Hello,
We do not use Intune for Windows at the moment. Everything is blocked e.g. Enrollment Polices, not Autopilot etc.
At the moment we are seeing some devices in AAD under Devices that show up with a Compliance Status No but others not.
For example a valid device:
and a Device that with the Compliance Status
We do not know how this happens. We do have Compliance Polices for testing AzureAD joined devices but only via staged rollout (groups).
How is it possible that some devices get a compliance status without Intune ?
Many Greetings and thanks for any hint.
Erik
Hi @ErikVet! As your Azure AD shows these devices as "MDM: None", we would indeed expect "Compliant: N/A".
Were these devices ever enrolled in Intune (accidentally, or for testing)? If so, check if there's a "Manage" button in the Azure AD device page. If there is, there's will be a Managed Device object (Intune) linked to the Azure AD Device object, which is probably marked non-compliant.
Thx for you reply.
Sadly not .. their not managed and the do not show in Intune/Enpoint under
non compliant devices.
Devices (multiple) no scheme recognizable :(
Of course CA Policy are in place and are applied to those devices.
@Rudy_Ooms_MVP .. thanks for you comments
Default Compliance is configured as "not compliant" but the effected "Not Compliant Devices" without and MDM Scope (AADHJ devices) under AzureAD Devices do not show up in Endpoint Mgr.
But changing this would also effect not only windows devices right ... all the mobile devices too ... 
Scope for Windows Enrollment is set to "Some" but is 100% sure that none of the affected devices/user where in that group.
Indeed that is pretty weird. It looks like only devices which where "setup" in last couple of months. But also older ones are affected.
As they show not in intune it is just guessing what compliance rules trigger it. Is this somehow possible of the Graph API but I have look for that in detail.
Maybe some Intune/Device/AzureAD MVP can ask the product team 
.. I do not have those connections 
. Or even MS is reading this and can give some hints as this is definitely not normal.
Thx
Erik
.. This is pretty weird but We are also a little bit relieved as we are not the only one.
Do you have find out why this is happening ?
@Ketzpatel
I guess I have found something that may have something to do with this ...
MS changed the Device restriction to bei more granular (Could not find since when). Before you have device platform polices into one Policy as seen here in an old screenshot.
If i look now into the Intune device restriction portal we have different possibilities per platform (e.g Android, Windows)
If i look in our tenant i can see the restriction policy for windows, mac and ios with a weird behavior. The groups are not displayed correctly as they should. Maybe here is a issue and it happend when MS rollout out the new restriction policys - from general to platform specific.
Only Android works correctly
Greetings
Erik
