question

32122405 avatar image
0 Votes"
32122405 asked saldana-msft edited

Auto-pilot device turning non-compliant

I am enrolling a device using Auto-pilot user driven mode.
In order to make it a shared device I am removing the primary user of the device.
Hence a different number of users are able to login to the system.

But after some days of keeping the machine in switched off mode, the device become non-compliant in Intune.
The reason of non-compliance is Is Active parameter is non-compliant
After becoming non-compliant in Intune, if I try to login to the device it asks for MFA and re-authentication.
I want to avoid the MFA for the users and want to know the reason on why MFA is required once device in non-compliant.

mem-intune-generalmem-intune-enrollment
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I hit this scenario couple of times and there is MS article documented on the MFA if you have CA policy created. Refer this article https://docs.microsoft.com/en-us/troubleshoot/mem/intune/troubleshoot-co-management-auto-enrolling#devices-fail-to-sync-after-auto-enrollment if you are match with this.

But can you check why the device is non-compliance and what settings are not compliant on the device?

Thanks,
Eswar
www.eskonr.com

1 Vote 1 ·
32122405 avatar image 32122405 EswarKoneti-MVP ·

@EswarKoneti-MVP , as stated the device is non-compliant due to "Is Active" Parameter.
I would like to avoid the re-authentication with the MFA.
Could you please provide the steps on how should I remove or change the policy ?

0 Votes 0 ·

@AskIntuneQuestion-0572, For “Is active", it verifies if the device is checking with Intune or not. After the MFA is finished, will the "last check in" status of the device be updated? Will the status be changed to compliant?

0 Votes 0 ·

@Crystal-MSFT , I really want to avoid the MFA part. Is there any way to do it ?

0 Votes 0 ·

1 Answer

RahulJindal-2267 avatar image
0 Votes"
RahulJindal-2267 answered

Could be related to PRT getting expired. Here is some information in relation to it.concept-primary-refresh-token



As for MFA, do you have a CA policy enforced which uses device state as a condition? I normally look at azure sign-ins for clues.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.