4,659 questions
What requirements have you set for compliance? Also, are you targeting device group or user group?
Microsoft Intune - Device Not Compliant
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 80%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENN%3C/text%3E%3C/svg%3E)
Nadhrah Nini
21
Reputation points
We have several computers that are not compliant with Microsoft Intune. Sometimes, after disconnecting and reconnecting from Microsoft Intune, it will compliant but just for 3 to 4 days then it will not compliant again.
Please advise.
Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Microsoft Security | Intune | Other
5,570 questions
4 answers
Sort by: Most helpful
-
Rahul Jindal [MVP] 10,911 Reputation points MVP2021-12-13T08:26:57.3+00:00 -
Nadhrah Nini 21 Reputation points
2021-12-13T08:35:12.933+00:00 Hi Rahul,
Below is the compliance policy set for the devices. Require encryption of data storage and Antivirus. It is for the device group.
Sign in to comment -
-
Lu Dai-MSFT 28,496 Reputation points2021-12-13T08:33:42.133+00:00 @Nadhrah Nini Thanks for posting in our Q&A.
To clarify this issue, we appreciate your help to collect some information:
1.Please check if there is a compliance policy deployed to the target device.
2.Please drill down the device to check which compliance policy isn't met.
3.Please show the screen shot of the setting in Devices > Compliance policies > Compliance policy settings.
4.Please note this message:
For devices with a user signed in - assign the compliance policy to a User group.
For devices without a user signed in - assign the compliance policy to a Device group.
Please refer to the following article to get more details:
https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-monitor#drill-down-for-more-detailsIf there is anything update, feel free to let us know.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.-
Nadhrah Nini 21 Reputation points
2021-12-13T09:10:25.88+00:00 Hi LuDaiMSFT-0289,
For No. 1: Yes the compliance policy is deployed to the target device.
For No. 2: It is Setting >> Antivirus (as below image)
For No. 3: As below image
For No. 4: If we assign by the user's email, is it assign the compliance policy to a User group?
Sign in to comment -
-
Rahul Jindal [MVP] 10,911 Reputation points MVP
2021-12-13T17:15:54.503+00:00 Thanks. So what do you have running for antivirus?
-
Nadhrah Nini 21 Reputation points
2021-12-14T01:39:50.617+00:00 Hi Rahul,
We're installing third party which is Sophos Anti-Virus.
-
Lu Dai-MSFT 28,496 Reputation points
2021-12-14T06:45:35.333+00:00 @Nadhrah Nini Thanks for your update.
From the picture you provided, it seems that the device failed an antivirus check, which makes it not compliant. In our official article, it says that check compliance using antivirus solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.
https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows#device-securitySo, it is needed to confirm if Sophos Anti-Virus is registered with Windows Security Center. Honestly, I'm not familiar with this third party antivirus solution. Given this situation, it is suggested to call Global Customer Service phone numbers or contact Sophos support to confirm it.
Thanks for understanding and hope everything goes well with you.
-
Nadhrah Nini 21 Reputation points
2021-12-14T07:45:03.013+00:00 Hi Ludai,
If the Sophos Anti-virus is not registered with the Windows Security Center, but the non-compliant is happens to a few devices only. All devices have been installed with the Sophos Anti-virus.
-
Rahul Jindal [MVP] 10,911 Reputation points MVP
2021-12-14T08:18:17.267+00:00 Then the compliance policy should work. Have you tried assigning the policy to user based group instead of devices? The compliance against device group can give incorrect results as it is evaluated for every user profile created on the device, including system account.
-
Nadhrah Nini 21 Reputation points
2021-12-16T07:16:07.623+00:00 Hi Rahul,
- How do we assign the policy to the user? Because we did not find the settings.
- If we assign the policy to the user, is it will be affected all devices?
- Can we group only the non-compliant devices and test assigning to the user-based groups?
-
Lu Dai-MSFT 28,496 Reputation points
2021-12-17T01:33:27.317+00:00 @Nadhrah Nini Thanks for your update.
I will clarify something what you are confused on. Please note:
- We couldn't mix devices and users in a same group.
- If we assign the policy to the user, it will affect all the devices that we use the user to login in.
To avoid widespread impact, it is recommended that you try a small scale test. Please try the following action:
- Please create a new compliance policy and the settings in the policy are same as the old one.
- Create a new group and add just a user in the group.
- Add the new user group in the new compliance policy's assignments.
- Please use the user to login in the device which shows "Not compliant".
- Check if the device's compliance status is changed.
-
Lu Dai-MSFT 28,496 Reputation points
2021-12-20T02:06:48.933+00:00 @Nadhrah Nini Is there any further update from you? If you have any questions or concerns on the recent information I've provided you, please don't hesitate to let me know.
-
Nadhrah Nini 21 Reputation points
2021-12-23T02:31:20.767+00:00 Hi LuDai,
Sorry for the late response, currently we're engaging with the team on this.
Sign in to comment -
-
Limitless Technology 39,926 Reputation points2021-12-17T20:22:52.393+00:00 Hello @Nadhrah Nini
Most likely this is because of:
a) a policy not being applied to the computer (and reported as not compliant after the verification cycle)
b) some authentication step that is not fulfilled (such as user leaves computer on for days without reentering their credentials/pin/MFAAll in all I would recommend to monitor the factor for not being compliant, following: https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-monitor
Then try to sync the machine manually: https://learn.microsoft.com/en-us/mem/intune/user-help/sync-your-device-manually-windows
And if there are policies still not applying you can follow the next troubleshooting steps: https://learn.microsoft.com/en-us/troubleshoot/mem/intune/troubleshoot-policies-in-microsoft-intuneHope this helps with your query,
----------
--If the reply is helpful, please Upvote and Accept as answer--
-
Nadhrah Nini 21 Reputation points
2021-12-23T02:36:37.987+00:00 I have checked the factor for not being compliant is under settings Antivirus as I attached an image earlier in this forum. However, we have installed the same antivirus software on the other machine, only these few machines are not compliant.
Please advise. Thank you.
Sign in to comment -