Share via

Stale Devices and Compliance Policies

Fred2K 41 Reputation points
2021-11-18T22:26:09.92+00:00

Hi,

As I have recently learned from a previous question, devices which have not checked in with MEM/InTune for more than the Compliance status validity period (30 days by default) go stale. I had a few questions on this please:

  1. What happens to these stale devices if the end user turns them back on after 30 days? Will they be in the same configuration that they were in previously, and continue to "work" but just not be able to pick up and new changes from InTune?
  2. Does the Compliance status validity period definitely make devices go stake even if there are no Compliance Policies setup?
  3. If I perform a Device Clean-up, I understand that this will clear off those devices from InTune, but what happens at the device end? I'm guessing nothing, but just wanted to check.
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,814 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,743 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Eswar Koneti 2,201 Reputation points
    2021-11-19T00:25:14.747+00:00

    Hi,
    InTune!=Intune.
    Compliance status validity period has nothing to do with stale devices. They both serve for different purpose.
    If Compliance status validity period is grace period that helps to mark the device non-compliance.
    Stale device is calculated based on the last device check-in timeframe. For more information about stale device or device cleanup in Intune, please refer https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe#automatically-delete-devices-with-cleanup-rules

    1. Stale devices are devices that are offline/ not able to check-in. If the device check-in after x days, they continue to receive the configurations/apps etc and work. you can configure conditional access policies to block devices accessing the o365 resources that are not compliant. CA policies are bigger in scope.
    2. This is explained above.
    3. read here for more information https://learn.microsoft.com/en-us/mem/intune/user-help/unenroll-your-device-from-intune-windows#what-happens-if-you-remove-device-from-intune

    Thanks,
    Eswar
    www.eskonr.com

    1 person found this answer helpful.
  2. Eswar Koneti 2,201 Reputation points
    2021-11-21T08:14:48.22+00:00

    The filed is last check-in in the devices blade in endpoint portal https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesMenu/mDMDevicesPreview

    151139-image.png

    Thanks,
    Eswar
    www.eskonr.com

  3. Simon Ren-MSFT 32,221 Reputation points Microsoft Vendor
    2021-11-22T09:21:23.197+00:00

    Hi,

    Generally speaking, Intune notifies the device to check in with the Intune service about every 8 hours to get the policy or profile. If Last check in is more than 24 hours, there may be an issue with the device, it may turn off or lose network connect with Iutune. In this case, the device gets the policy or profile on its next scheduled check-in with the Intune service when it's available. The same applies to checks for non-compliance, including devices that move from a compliant to a non-compliant state.

    The Sync device action forces the selected device to immediately check in with Intune. When a device checks in, it immediately receives any pending actions or policies that have been assigned to it. This feature can help you immediately validate and troubleshoot policies you've assigned, without waiting for the next scheduled check-in.
    Sync devices to get the latest policies and actions with Intune

    Best regards,
    Simon

    If the response is helpful, please click "Accept Answer" and upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.