Report-Only Device Compliance Policy

sysad42 · ‎Dec 01 2022

I am attempting to create a device compliance conditional access policy in report-only for testing, however, I get the warning that even report only may force devices to select a device certificate and require compliance. I cant seem to find any more information than that warning, so what should I expect users to see or for their devices to do if we enable this? What device certificate would they be selecting, intunes or their own? Whats that look like?

rahuljindal-MVP · ‎Dec 01 2022

Where do you see the warning? Report-only does not enforce the CA.

Moe_Kinani · ‎Dec 01 2022

Echoing my colleague @ rahuljindal-MVP, Screenshot of the warning would be great.

sysad42 · ‎Dec 02 2022

@rahuljindal-MVP

When you go to make a CA policy with device compliance there is a warning that says

Warning

Policies in report-only mode that require compliant devices may prompt users on Mac, iOS, and Android to select a device certificate during policy evaluation, even though device compliance is not enforced. These prompts may repeat until the device is made compliant. To prevent end users from receiving prompts during sign-in, exclude device platforms Mac, iOS and Android from report-only policies that perform device compliance checks. Note that report-only mode is not applicable for Conditional Access policies with "User Actions" scope.

https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-acce...

Report-Only Device Compliance Policy

Report-Only Device Compliance Policy

Re: Report-Only Device Compliance Policy

Re: Report-Only Device Compliance Policy

Re: Report-Only Device Compliance Policy

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Report-Only Device Compliance Policy

Report-Only Device Compliance Policy

Re: Report-Only Device Compliance Policy

Re: Report-Only Device Compliance Policy

Re: Report-Only Device Compliance Policy