Error when enrolling Windows into Endpoint Protection with Intune

Copper Contributor

Hey!

 

We're currently trying endpoint protection with Intune. I managed to get macOS with Endpoint Protection configured and enrolled iOS devices as well, but am struggling with Windows.

 

I have followed this guide: https://docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure

 

In Windows Company Portal I get the error that I need to enrol the device with Endpoint Manager, and in admin centre the devices are marked as non-compliant with this failing "Require the device to be at or under the machine risk score:". The risk score is on Medium. The policy is assigned to all users. 

 

In endpoint protection setup in the admin panel, it gives me this error: The Microsoft Defender for Endpoint connector is active for Windows but not included in an assigned compliance policy. To protect these platforms, click here to set up a compliance policy with the Machine Risk Score setting configured in the Microsoft Defender for Endpoint section."

 

This makes no sense to me, as it is set and assigned to all users. Does anybody have an idea? 

4 Replies
Hi,
If I get the issue right, this is related to device compliance and you setup the desired level you chosen was Medium.
Ideally the machine needs to be at or under Medium to be "Complied".

Is there any particular reason why you applied the policy to "All Users" but not to a Device Group or "All Devices"?

Cheers!

Hey @shehanjp!

 

I just double-checked and the compliance policy only allows me to assign at a user level. I can select a user group or all users, but not all devices.

 

Thanks!

@niclasheu 

 

I'm curious if you ever got this figured out. I'm currently running into the same issue.

Did you manage to work this out @dougjohnsonme ?

Having the exact same issue. It wont recognise that I have already set the policy to Medium.