Forum Discussion
Solved
Device marked as not compliant even it should be marked as compliant
Hi everyone, I have some problems with an AADR Windows 10 Device. I recently updated our windows compliance policy to check if secure boot is on. If not, the device is marked as not compliant. ...
See this article and check the TPM. Possibly apply a firmware update to the device, if available.
Windows 10 device with secure boot enabled shows as Not Compliant in Intune
Please like or mark this thread as answered if it's helpful, thanks!
Hi preuley30! First and foremost: KurtBMayer's solution is obviously the correct solution.
I do want to point out that assigning a "Windows" compliance policy to a user (like MrNeo mentions) is absolutely valid. In fact, I'd prefer it that way. A user (and its assigned privileges) mandates a certain level of device security, on any (in this case Windows) device they use.
Now, that isn't always possible, so I'm not saying that assigning them to devices is bad practice, either. I'd just only use it for special circumstances.
Hi Niels. Thanks for your explanation. I think I got the point, but this depends on the organization's needs. All our users get company owned devices and they need to be compliant for conditional access. If we would assign a compliance policy to users, every device they sign in to would be checked if it's compliant. But we don't want to get devices marked as compliant which aren't company owned.
