Azure AD changed managed devices to "non-compliant" "stale" "unamanged", but Intune shows every device as healthy, compliant, etc.

Evan Brown 1 Reputation point
2023-08-25T20:12:06.1666667+00:00

Randomly a majority of devices in Azure AD changed status to stale, unamanged, non-compliant. Also loks like Azure AD duplicated certain devices?

However Intune hasn't changed anything. All devices are still compliant and healthy with accurate counts of our devies.

Something changed to give this misleading data on Azure AD. Any help?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator
    2023-08-29T17:18:05.9966667+00:00

    @Evan Brown

    Thank you for your post!

    I understand that you're running into an issue where the majority of the devices within your Azure AD tenant are changing their statuses to Stale, Unmanaged, Non-compliant, and you're also seeing some devices possibly being duplicated. To hopefully help point you in the right direction or resolve your issue, I'll share my findings below.

    • Note: If you're still having issues and would like to work closer with our support teams, please let me know and I'd be happy to enable your subscription for a one-time free technical support request.

    Findings:

    Based off your issue it sounds like you might be experiencing a problem with stale devices within your Azure AD tenant.

    What is a stale device?

    A stale device is a device that has been registered with Azure AD but hasn't been used to access any cloud apps for a specific timeframe. Stale devices have an impact on your ability to manage and support your devices and users in the tenant because:

    • Duplicate devices can make it difficult for your helpdesk staff to identify which device is currently active.
    • An increased number of devices creates unnecessary device writebacks increasing the time for Azure AD connect syncs.
    • As a general hygiene and to meet compliance, you may want to have a clean state of devices.

    Stale devices in Azure AD can interfere with the general lifecycle policies for devices in your organization.

    To hopefully resolve your issue, you can try to detect these stale devices within Azure AD by using a timestamp-related property called ApproximateLastLogonTimestamp or activity timestamp. For more info - How is the value of the activity timestamp managed.

    Note: If you have a Windows 11 or Windows 10 device that isn't working with Azure AD, I also recommend running the Troubleshooter to help identify and hopefully resolve issues with your device(s).


    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.