Sep 07 2022 02:29 AM
Hi everyone,
I have some problems with an AADR Windows 10 Device.
I recently updated our windows compliance policy to check if secure boot is on. If not, the device is marked as not compliant.
I've updated the secure boot state on the affected machine to "on" after I updated the compliance policy. I've verified the state with the PowerShell cmdlet "Confirm-SecureBootUEFI" and it gave me "true" back. And also the security information app says "on".
However, Intune doesn't mark the device as compliant even if it should be marked as compliant. The report says that secure boot isn't enabled on the device, what is clearly a lie...
I've rebooted the machine several times and did manual syncs from the device and the endpoint manager platform, but nothing helps.
Has anyone the same experience or some suggestions what I could do next? Thanks for your help ❤️
Sep 07 2022 01:12 PM
Solution
See this article and check the TPM. Possibly apply a firmware update to the device, if available.
Windows 10 device with secure boot enabled shows as Not Compliant in Intune
Please like or mark this thread as answered if it's helpful, thanks!
Sep 07 2022 05:51 PM
Sep 09 2022 04:43 AM
Sep 09 2022 04:52 AM
@MrNeo Why should I assign a windows compliance policy to users? That's not making any sense tbh. The Device must be compliant not the User. Or do I miss a point?
Sep 09 2022 05:41 AM - edited Sep 09 2022 05:42 AM
Hi @preuley30! First and foremost: @KurtBMayer's solution is obviously the correct solution.
I do want to point out that assigning a "Windows" compliance policy to a user (like @MrNeo mentions) is absolutely valid. In fact, I'd prefer it that way. A user (and its assigned privileges) mandates a certain level of device security, on any (in this case Windows) device they use.
Now, that isn't always possible, so I'm not saying that assigning them to devices is bad practice, either. I'd just only use it for special circumstances.
Sep 09 2022 06:00 AM
Sep 07 2022 01:12 PM
Solution
See this article and check the TPM. Possibly apply a firmware update to the device, if available.
Windows 10 device with secure boot enabled shows as Not Compliant in Intune
Please like or mark this thread as answered if it's helpful, thanks!