Apr 04 2024 01:54 PM
Is it possible to implement custom compliance policies on Microsoft Teams Rooms operating on Windows 11 (Intel NUCs)? I've been unable to find clear documentation on this matter.
The only relevant guide I found is "Supported Conditional Access and Intune device compliance policies for Microsoft Teams Rooms" on the Microsoft Learn platform, which does not explicitly address the use of custom compliance policies, nor does it expressly state their support is lacking.
Azure CoPilot (Preview) indicated that while Microsoft Teams Rooms on Windows accommodates various device compliance policies, the list of supported policies does not cover custom compliance options. This suggests that applying a custom compliance policy to a Microsoft Teams Room running on a Windows 11 Intel NUC may not be feasible. (MAY NOT?!!?!)
This limitation appears strange given that the system is based on the Windows 11 OS and utilizes an Intel NUC. Despite this, I've successfully managed to enroll several test rooms using the "Enroll in Device Management Only" option with a UPN linked to a Microsoft Teams Room Standard license, granting Microsoft Intune P1 access. These devices were seamlessly integrated into the portal and could receive apps and scripts without issue.
However, a specific Custom Compliance Policy designed to verify the installation of our Endpoint Detection and Response (EDR) software on user endpoints seems ineffective for these rooms. I've attempted targeting both by account and device, and even added an Enterprise E3 license to one room, followed by a compliance reset script and re-synchronization efforts.
Despite these measures, the EDR was intentionally left uninstalled on a test device to evaluate the policy's effectiveness. Manual execution of the check script in Intune consistently indicates "EDR is not installed," a status that accurately changes to "EDR is installed" when the script is run on an endpoint where the EDR is present.