Have you considered using a scheduled grace period for non-compliance: https://learn.microsoft.com/en-us/mem/intune/protect/actions-for-noncompliance#add-actions-for-noncompliance
It takes about 30 minutes before device is compliant
When we enroll an Windows 10 device with autopilot and the user signs in for the first it takes about 30 minutes before the device is flagged as compliant. Because we use conditional access policies with a compliancy check, the user is not able to use MS Teams or OneDrive for example before that.
The compliancy policy is assigned to devices not users, and requires Bitlocker, code integrity, firewall, TPM, Antivirus, Antispyware, Defender and real-time protection.
Mostly the device is not compliant because of the Bitlocker check, sometimes the encrypted process is still running.
Can somebody give me some tips about what's the safest way to accomplish this case? We want to send the devices as pre-provisioned devices, but then the process needs to be 100% bullet proof so that the user can start using the apps immediately after signin for the first time.
Thanks for reading and hopefully someone can put me in the right direction.
-
Jason Sandys 31,286 Reputation points Microsoft Employee
2020-11-02T01:56:14.22+00:00
1 additional answer
Sort by: Most helpful
-
Crystal-MSFT 47,616 Reputation points Microsoft Vendor
2020-11-02T02:49:49.207+00:00 @ChielD1975 , Based on my research, I find that Bitlocker encryption gets triggered in the User Phase during ESP when post completing Device Setup before ESP enters the Account Setup phase which will cost time of the user for the Bitlocker encryption.
We can try Jason's suggestion to add a scheduled grace period to see if the condition access policy can be passed and if the MS Teams or OneDrive can access successfully.
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.