question

PhillipCoronakes-2896 avatar image
0 Votes"
PhillipCoronakes-2896 asked lukerees-7997 answered

Intune - non-compliant devices showing without compliancy issues

Seems to be issues going on with devices showing as non-compliant, when they are infact, compliant.

I've got two different types of compliancy reporting issues;
- Device shows as not compliant, but compliance policies are showing as Compliant (green tick)
- Devices show as not compliant, and the compliancy policy shows as not compliant, but for the item in particular that isn't compliant (i've got some with realtime detection not enabled, firewall not enabled, require bitlocker) the setting on the machine is infact correctly enabled and set.

Is anyone else running into issues where compliancy just isn't accurately reporting? Any known work arounds or fixes?

mem-intune-generalmem-intune-device-configurations
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NickHogarth-MVP avatar image
0 Votes"
NickHogarth-MVP answered PhillipCoronakes-2896 commented

For 2 - is this for System account showing as non-compliant? If so, see https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-monitor#drill-down-for-more-details

"If no user is signed in to the device, the device with the targeted device compliance policy will send a compliance report back to Intune showing System Account as the user principal name. This happens because a device compliance policy was targeted to either a group of users or devices, and no user was signed into the device at the time the compliance policy was evaluated."

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

No that isnt the case - the compliance is for the actual user. I'm aware of the other system account issue. Appreciate the reply.

0 Votes 0 ·
LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered PhillipCoronakes-2896 commented

@PhillipCoronakes-2896 Thanks for posting in our Q&A.

For 1, it seems that the compliance state doesn't keep same in device and the policy itself. It is suggested to try to sync the device and the check if the compliance state is normal.

If this issue still exists, it is better to create an online support ticket to feedback and find if there is any method can fix it. It is free. Here is the online support link and hope it helpful.
https://docs.microsoft.com/en-us/mem/intune/fundamentals/get-support


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Tried re-syncing device, rebooting, changing policy from user to device group and vice versa. Tried creating a new compliance policy as well - same thing.

I'll open a case i guess and persavere with support.

0 Votes 0 ·
yannara avatar image
0 Votes"
yannara answered

I've seen some serious problems with detecting Defender Firewall with compliance policies, but I think that has been fixed. For testing purposes, consider to change the default 60 days evaluation period to 1, and play around with it. Company Portal has the compliance view behind device option, and it shows you what's wrong, you can also initiate the re-evaluation from there.

I have small doubt around compliance that it may not work 100% bullet proof yet, as it should :)

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

lukerees-7997 avatar image
0 Votes"
lukerees-7997 answered

I am seeing an issue where the compliance policy shows 'error' against the firewall and AV, yet under device view they are reporting as compliant. Also the error is intermittent.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.