This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 4%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
Hi all,
I have a device that has Secure Boot enabled in the BIOS and windows 10 is reporting it as enabled. However intune is reporting the device to be non-compliant because Secure Boot is not enabled. The aim is to have conditional access policies applied blocking access to O365 services/apps on devices that are not compliant with company policy - this is already configured however the device with this issue has been excluded from the policy.
I'm new to Intune so I'm not really sure where to look to resolve instances like this so any help would be much appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Jack Webb , How's everything going. was the following information helpful? If the answer is helpful, please click "Accept Answer" to help others quickly find the solution, Thanks!
@Jack Webb , Research and find this can be caused that the "Require Secure Boot to be enabled on the device" setting is supported on some TPM 1.2 and 2.0 devices. For devices that don't support TPM 2.0 or later, the policy status in Intune shows as Not Compliant. TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected. Here is a link with more details for the reference:
https://learn.microsoft.com/en-us/troubleshoot/mem/intune/secure-boot-enabled-device-shows-not-compliant
Hope it can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Jack Webb , hope things are going well. i am writing to see if the above can help. If there's any update, feel free to let us know.
@Crystal-MSFT , apologies for not responding sooner - i didn't see that a response had been posted! Thankyou for your response - i'm investigating what firmware / tpm chip the device has now. Though a colleague has the same device and its working without issue.
@Jack Webb , Thanks for your response. I notice you are investigating the firmware / tpm chip on the affected device, If there's any update, feel free to post back.
Have a nice day!