Does Intune Machine Risk Score include other items, if all listed show as compliant

Tom Sweet 76 Reputation points
2022-09-14T13:43:13.667+00:00

Our computers are set to "medium" for compliance in Intune/MEM. All the items in the list show as compliant but computer shows as non-compliant. Are there other items that are taken under advisement that we can't see on this screen that contribute to the score.

240970-image.png

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,879 questions
0 comments No comments
{count} votes

Accepted answer
  1. Jarvis Sun-MSFT 10,191 Reputation points Microsoft Vendor
    2022-09-15T09:25:58.6+00:00

    Hi @Tom Sweet Thanks for posting in our Q&A.

    Firstly, Check Intune -> Devices -> Azure AD devices
    "Join Type" make sure that it shows up as "Azure AD joined" instead of "Azure AD registered".
    You'll need a Microsoft Intune environment, with Intune managed and Azure AD joined Windows 10 and Windows 11 devices. As documented here:
    https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-conditional-access?view=o365-worldwide

    Please try to run a test detection for Defender ATP for any of the machines experiencing this issue. See:
    https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/run-detection-test?view=o365-worldwide
    Hope the above workaround can help.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. Tom Sweet 76 Reputation points
    2022-09-15T12:16:22.627+00:00

    Thank you - I will look over the coming days. We are struggling to get some computers moved from a local AD with AD-registered to AD joined. It is almost like we need to disconnect from local AD, add back again. I will reply more next week.


  2. Tom Sweet 76 Reputation points
    2022-09-15T12:16:23.39+00:00

    Thank you - I will look over the coming days. We are struggling to get some computers moved from a local AD with AD-registered to AD joined. It is almost like we need to disconnect from local AD, add back again. I will reply more next week.

    0 comments No comments

  3. Tom Sweet 76 Reputation points
    2022-09-16T12:34:41.577+00:00

    I think the issue may be "registered vs joined." We are having some challenges getting computers to be "joined." About 2/3 company machines are registered. We can't always find the "join" link and often we run into issues were we can't join as it is registered.

    We also have over a dozen computers with two values in Azure Portal Devices. The current device as the manage button enabled, but no bitlocker key. The older instance with the managed button disabled as the actual bitlocker key.

    Most users are remote, and travel. Often Quick Assist won't won't work from McDonald's wifi.

    I looked at a non-compliant computer today and it is "registered", not joined.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.