![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 10%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Microsoft Security | Intune | Other
Other Intune-related topics, including unsupported scenarios and platform-specific behaviors
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 86%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELD%3C/text%3E%3C/svg%3E)
@NigelPrattley-0904 Thanks for posting in our Q&A. From your description, I know the devices that have enabled secure boot are still shown as Not Compliant in Intune.
Based as I know, the “Require Secure Boot to be enabled on the device” setting is supported on TPM 1.2 and 2.0 devices. For devices that don't support TPM 2.0 or later, the policy status in Intune may show as Not Compliant. For our issue, the possible reason is the TPM version of the devices don't meet the requirements of Intune. So we suggest to check if the TPM version of these devices are supported by Intune or not. We can get a detailed procedure in this document.
https://learn.microsoft.com/en-us/troubleshoot/mem/intune/secure-boot-enabled-device-shows-not-compliant
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
