DefaultDeviceCompliancePolicy.RequireRemainContact

Copper Contributor

What is DefaultDeviceCompliancePolicy.RequireRemainContact in Intune Default Device Compliance Policy? Thank you. 

19 Replies

@Logic580 funny, i'm looking for the same thing, hopefully someone will update us, it looks like this is not the first time this thing shows up https://twitter.com/IntuneSuppTeam/status/1600875503937888257

 

 

I'm wondering the same thing. Have you figured it out?

As far as I know, the owner account of the device needs to active. When the owner of the device is inactive for a long time (more than 30 days I guess) this non-compliance info shows up in Intune.  

  1. The Default Device Compliance policies have 3 requirements for a Device to be Compliant in Microsoft Intune:
    1. A Custom Compliance Policy needs to be assigned => DefaultDeviceCompliancePolicy.RequireDeviceCompliancePolicyAssigned
    2. The primary user needs to be Active within 30 days, after 30 days the device will become Non-Compliant => DefaultDeviceCompliancePolicy.RequireRemainContact
    3. The Primary user needs to exist in Azure AD, otherwise the device will become Non-Compliant, for example, an "old" enrolled device from a user who's deleted from Azure AD => DefaultDeviceCompliancePolicy.RequireUserExistence

nickydewestelinck_0-1681815736825.png

 



Can I change time it's inactive?
Don't think you can cause it's by default
I thought about reducing it to see if the users are dropping off. Some persistently remove company portal from their phones and I'd like to stop them from accessing anything after doing that.
This is something I didn't know, thanks for showing me! 🙏🏻

Apparently, you can change this! Check out @daGrinch's reply! ;)

Yeah. It's there. I didn't see it before but there are changes in Azure all the time. There are many things I couldn't do 2 years ago but I can now.
Reduced to 14 days. Thanks.

@nickydewestelinck 

 

Hi Nicky. Thanks for the advice.  How do you achieve compliance when it has failed?

 

craigS1967_0-1683261209709.png

 

I have the same question - anyone know?

@craigS1967 It's not compliant because it hasn't been in contact for set amount of days. It depends on the reason and type of device. Check if device can communicate over the internet - WiFi, mobile network. Open Company Portal and check if user is logged in. If not log in. If yes go and sync device.

I'm having this issue as well. Whenever I go to the Company Portal to login, it says I cannot use my work account and wants me to use a personal account. I'm setting up a beta machine for testing at work, so I'm a little stuck. Any advice would be much appreciated.

For the one PC we have issues we remove them completely from AzureAD and then delete the PC.  The we readd them back into AzureAD.  It's the only way we can get it to sync back up.  Running sync from the PC is like a blink of an eye.  I can monitor the device and see that check in happens every day but at 30 days we get the non-compliant.  It's a very irritating issue.

@Chad-ETS  I was able to connect with a Microsoft rep who helped me...essentially, I went through the process you just described. I then followed the steps outlined here and it was fantastic. Working great now.