Tech Community Live: Endpoint Manager edition
Jul 21 2022, 08:00 AM - 12:00 PM (PDT)

ios device compliance unknown in conditional

New Contributor

 

Hi all,

 

We have recently rolled out a pilot of Intune for iOS and Android BYOD. A user has enrolled their device and everything appears to be ok with the Intune config ( device is enrolled, showing compliant in intune, Apps are visible in Company Portal ).  He is getting constant messages that they need to setup the device and tells me to open comp portal but doesn’t do anything because the device is already setup.

 

We have a conditional access policy that is requiring a device is compliant for IOS and Android platforms for Nedap application.

 

Sign in logs for this user are showing unknown compliance for his device when viewing the details for the conditional access policy.

 

First log entry is showing " This is not an error - this is an interrupt that triggers device authentication when required due to a Conditional Access policy or because the application or resource requested the device ID in a token. This code alone does not indicate a failure on your users part to sign in. The sign in logs may indicate that the device authentication challenge was passed succesfully or failed."

 

Followed by a failure. " The requested resource can only be accessed using a compliant device. The user is either using a device not managed by a Mobile-Device-Management (MDM) agent like Intune, or it's using an application that doesn't support device authentication. The user could enroll their devices with an approved MDM provider, or use a different app to sign in, or find the app vendor and ask them to update their app. More details available at https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-device-remedia..."

appelpieter_0-1649234851402.png

Can someone help me understand why the Device state is showing unknown in the screenshot above even though the device is enrolled in intune and compliant?

 

Sincerely,

Pieter Appel

 

 

3 Replies
Could you show us the output of the Grant controls not satisfied part.
The device: Unknown is normally filled with the windows device id, where did you notice it is mentioning the device state?

@Rudy_Ooms_MVP 

i think you mean this? By the way, it's about IOS instead of Windows, because the policy works fine for windows.

Schermafbeelding 2022-04-06 130632.png

@appelpieter I believe @Rudy_Ooms_MVP means this one:

 

2022-05-05_14h45_44.jpg