SOLVED

Risk with Users with a Device with Multiple Compliances

Copper Contributor

Hi,

I'm a support agent that uses Intune vs. an admin.  I'm looking at non-compliant devices in Intune, and I have a few examples of users that are using 1 device, but that same device is in multiple compliance states in Intune: both compliant and non-compliant.  I notice that the OS is different: personally-owned work profile vs. device administrator.  What I'm curious about is if this poses a security risk and if so, what?  Thanks for your help!  

 

AIM_0-1696896212885.png

 

 

 

1 Reply
best response confirmed by --AIM-- (Copper Contributor)
Solution

Hi @--AIM--,

A device with multiple compliance states in Intune can pose a security risk because it may be able to access resources that it should not be able to access, depending on the compliance state of the device.

For example, if a device is enrolled in Intune as a personally-owned work profile device, it may be able to access corporate resources even if the device is not compliant with corporate security policies. This is because the personally-owned work profile device has its own separate work profile that is isolated from the personal profile.

Another example is if a device is enrolled in Intune as a device administrator device, it may be able to access corporate resources even if the device is not compliant with corporate security policies. This is because the device administrator has full control over the device.

To mitigate these risks, it is important to ensure that all devices that are enrolled in Intune are compliant with corporate security policies. You can do this by creating and assigning device compliance policies in Intune.

You can also use Conditional Access to block devices from accessing corporate resources if they are not compliant.


Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

1 best response

Accepted Solutions
best response confirmed by --AIM-- (Copper Contributor)
Solution

Hi @--AIM--,

A device with multiple compliance states in Intune can pose a security risk because it may be able to access resources that it should not be able to access, depending on the compliance state of the device.

For example, if a device is enrolled in Intune as a personally-owned work profile device, it may be able to access corporate resources even if the device is not compliant with corporate security policies. This is because the personally-owned work profile device has its own separate work profile that is isolated from the personal profile.

Another example is if a device is enrolled in Intune as a device administrator device, it may be able to access corporate resources even if the device is not compliant with corporate security policies. This is because the device administrator has full control over the device.

To mitigate these risks, it is important to ensure that all devices that are enrolled in Intune are compliant with corporate security policies. You can do this by creating and assigning device compliance policies in Intune.

You can also use Conditional Access to block devices from accessing corporate resources if they are not compliant.


Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

View solution in original post