Check Users Assigned Device Compliance Enforcement
- Navigate to the Groups – Entra ID portal, locate and select the search bar at the top and specify Users.DeviceCompliance for the group search criteria. Select the returned value to verify which users are receiving the device compliance conditional access policy enforcement.
- From the Overview page of the selected Group, locate and select the Members tab. Here you will see a list of all users who are actively being required to access Microsoft tied resources with a complaint device.
- If you access this group and you see a discrepancy in your membership enforcement; it may be necessary to reference this guide on assigning users to groups in Entra ID. A discrepancy can led to users accessing Microsoft tied resources from a potentially vulnerable machine.
Common Questions
- If you assign a user to this group that does not have an Intune joined device, thus not having the ability to have a compliance policy enforcement and have a true compliant or non-complaint device state. They will be prevented from accessing Microsoft tied resources until they can have a complaint device, which can be problematic for productivity so please verify that the user account you are assigning has an Intune joined device present and that it is passing device compliance criteria.
- If a device entry you are looking at for the associated user is showing non-compliant in the portal, it may be necessary to browse the Intune portal and within the device entry find the specific settings that are failing and causing the non-compliant state. Remediation paths can verify but referencing the following guide can alleviate some of the more common setting failures that are encountered for machines.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.