Hi all,

We have recently rolled out a pilot of Intune for iOS and Android BYOD. A user has enrolled their device and everything appears to be ok with the Intune config ( device is enrolled, showing compliant in intune, Apps are visible in Company Portal ).  He is getting constant messages that they need to setup the device and tells me to open comp portal but doesn’t do anything because the device is already setup.

We have a conditional access policy that is requiring a device is compliant for IOS and Android platforms for Nedap application.

Sign in logs for this user are showing unknown compliance for his device when viewing the details for the conditional access policy.

First log entry is showing " This is not an error - this is an interrupt that triggers device authentication when required due to a Conditional Access policy or because the application or resource requested the device ID in a token. This code alone does not indicate a failure on your users part to sign in. The sign in logs may indicate that the device authentication challenge was passed succesfully or failed."

Followed by a failure. " The requested resource can only be accessed using a compliant device. The user is either using a device not managed by a Mobile-Device-Management (MDM) agent like Intune, or it's using an application that doesn't support device authentication. The user could enroll their devices with an approved MDM provider, or use a different app to sign in, or find the app vendor and ask them to update their app. More details available at https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-device-remedia..."

Can someone help me understand why the Device state is showing unknown in the screenshot above even though the device is enrolled in intune and compliant?

Sincerely,

Pieter Appel