Non-compliant Devices

techno0b 0 Reputation points
2023-07-14T08:51:15.7933333+00:00

My company is using Azure AD Free and I see a few devices as non-compliant. We do not have intune nor any policy rule or conditional access set.

Our network setup is Workgroup

How do I check and rectify these non-compliant devices?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,629 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Tech-Hyd-1989 5,746 Reputation points
    2023-07-14T09:05:17.5433333+00:00

    Hello techno0b

    In Azure AD Free, you can check and rectify non-compliant devices by following these steps:

    Sign in to the Azure portal (portal.azure.com) using your Azure AD administrator account.

    Navigate to the Azure Active Directory service.

    In the Azure AD portal, go to "Devices" under the "Manage" section in the left-hand menu.

    On the Devices page, you will see a list of devices registered in your Azure AD tenant. Look for the devices that are marked as non-compliant.

    Select a non-compliant device from the list to view its details and compliance status.

    In the device details page, you will find information about the compliance issues and the reasons why the device is marked as non-compliant.

    To rectify non-compliant devices, you have a few options:

    a. Implement Intune: Azure AD Free does not include Intune, but you can consider upgrading to Azure AD Premium or purchasing Intune separately. With Intune, you can enforce compliance policies and manage devices more effectively.

    b. Use a third-party Mobile Device Management (MDM) solution: You can integrate a third-party MDM solution with Azure AD to manage device compliance. These solutions often provide more advanced device management capabilities.

    c. Manually remediate the compliance issues: If you prefer not to use an MDM solution, you can manually address the compliance issues on the non-compliant devices. This may involve installing necessary software updates, enabling security features, or configuring device settings to meet your organization's security requirements.

    Once you have taken the necessary steps to rectify the compliance issues, re-evaluate the device's compliance status. It may take some time for the changes to reflect in Azure AD.

    Remember that in a Workgroup network setup, managing device compliance can be more challenging compared to a domain-joined network where Group Policy can be used for enforcement. Consider the options mentioned above to ensure devices meet your organization's security standards, even in a Workgroup environment.

    Note: Azure AD Free has limited device management capabilities, and to have more robust device management and compliance enforcement features, you may need to consider upgrading to Azure AD Premium or utilizing additional MDM solutions.

    0 comments No comments

  2. Konstantinos Passadis 16,481 Reputation points
    2023-07-14T09:22:23.3166667+00:00

    Hello @techno0b !

    Welcome to Microsoft QnA!

    Since your setup does not have an MDM Solution there is not much really you can do

    If you read through

    https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant#require-device-to-be-marked-as-compliant

    https://call4cloud.nl/2021/08/the-battle-between-aadj-and-aadr/

    You will find some info , but it comes down to using an MDM lie Intune to re certify your devices

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards

    0 comments No comments