My organisation have few devices which shows as Azure AD registered but the complaint status in No. what could be potentially causing it and also I can see multiple object Id and device ID for same device in Azure AD. These device are showing as Domain Jo

Deepu Raj 0 Reputation points
2023-12-05T22:03:39.7333333+00:00

My organisation have few devices which shows as Azure AD registered but the complaint status in No. what could be potentially causing it and also I can see multiple object Id and device ID for same device in Azure AD. These device are showing as Domain Jo

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,581 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Carlos Solís Salazar 17,786 Reputation points MVP
    2023-12-07T16:18:54.6466667+00:00

    The status of devices showing as Azure AD registered but not compliant could be due to several reasons:

    1. Compliance Policy: The devices may not meet the criteria set in your compliance policies. This could be due to outdated software, missing security updates, or configuration issues.
    2. Sync Issues: There could be synchronization issues between the device and Azure AD, possibly due to network problems or errors in communication.

    Regarding multiple object IDs and device IDs for the same device, this could be a result of:

    1. Duplicate Entries: Devices might have been re-registered or reset, creating duplicate entries in Azure AD.
    2. Registration Process Issues: There might have been issues during the registration process, leading to multiple entries.

    To resolve these issues, review your compliance policies and device registration process. Ensure devices are updated and meet compliance requirements, and consider cleaning up any duplicate entries in Azure AD.


  2. Sandeep G-MSFT 16,691 Reputation points Microsoft Employee
    2024-01-03T07:22:44.41+00:00

    @Deepu Raj

    The status of device compliance comes from Intune. Intune is the one sets the status of device as complaint or not.

    The devices may not meet the criteria set in your compliance policies. This could be due to outdated software, missing security updates, or configuration issues.

    You can check below thread to get more information about device compliance status.

    https://learn.microsoft.com/en-us/answers/questions/660827/microsoft-intune-device-not-compliant

    For multiple enteries of device in Entra ID you can check as below,

    When the same device ends up with two different identities in Azure AD, it is known as a Dual state in AAD terminology. This usually happens when your users add their accounts to apps on a domain-joined device, they might be prompted with Add account to Windows, and if they enter Yes on the prompt, the device registers with Azure AD. The trust type is marked as Azure AD registered. After you enable hybrid Azure AD Join in your organization, the device also gets hybrid Azure AD joined. Then two device states show up for the same device.

    Note: Hybrid Azure AD join takes precedence over the Azure AD registered state. So, your device is considered hybrid Azure AD joined for any authentication and Conditional Access evaluation. You can safely delete the Azure AD registered device record from the Azure AD portal. If the duplicate devices are very old and stale you can also check out steps mentioned on following document to clear those device entries: How To: Manage stale devices in Azure AD

    Additionally, you can check out the instructions provided under Handling devices with Azure AD registered state, if you want to avoid such a scenario.

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.