Azure AD shows device compliance as "NA" while intune shows it as compliant

Stanislaw Koltschin 6 Reputation points
2022-08-03T12:54:32.307+00:00

Hi

For all our Azure AD registered devices Azure AD shows their compliance (property isCompliant) as N/A, even though in Intune they show up as compliant.
Ony Android, iOS or Windows Autopilot devices reflect the compliance correctly.
All the BYOD / Azure AD registered devices, regardless if registered via Company Portal App or Work Account connect, show up as N/A.

Any ideas how we can fix that?

That attribute isCompliant is important for conditional access rules etc.

Best regards

Stan

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,994 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,451 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Reinhard Schwarz 11 Reputation points
    2024-03-12T18:19:46.3+00:00

    I am facing exactly the same situation, Microsoft 365 E3 with Intune license assigned to users, Intune device compliance policies all green at the devices in question, devices onboarded through Company Portal which displays "Compliant", work profile successfully created and devices synchronized multiple times over multiple days but still: Devices are marked incomplete in Entra ID, no MDM linked and Compliance field still N/A.

    There's solely Intune configured as MDM, MDM user scope is assigned to one group containing all internal employees with E3 license assigned, no WIP user scope used.

    Really frustrating because Conditional Access Policies keep failing as we require compliant devices to access our resources thus our users are locked out.

    Are there any news on this issue, is there a fix available, can we expect further investigation at Microsoft?

    Thanks!

    1 person found this answer helpful.

  2. Crystal-MSFT 48,156 Reputation points Microsoft Vendor
    2022-08-04T01:31:01.053+00:00

    @Stanislaw Koltschin , From your description, it seems the Azure AD register device didn't get the compliance status in Azure AD while it is compliant in Intune. if there's any misunderstanding, please let us know.

    Based on my checking in my environment, the Azure AD register device which is enrolled into Intune can see the compliant status in Azure AD as well. But it needs some time.

    For your situation, please ensure the user has Azure AD premium license and Intune license assigned, restart the device and wait some more time to see if the compliance status will show in Azure AD.

    however, if the issue still persists, I think the issue may occur on the background when sync the status from Intune to Azure AD. Here, we suggest to open case to check in the background to help on this issue:
    https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-troubleshooting-support-howto

    Thanks for your understanding and hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. Rudy Ooms 611 Reputation points MVP
    2023-08-17T08:36:53.8566667+00:00

    Mmm.... at first you could think it is something todo about the mdm/mam scope

    https://call4cloud.nl/2021/08/the-battle-between-aadj-and-aadr/

    so lets start from there... could you verify the aadr devices are indeed intune enrolled ?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.