Tech Community Live: Microsoft Intune
Mar 20 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community

Device Compliance

Copper Contributor

Hi Team,

 

I have a case where devices enrolled into intune sometime do not get logged in for more then 2 month which intune marks as non-complient device. After user log in to the device even after a few days the device is still marked as non-compliant. I've run sync on device and manually from device but no luck, is there specific reason or something I am missing here?

 

Device is only marked as non-compliance as status is Active  shown non-compliant.

11 Replies
Is the device checking in? Have the user authenticate on the company portal app.
Device is checking in for 5-6 days already, Company portal sync has been done and shows up to date.
Moving on then. What is the compliance policy complaining about?
Its telling me user account compliance faild as user did not sign in for 30 days as mentioned, it is default policy settings 30 days.
Have you tried using a custom policy instead?
Just to be sure... you configured the compliance policies properties (not active/checking in) and I assume you also are configuring a conditional access rule to block access to the services when the device is not compliant? If you do configured the ca (which i assume you did) how did you configured that one? targetting all cloud apps or just a specific few?

@JoeBlack500 
Is those device's bitlocker is encrypted?

@JoeBlack500 

 

What is the grace period set to? Maybe set this a bit longer?

Period is default 30 days for "is Active" compliance. So device was about 2 month offline and not is non-compliant and tried to do manuall sync, company portal sync, sync form endpont manager but status is not changing to compliant.
Non-compliant device issues in Intune, persisting even after user login, may arise from misconfigured compliance policies, Device Health Attestation problems, or overly restrictive Conditional Access policies. Ensure proper policy setup, address DHA issues, and educate users to maintain device compliance and security.
Learn more at https://fifaapk.com/
What i meant was : do you mark it as non compliant immediately or have you set this to for example 7 days grace period?