Report-Only Device Compliance Policy

New Contributor

I am attempting to create a device compliance conditional access policy in report-only for testing, however, I get the warning that even report only may force devices to select a device certificate and require compliance. I cant seem to find any more information than that warning, so what should I expect users to see or for their devices to do if we enable this? What device certificate would they be selecting, intunes or their own? Whats that look like? 

3 Replies
Where do you see the warning? Report-only does not enforce the CA.
Echoing my colleague @ rahuljindal-MVP, Screenshot of the warning would be great.

@rahuljindal-MVP 

 

When you go to make a CA policy with device compliance there is a warning that says

Warning

Policies in report-only mode that require compliant devices may prompt users on Mac, iOS, and Android to select a device certificate during policy evaluation, even though device compliance is not enforced. These prompts may repeat until the device is made compliant. To prevent end users from receiving prompts during sign-in, exclude device platforms Mac, iOS and Android from report-only policies that perform device compliance checks. Note that report-only mode is not applicable for Conditional Access policies with "User Actions" scope.

 

https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-acce...