Device compliance 65001 (Not Applicable) and Defender Security centre weirdness

%3CLINGO-SUB%20id%3D%22lingo-sub-1343120%22%20slang%3D%22en-US%22%3EDevice%20compliance%2065001%20(Not%20Applicable)%20and%20Defender%20Security%20centre%20weirdness%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1343120%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Tech%20community.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%202%20questions%2C%20related%20to%20some%20work%20I%20am%20doing%20with%20a%20customer%20who's%20devices%20are%20Azure%20Hybrid%20AD%20joined%20and%20using%20Windows%2010%201909.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20The%20windows%2010%20devices%20do%20not%20have%20a%20compliance%20policy%20set......yet%20however%20I%20am%20seeing%20a%20mixture%20of%20machines%20where%20it%20reports%20its%20compliance%20as%20success%20however%20when%20I%20dig%20into%20the%20policy%20settings%20I%20am%20seeing%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEnrolled%20user%20exists%20-%20%3CSTRONG%3ECompliant%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EHas%20a%20compliance%20policy%20assigned%20-%20%3CSTRONG%3EError%20-%2065001%20(Not%20applicable)%20Error%20code%200xfde9.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EIs%20active%20-%20%3CSTRONG%3ECompliant%3C%2FSTRONG%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20error%20is%20picking%20up%20a%20default%20device%20compliance%20policy.%20Is%20there%20anyway%20this%20can%20be%20ignored%20or%20removed%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%20The%20customer%20is%20also%20using%20Defender%20Security%20centre%20and%20are%20leveraging%20the%20Threat%20and%20Vulnerability%20dashboard%20which%20reports%20the%20state%20of%20security%20patching%20for%20Windows%2C%20Office%2C%20IE%2C%20Edge%20across%20the%20estate.%20The%20customer%20is%20using%20Windows%20update%20for%20business%20to%20manage%20this%20however%20we%20are%20finding%20it's%20taking%20a%20long%20time%20for%20data%20to%20be%20refreshed%20in%20Defender%20ATP%20for%20example%20if%20the%20latest%20quality%20update%20has%20been%20applied.%20Intune%20is%20stating%20it%20has%20been%20installed%20but%20this%20isn't%20being%20reflected%20in%20DATP.%20Is%20this%20expected%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20Thanks%3C%2FP%3E%3CP%3ER%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1343120%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1352100%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20compliance%2065001%20(Not%20Applicable)%20and%20Defender%20Security%20centre%20weirdness%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1352100%22%20slang%3D%22en-US%22%3EHI%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20question%20one%2C%20there%20is%20a%20setting%20'Mark%20devices%20with%20my%20compliance%20policy%20assigned%20as'%2C%20yours%20will%20be%20set%20to%20'non-compliant'.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-intune%2Fdevice-compliance-65001-not-applicable-and-defender-security%2Fm-p%2F1343120%23M4083%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-intune%2Fdevice-compliance-65001-not-applicable-and-defender-security%2Fm-p%2F1343120%23M4083%3C%2FA%3E%3CBR%20%2F%3EI%20would%20advise%20to%20keep%20it%20this%20way.%20This%20makes%20sure%20all%20computers%20have%20a%20good%20compliance%20policy%20assigned%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20your%20second%20question%2C%20yes%20TVM%20in%20MDATP%20is%20slow%20%3A).%20No%20workaround%20here%20unfortunately.%20You%20just%20have%20to%20be%20patient%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1608375%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20compliance%2065001%20(Not%20Applicable)%20and%20Defender%20Security%20centre%20weirdness%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1608375%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F186539%22%20target%3D%22_blank%22%3E%40Thijs%20Lecomte%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20be%20clear.%26nbsp%3B%20This%20error%2065001%20(not%20applicable)%3C%2FP%3E%3CP%3E1.%20means%20something%20or%20means%20nothing%3C%2FP%3E%3CP%3E2.%20This%20statement%20of%20yours%3A%26nbsp%3B%3CSPAN%3E'Mark%20devices%20with%20my%20compliance%20policy%20assigned%20as'%2C%20yours%20will%20be%20set%20to%20'non-compliant'.%26nbsp%3B%20Seems%20to%20indicate%20that%20devices%20with%20a%20compliance%20policy%20assigned%20will%20be%20marked%20%22non-compliant.%22%26nbsp%3B%20This%20seems%20contradictory.%26nbsp%3B%20Please%20explain%20tis%20logic.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20have%20this%20issue%20as%20well%2C%20and%20I've%20not%20found%20a%20satisfactory%20explanation%20on%20line%20at%20all.%26nbsp%3B%20Thanks%20for%20your%20help.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1610218%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20compliance%2065001%20(Not%20Applicable)%20and%20Defender%20Security%20centre%20weirdness%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1610218%22%20slang%3D%22en-US%22%3ECheck%20this%20out%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fprotect%2Fdevice-compliance-get-started%23compliance-policy-settings%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fprotect%2Fdevice-compliance-get-started%23compliance-policy-settings%3C%2FA%3E%3CBR%20%2F%3EWhat%20is%20the%20value%20of%20'Mark%20devices%20with%20no%20compliance%20policy%20assigned%20as'%20for%20you%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi Tech community.

 

I have 2 questions, related to some work I am doing with a customer who's devices are Azure Hybrid AD joined and using Windows 10 1909.

 

1. The windows 10 devices do not have a compliance policy set......yet however I am seeing a mixture of machines where it reports its compliance as success however when I dig into the policy settings I am seeing: 

 

Enrolled user exists - Compliant

Has a compliance policy assigned - Error - 65001 (Not applicable) Error code 0xfde9.

Is active - Compliant 

 

The error is picking up a default device compliance policy. Is there anyway this can be ignored or removed?

 

2. The customer is also using Defender Security centre and are leveraging the Threat and Vulnerability dashboard which reports the state of security patching for Windows, Office, IE, Edge across the estate. The customer is using Windows update for business to manage this however we are finding it's taking a long time for data to be refreshed in Defender ATP for example if the latest quality update has been applied. Intune is stating it has been installed but this isn't being reflected in DATP. Is this expected?

 

Many Thanks

R

 

 

 

3 Replies
Highlighted
HI

For question one, there is a setting 'Mark devices with my compliance policy assigned as', yours will be set to 'non-compliant'.
https://techcommunity.microsoft.com/t5/microsoft-intune/device-compliance-65001-not-applicable-and-d...
I would advise to keep it this way. This makes sure all computers have a good compliance policy assigned

For your second question, yes TVM in MDATP is slow :). No workaround here unfortunately. You just have to be patient
Highlighted

@Thijs Lecomte 

Please be clear.  This error 65001 (not applicable)

1. means something or means nothing

2. This statement of yours: 'Mark devices with my compliance policy assigned as', yours will be set to 'non-compliant'.  Seems to indicate that devices with a compliance policy assigned will be marked "non-compliant."  This seems contradictory.  Please explain tis logic.

 

I have this issue as well, and I've not found a satisfactory explanation on line at all.  Thanks for your help.

Highlighted