This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi ,
I've seen some non-compliant machines in my Intune environment due to default compliance policies. My query is about where these default policies are applied from and how to remediate them, as I haven't seen any such policies in configuration or compliance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@TechUST, Thanks for posting in Q&A. In Fact, the default compliance policies in Intune are tenant-wide settings that are like a built-in compliance policy that every device receives. These policies set a baseline for how compliance policy works in your Intune environment, including whether devices that haven’t received any device compliance policies are compliant or noncompliant and Compliance status validity period (days).
For the non-compliant device, please check which setting shows non-compliant. For example, if "Is active" shows not compliant, then it means the device hasn't reported to Intune for a long time which is longer than the days we configure under "Compliance status validity period (days). ".
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@TechUST, Hope the above information can help. If there's anything else we can help, feel free to let us know.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 96%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EX%3C/text%3E%3C/svg%3E)
@TechUST There are two parts to compliance policies in Intune:
So, how did you configure under Endpoint security > Device compliance > Compliance policy settings? If you configure the setting "Mark devices with no compliance policy assigned as" to "Not compliant", it means devices that haven’t received a device compliance policy are considered noncompliant.
https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started