Non-Compliance of Devices in Azure AD without InTune

BK 46 Reputation points
2022-06-30T18:05:09.117+00:00

I have a number of devices that are showing up as Not Compliant in our Azure AD devices view, they are all Azure AD Registered and none of them are managed by InTune, so I am trying to determine: Why are they marked as Non-Compliant and how can I fix this?

216595-capturec2.jpg

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,818 questions
{count} votes

8 answers

Sort by: Most helpful
  1. jpcapone 1,441 Reputation points
    2022-08-23T21:23:18.947+00:00

    I am experiencing a similar issue. The devices are showing as non compliant. However, there are no policies that reflect this finding. Can anyone shed some insight into this issue?

    234222-image.png
    234100-image.png

    2 people found this answer helpful.
    0 comments No comments

  2. Trix M 16 Reputation points
    2022-12-09T06:51:30.73+00:00

    Just for interest, in case it affects anyone else, we also recently found hybrid Azure devices (domain-joined Win 10 machines) in a non-MDM/Intune environment that were showing as non-compliant. All joined since the 30th of November. Previously-joined devices were showing as N/A as expected.

    After locating the never-used Policy page in Azure Portal (https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/), I found the ASC Default policy (part of Defender for Cloud) has somehow become enabled on our main subscription. It seems that some Defender for Cloud trial licenses got assigned and resources in the subscription came into scope.

    What exactly happened with this feature and policy being enabled is still unclear, but for us, it is this ASC Default policy applied in the subscription that is causing the most recently-joined machines to be marked as "non-compliant".

    Nothing can possibly be compliant with this policy in our environment, since it hasn't been designed for it - we don't use Defender for Cloud.

    I note that last month "Governance Rules at Scale" was released into Preview for Defender for Cloud, where bulk rules can be configured at subscription, connectors or various scopes. I wonder if these changes may have suddenly "activated" this policy, at least for us.

    1 person found this answer helpful.

  3. James Hamil 24,666 Reputation points Microsoft Employee
    2022-06-30T23:39:53.03+00:00

    Hi @BK , the best place to start for this is here. Please look through this and it should help with finding the cause. And then fixing it should come easily. If you're still having issues please let me know and I can help you further!

    If this answer helped you please mark it as "Verified" so other users can reference it.

    Thank you,
    James

    0 comments No comments

  4. BK 46 Reputation points
    2022-08-01T12:58:33.95+00:00

    @James Hamil We have no Azure Policy set up.

    226767-image.png

    Any other thoughts? Also, our Non-Compliant devices has increased in number to 224 from the original post.

    0 comments No comments

  5. David Dick 1 Reputation point
    2022-09-29T08:57:42.137+00:00

    We have a similar issue.
    245966-image.png

    246021-image.png

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.