You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/protect/compliance-policy-monitor.md
+20-12Lines changed: 20 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ keywords:
7
7
author: brenduns
8
8
ms.author: brenduns
9
9
manager: dougeby
10
-
ms.date: 08/24/2022
10
+
ms.date: 10/17/2022
11
11
ms.topic: how-to
12
12
ms.service: microsoft-intune
13
13
ms.subservice: protect
@@ -36,6 +36,16 @@ Compliance reports help you understand when devices fail to meet your [complianc
36
36
- The compliance status for an individual policy
37
37
- Drill down into individual devices to view specific settings and policies that affect the device
38
38
39
+
This article applies to:
40
+
41
+
- Android device administrator
42
+
- Android (AOSP) (preview)
43
+
- Android Enterprise
44
+
- iOS/iPadOS
45
+
- Linux (Ubuntu Desktop, version 20.04 LTS)
46
+
- macOS
47
+
- Windows 10 and later
48
+
39
49
## Open the compliance dashboard
40
50
41
51
Open the **Intune Device compliance dashboard**:
@@ -72,11 +82,11 @@ Descriptions of the different device compliance policy states:
72
82
73
83
-**Compliant**: The device successfully applied one or more device compliance policy settings.
74
84
75
-
-**In-grace period:** The device is targeted with one or more device compliance policy settings. But, the user hasn't applied the policies yet. This status means the device is not-compliant, but it's in the grace period defined by the admin.
85
+
-**In-grace period:***(This status isn’t supported by Linux)*The device is targeted with one or more device compliance policy settings. But, the user hasn't applied the policies yet. This status means the device is not-compliant, but it's in the grace period defined by the admin.
76
86
77
87
- Learn more about [Actions for noncompliant devices](actions-for-noncompliance.md).
78
88
79
-
-**Not evaluated**: An initial state for newly enrolled devices. Other possible reasons for this state include:
89
+
-**Not evaluated**: *(This status isn’t supported by Linux)*An initial state for newly enrolled devices. Other possible reasons for this state include:
80
90
81
91
- Devices that aren't assigned a compliance policy and don't have a trigger to check for compliance
82
92
- Devices that haven't checked in since the compliance policy was last updated
@@ -87,12 +97,13 @@ Descriptions of the different device compliance policy states:
87
97
88
98
-**Not-compliant:** The device failed to apply one or more device compliance policy settings. Or, the user hasn't complied with the policies.
89
99
90
-
-**Device not synced:** The device failed to report its device compliance policy status because one of the following reasons:
100
+
-**Device not synced:***(This status isn’t supported by Linux)*The device failed to report its device compliance policy status because one of the following reasons:
91
101
92
102
-**Unknown**: The device is offline or failed to communicate with Intune or Azure AD for other reasons.
93
-
94
103
-**Error**: The device failed to communicate with Intune and Azure AD, and received an error message with the reason.
95
104
105
+
-**Checking status**: *(Applies only to Linux)* Intune is currently evaluating the devices compliance your organization’s policies.
106
+
96
107
> [!IMPORTANT]
97
108
> Devices that are enrolled into Intune, but not targeted by any device compliance policies are included in this report under the **Compliant** bucket.
98
109
@@ -103,12 +114,12 @@ When a setting for a compliance policy returns a value of **Error**, the complia
103
114
##### Examples:
104
115
105
116
- A device is initially marked **Compliant**, but then a setting in one of the compliance policies targeted to the device reports **Error**. After three days, compliance evaluation completes successfully and the setting now reports **Not compliant**. The user can continue to use the device to access Conditional Access-protected resources within the first three days after the setting states changes to **Error**, but once the setting returns **Not compliant**, the device is marked **Not compliant** and this access is removed until the device becomes **Compliant** again.
106
-
117
+
107
118
- A device is initially marked **Compliant**, but then a setting in one of the compliance policies targeted to the device reports **Error**. After three days, compliance evaluation completes successfully, the setting returns **Compliant**, and the device's compliance status becomes **Compliant**. The user is able to continue to access Conditional Access protected resources without interruption.
108
119
109
-
- A device is initially marked **Compliant**, but then a setting in one of the compliance policies targeted to the device reports **Error**. The user is able to access Conditional Access protected resources for seven days, but after seven days, the compliance setting still returns **Error**. At this point, the device becomes Not compliant immediately and the user loses access to the protected resources until the device becomes **Compliant** – even if there's a grace period set for the applicable compliance policy.
120
+
- A device is initially marked **Compliant**, but then a setting in one of the compliance policies targeted to the device reports **Error**. The user is able to access Conditional Access protected resources for seven days, but after seven days, the compliance setting still returns **Error**. At this point, the device becomes Not compliant immediately and the user loses access to the protected resources until the device becomes **Compliant**, even if there's a grace period set for the applicable compliance policy.
110
121
111
-
-A device is initially marked **Not compliant**, but then a setting in one of the compliance policies targeted to the device reports Error. After three days, compliance evaluation completes successfully, the setting returns **Compliant**, and the device's compliance status becomes **Compliant**. The user is prevented from accessing Conditional Access protected resources for the first three days (while the setting returns **Error**). Once the setting returns **Compliant** and the device is marked **Compliant**, the user can begin to access protected resources on the device.
122
+
- A device is initially marked **Not compliant**, but then a setting in one of the compliance policies targeted to the device reports Error. After three days, compliance evaluation completes successfully, the setting returns **Compliant**, and the device's compliance status becomes **Compliant**. The user is prevented from accessing Conditional Access protected resources for the first three days (while the setting returns **Error**). Once the setting returns **Compliant** and the device is marked **Compliant**, the user can begin to access protected resources on the device.
112
123
113
124
#### Drill down for more details
114
125
@@ -224,7 +235,4 @@ Policy conflicts can occur when multiple Intune policies are applied to a device
0 commit comments