Android Device enrol without meeting the complaince policy

lalajee 1,821 Reputation points
2022-11-06T15:53:45.33+00:00

Hi,

I have configure "Android | Compliance policies"
257560-image.png

and assign it to all device

257538-image.png

It still lets me enrol an android device even if its not meeting the requirement

If device does not meet the requirement I dont want device to enrol into intune

I like every device to have an encryption and pin already set before it can try to enrol and device. How do I do this?

Microsoft Security | Intune | Configuration
Microsoft Security | Intune | Enrollment
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Dillon Silzer 57,831 Reputation points Volunteer Moderator
    2022-11-06T16:38:07.757+00:00

    Hi @lalajee

    Unfortunately, this is not how compliance works. Compliance works by:

    1) A person enrolls their device.
    2) If the person does not meet compliance, then you can set Conditional Access Policies to block them from continuining to use your services until their device meets compliance.

    Use compliance policies to set rules for devices you manage with Intune

    https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started

    Configure actions for noncompliant devices in Intune

    https://learn.microsoft.com/en-us/mem/intune/protect/actions-for-noncompliance

    On another note, you do have the option of blocking the enrollment of personal devices if that is what you want:

    How to Restrict Personal Android Devices from Enrolling into Intune | Endpoint Manager | MEM

    https://www.anoopcnair.com/restrict-personal-android-devices-enrolling-intune/


    If this is helpful please accept answer.

    1 person found this answer helpful.

  2. Caleb-MSFT 161 Reputation points
    2022-11-07T05:10:12.287+00:00

    @lalajee , Thanks for posting in Q&A.

    In fact, compliance policies only take effect on devices which enrolled in Intune. It doesn’t work on unenrolled devices.

    Please check the in the following article’s “Before you begin”:
    https://learn.microsoft.com/en-us/mem/intune/protect/create-compliance-policy#before-you-begin

    Currently, for device enrollment, we can only restrict device platforms and restrict device number. Please refer to the following article:
    https://learn.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set

    If you are interested in this feature, it is suggested to post in Intune feedback portal. It is a place to collect customers' requirements and problems. Here is the link:
    https://feedbackportal.microsoft.com/feedback/forum/ef1d6d38-fd1b-ec11-b6e7-0022481f8472

    Thanks for your understanding.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.