compliant.

 

So my question is this: how do I get a macOS device that's been added to Apple Business Manager to be marked as compliant?

 

  • Is that even possible?
  • Does it rely on other services being connected to Intune (we don't have Jamf, since we have such a small number of devices here)?
  • Do I need to do something within Apple Business Manager to ensure these devices are marked as compliant?
2 Replies

@Darren Adams did you ever find an answer to this?  Unfortunate that no one from Microsoft has responded.

Hello,
It took me a while to remember what this was about, but in my case, it was to do with User Affinity settings. From what I recall, I had a device that was set up with User Affinity enabled, meaning that the user had to sign into the device. This user has Multi-Factor Authentication turned off, so I needed to make sure that MFA was temporarily disabled.

I summarised my findings and a solution in a Reddit post some months ago. See https://www.reddit.com/r/Intune/comments/gvp801/macos_devices_apple_business_manager_and_intune/fsqz.... Hopefully it might be of some use to you