Stale Devices and Compliance Policies

Fred2K 41 Reputation points


As I have recently learned from a previous question, devices which have not checked in with MEM/InTune for more than the Compliance status validity period (30 days by default) go stale. I had a few questions on this please:

  1. What happens to these stale devices if the end user turns them back on after 30 days? Will they be in the same configuration that they were in previously, and continue to "work" but just not be able to pick up and new changes from InTune?
  2. Does the Compliance status validity period definitely make devices go stake even if there are no Compliance Policies setup?
  3. If I perform a Device Clean-up, I understand that this will clear off those devices from InTune, but what happens at the device end? I'm guessing nothing, but just wanted to check.
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,752 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,499 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Eswar Koneti 2,201 Reputation points

    Compliance status validity period has nothing to do with stale devices. They both serve for different purpose.
    If Compliance status validity period is grace period that helps to mark the device non-compliance.
    Stale device is calculated based on the last device check-in timeframe. For more information about stale device or device cleanup in Intune, please refer

    1. Stale devices are devices that are offline/ not able to check-in. If the device check-in after x days, they continue to receive the configurations/apps etc and work. you can configure conditional access policies to block devices accessing the o365 resources that are not compliant. CA policies are bigger in scope.
    2. This is explained above.
    3. read here for more information


    1 person found this answer helpful.

  2. Eswar Koneti 2,201 Reputation points

    The filed is last check-in in the devices blade in endpoint portal



  3. Simon Ren-MSFT 30,906 Reputation points Microsoft Vendor


    Generally speaking, Intune notifies the device to check in with the Intune service about every 8 hours to get the policy or profile. If Last check in is more than 24 hours, there may be an issue with the device, it may turn off or lose network connect with Iutune. In this case, the device gets the policy or profile on its next scheduled check-in with the Intune service when it's available. The same applies to checks for non-compliance, including devices that move from a compliant to a non-compliant state.

    The Sync device action forces the selected device to immediately check in with Intune. When a device checks in, it immediately receives any pending actions or policies that have been assigned to it. This feature can help you immediately validate and troubleshoot policies you've assigned, without waiting for the next scheduled check-in.
    Sync devices to get the latest policies and actions with Intune

    Best regards,

    If the response is helpful, please click "Accept Answer" and upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.