Microsoft Custom Compliance Policy says "Not applicable"

Question

Hello everyone, I have a custom compliance policy on my Intune. The policy basically checks if the antivirus software is installed (looking out for certain value in the registry). I setup a Windows 10 VM, enrolled into Intune without the antivirus installed (So it wouldn't show as compliant I assume). However when I went to check the Windows devices, it tells me that my VM is compliant (which obviously isn't, because the AV isn't installed) The user account login into the VM have intune license.

Then I went to the custom compliance policy to check, and it tells me that they are not applicable:

Its confusing. Is there something I should take note of? Because I have been waiting and trying for awhile but the policy just doesn't seem to kick into the device. And Intune still mark it as compliant.

Answer 1

@BrightLight, Thanks for posting in Q&A. From your description, I know we have assigned a custom compliance policy, but it is not applicable to VM. And the device shows compliant although the AV is not installed.

To check on our issue, I think we need to find out why the policy is not applicable to the device. To clarify this, please provide the following information:

1. How did we set the discovery script?
2. How did we configure the "Upload and validate the JSON file with your custom compliance policy"?
3. Please get a screen shot of the Properties of the custom compliance policy.
4. Under the custom compliance policy, please get a screen shot the "Per setting status" to get more information.

Please check the above information and if there's any update, feel free to let us know.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Please assist since i have the same issue. it showing not applicable Below are my compliant settings. Powershell

Define the expected version of Symantec Endpoint Protection

$ExpectedVersion = "14.3.9707.7000"

Check if Symantec Endpoint Protection is installed and get its version

$SEPInstalled = Get-ItemProperty -Path "HKLM:\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" -Name ProductVersion -ErrorAction SilentlyContinue

Initialize an empty hashtable to store the result

$result = @{} if ($SEPInstalled -ne $null) { $ActualVersion = $SEPInstalled.ProductVersion # Check if the actual version matches the expected version if ($ActualVersion -eq $ExpectedVersion) { $result["SymantecEndpointProtectionInstalled"] = $true $result["SymantecEndpointProtectionVersion"] = $ActualVersion } else { $result["SymantecEndpointProtectionInstalled"] = $false $result["SymantecEndpointProtectionVersion"] = $ActualVersion } } else { $result["SymantecEndpointProtectionInstalled"] = $false $result["SymantecEndpointProtectionVersion"] = "Not Installed" }

Convert the hashtable to JSON format and return

return $result | ConvertTo-Json -Compress Json

{ "Rules":[ { "SettingName":"SymantecEndpointProtectionInstalled", "Operator":"IsEquals", "DataType":"Boolean", "Operand":"true", "MoreInfoUrl":"https://bing.com", "RemediationStrings":[ { "Language":"en_US", "Title":"Symantec is installed on the device.", "Description": "Compliant" } ] }, { "SettingName":"SymantecEndpointProtectionVersion", "Operator":"GreaterEquals", "DataType":"Version", "Operand":"14.3.9707.7000", "MoreInfoUrl":"https://bing.com", "RemediationStrings":[ { "Language": "en_US", "Title": "Required version of Symantec is installed.", "Description": "compliant" } ] } ] }