Intune - non-compliant devices showing without compliancy issues

Phillip Coronakes 1 Reputation point
2021-07-30T03:21:34.177+00:00

Seems to be issues going on with devices showing as non-compliant, when they are infact, compliant.

I've got two different types of compliancy reporting issues;

  • Device shows as not compliant, but compliance policies are showing as Compliant (green tick)
  • Devices show as not compliant, and the compliancy policy shows as not compliant, but for the item in particular that isn't compliant (i've got some with realtime detection not enabled, firewall not enabled, require bitlocker) the setting on the machine is infact correctly enabled and set.

Is anyone else running into issues where compliancy just isn't accurately reporting? Any known work arounds or fixes?

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,750 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,480 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Nick Hogarth 3,436 Reputation points
    2021-07-30T04:26:45.477+00:00

    For 2 - is this for System account showing as non-compliant? If so, see https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-monitor#drill-down-for-more-details

    "If no user is signed in to the device, the device with the targeted device compliance policy will send a compliance report back to Intune showing System Account as the user principal name. This happens because a device compliance policy was targeted to either a group of users or devices, and no user was signed into the device at the time the compliance policy was evaluated."


  2. Lu Dai-MSFT 28,356 Reputation points
    2021-07-30T07:23:32.963+00:00

    @Phillip Coronakes Thanks for posting in our Q&A.

    For 1, it seems that the compliance state doesn't keep same in device and the policy itself. It is suggested to try to sync the device and the check if the compliance state is normal.

    If this issue still exists, it is better to create an online support ticket to feedback and find if there is any method can fix it. It is free. Here is the online support link and hope it helpful.
    https://learn.microsoft.com/en-us/mem/intune/fundamentals/get-support


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. Pavel yannara Mirochnitchenko 11,986 Reputation points MVP
    2021-08-01T10:39:41.977+00:00

    I've seen some serious problems with detecting Defender Firewall with compliance policies, but I think that has been fixed. For testing purposes, consider to change the default 60 days evaluation period to 1, and play around with it. Company Portal has the compliance view behind device option, and it shows you what's wrong, you can also initiate the re-evaluation from there.

    I have small doubt around compliance that it may not work 100% bullet proof yet, as it should :)

    0 comments No comments

  4. luke rees 1 Reputation point
    2021-10-20T12:23:56.46+00:00

    I am seeing an issue where the compliance policy shows 'error' against the firewall and AV, yet under device view they are reporting as compliant. Also the error is intermittent.

    0 comments No comments