Microsoft Security | Intune | Compliance
Ensuring devices meet organizational security and compliance policies
Intune compliance - grace period vs not-compliant
Djordje Novakovic
626
Reputation points
Hello,
We work in hybrid environment, with Intune only and co-managed machines.
I assume that there might be some delays in communication between SCCM agent and Cloud Management Gateway, and also I change compliance policy during the testing phase(first started without grace period, then added 7 days, then 30 days)...
Why does some device is in "grace period" and other one is "not-compliant" if they have the same issue that have to be fixed to become "compliant"? Could it be related to policy updates that I made for grace period while testing?
In-grace period: The device is targeted with one or more device compliance policy settings. But, the user hasn’t applied the policies yet. This means the device is not-compliant, but it’s in the grace-period defined by the admin.
Not-compliant: The device failed to apply one or more device compliance policy settings. Or, the user hasn’t complied with the policies.
The main question is - Should each device first fall into a grace period before becoming not-compliant?
Just thinking about possible reasons.
Thanks!
Microsoft Security | Intune | Compliance
Microsoft Security | Intune | Other
Microsoft Security | Intune | Other
Other Intune-related topics, including unsupported scenarios and platform-specific behaviors
{count} votes
-
Djordje Novakovic 626 Reputation points
2023-10-17T10:38:28.91+00:00 I prepared new machine to test this again with different policy and it became not-compliant 15 minutes after enrollment.
However, my compliance policy has this setting:
I would expect that machine is in grace period for 2 days and after that to be not-compliant and after that receive an email. Am I right?
I have noticed that Intune is slow with syncing these policies, statuses,... and we have to be patient while testing this and give it some time.
Thanks
-
Djordje Novakovic 626 Reputation points
2023-10-17T11:50:31.56+00:00 I tested it again and again and finally achieved the "in grace period" status :)
Configuration looks good now.I did tests with existing policy and without grace period configured, then my devices became not-compliant and after that I changed some settings, grace period in days,... and that applied only to new devices.
When I created a new policy and applied it to a new device it fell into the grace period.
As I already said, need to be patient and give it some time and test it again and again.
Sign in to comment
1 answer
Sort by: Most helpful
-
Deleted
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
1 deleted comment
Comments have been turned off. Learn more