This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 51%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
I have a number of devices that are showing up as Not Compliant in our Azure AD devices view, they are all Azure AD Registered and none of them are managed by InTune, so I am trying to determine: Why are they marked as Non-Compliant and how can I fix this?
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 60%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
I am experiencing a similar issue. The devices are showing as non compliant. However, there are no policies that reflect this finding. Can anyone shed some insight into this issue?
Just for interest, in case it affects anyone else, we also recently found hybrid Azure devices (domain-joined Win 10 machines) in a non-MDM/Intune environment that were showing as non-compliant. All joined since the 30th of November. Previously-joined devices were showing as N/A as expected.
After locating the never-used Policy page in Azure Portal (https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/), I found the ASC Default policy (part of Defender for Cloud) has somehow become enabled on our main subscription. It seems that some Defender for Cloud trial licenses got assigned and resources in the subscription came into scope.
What exactly happened with this feature and policy being enabled is still unclear, but for us, it is this ASC Default policy applied in the subscription that is causing the most recently-joined machines to be marked as "non-compliant".
Nothing can possibly be compliant with this policy in our environment, since it hasn't been designed for it - we don't use Defender for Cloud.
I note that last month "Governance Rules at Scale" was released into Preview for Defender for Cloud, where bulk rules can be configured at subscription, connectors or various scopes. I wonder if these changes may have suddenly "activated" this policy, at least for us.
Here's a couple of screenshots of this policy - the main compliance page showing the policy attached to our parent subscription
And the policy detail showing the "non-compliant" resources, with the parent subscription first in the list and some random resources underneath.
@LeeM many freaking thanks for helping me on this. Amazing that a little known service or policy with Azure (soon to be Entra!) that's causing all of this unnecessary heartache! It's so odd that your post is 9 or so months old -- I'm just now dealing with the nonsense of non-compliant devices by way of this little-known "helper".
Once again, thanks so very much to the Microsoft Machine for blowing my week all to hell as I chase this down...exactly what I want to be doing on my Tuesday evening (after working all day on other issues with your lousy operating system...yeah, Windows 11 is...just like 8/8.1, Vista, Millenium, etc.).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 50%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
We have a similar issue.
@James Hamil We have no Azure Policy set up.
Any other thoughts? Also, our Non-Compliant devices has increased in number to 224 from the original post.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi @BK , the best place to start for this is here. Please look through this and it should help with finding the cause. And then fixing it should come easily. If you're still having issues please let me know and I can help you further!
If this answer helped you please mark it as "Verified" so other users can reference it.
Thank you,
James
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 71%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)