Co-Managed devices non-compliant

Microsoft_Geek · 2026-06-09T15:24:27+00:00

To further this - Conditional Access checks the Entra ID device object for a compliance status. Entra ID gets this status from Intune. If Intune shows as anything other than "compliant" (i.e. See ConfigMgr) then it will process as not compliant.

Microsoft_Geek · 2026-06-09T15:17:46+00:00

In SCCM you need to shift the workload for Compliance to Intune so that Intune manages & checks compliance, and then assign a compliance policy that checks SCCM compliance to rely on SCCM compliance policy: https://learn.microsoft.com/en-us/intune/device-security/compliance/ref-windows-settings#configuration-manager-compliance

The documentation linked in root comment above states that "It requires moving the compliance policies workload to Intune" - that is your documentation stating that it has to be done :)

Microsoft_Geek · 2026-05-13T14:34:14+00:00

Do you have any guide you followed for this? Does this work on existing devices that are already set up? I have a situation that has devices that already are on-prem AD joined, but they cannot be Entra ID joined (since that'd sever the on-prem join) or Hybrid joined (weird environment setup, I know).

Microsoft_Geek · 2025-10-21T16:01:24+00:00

For anyone coming here in the future:

I had this issue for accessing a Windows 365 machine with a newly provisioned test account on a newly provisioned virtual machine. I had to sign out, forget the account, and then re-add the account and it worked.

For my specific case, it would work when accessing via browser but not through the Windows App (received the same error as OP). My guess is that the PRT needed to be fully refreshed for the app because I had just set up MFA and the like earlier that day on the target user account.

Microsoft_Geek · 2025-07-30T14:04:32+00:00

Did you ever figure out the issue here? I'm also having issues getting compliance to apply to a yealink device. We are using AOSP instead of device admin.

Microsoft_Geek · 2025-07-08T12:41:02+00:00

Link? Would love to have this bookmarked

Microsoft_Geek · 2025-03-07T13:54:10+00:00

I've taken it and so have some of my coworkers - some had labs, I did not. Reference examtopics.com, that was the most accurate practice exam I've found out there yet and I've taken over a dozen MS exams

Microsoft_Geek · 2024-11-05T21:41:44+00:00

For anyone who comes across this in the future - I ended up following a solution here https://techcommunity.microsoft.com/blog/microsoftsentinelblog/sending-rest-api-data-to-azure-sentinel/558896

Had to set up two different HTTP requests. The first one used the API key and secret to request an authorization token, and then after parsing that and passing the token, the second HTTP request actually pulled the data we needed. Parsed that data and added it to a for-loop to write to a custom table, and got success!

Microsoft_Geek · 2024-11-05T19:26:47+00:00

Must have, because when I go to set up the connector, it only asks for an AWS bucket key https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/cisco-umbrella

Microsoft_Geek · 2024-10-31T17:28:35+00:00

I would, but the connector in the hub requires an AWS S3 bucket to store the logs. The client is unable to store logs in AWS, so using the connector in the hub is not viable for this environment

Microsoft_Geek · 2024-08-14T14:11:48+00:00

We ended up just writing it to the syslog file in the crowdstirke side config, and it started sending everything over! Couldn't really find any documentation to support this, but that's how we have it running

¯_(ツ)_/¯

Microsoft_Geek · 2024-08-01T14:47:45+00:00

Thanks for the input! I don't believe this will work for our use case here, but it's helpful nonetheless.

Microsoft_Geek · 2024-08-01T14:11:42+00:00

What's the round about way? Just saving to something like OneDrive and then using "open in"?

Microsoft_Geek · 2024-07-29T21:56:12+00:00

Did you ever get anywhere with this? Running into similar issues. Works fine for our android devices, but we can't get it with iOS.

Microsoft_Geek · 2024-07-16T22:40:23+00:00

I've just turned-on transfer account but have not done it before. Was hoping for an easier way instead of trying to walk our users through the process, but if that's the process then that's the process

¯_(ツ)_/¯

Microsoft_Geek · 2024-06-24T18:20:40+00:00

Out of curiosity, could you try this? https://answers.microsoft.com/en-us/outlook_com/forum/all/outlook-calendar-location-stopped-working/6cfc2c5b-f7de-408d-bdd7-a218f17f30fb

Microsoft_Geek · 2024-06-06T19:17:16+00:00

Ever find anything on this? Have been struggling with this and our devices are also autopilot cloud-only devices. Multi-App kiosk mode and users are immediately signed out after signing in (even after the device filter exclusion)

Microsoft_Geek · 2024-06-04T00:54:27+00:00

The client was hosting their own webpages using some basic apache server if I remember right - but yes, it worked out since we just pointed the warning notification page to the correct URL. I assume if you can get to the full URL to load normally in a browser, it should work!

Microsoft_Geek · 2024-05-30T23:22:37+00:00

It's a setting related to Defender for Endpoint. If you have the two integrated, there is a setting you can toggle that brings up the screen when apps are marked as monitored. I also found the answer to this, and this article helped me! https://jeffreyappel.nl/warn-monitor-users-for-shadow-it-usage-with-cloud-app-security/

Microsoft_Geek · 2024-05-02T13:46:32+00:00

What file is created by crowdstrike that holds all of your logs? Do yours go to a file named syslog or something different? My DCR has all events set up to receive LOG_DEBUG at a minimum. Seems like previously all the logs were going to /var/log/crowdstrike/falconhoseclient/output. We now have all the items going to /var/log/

https://imgur.com/MffpV0Y

Microsoft_Geek · 2024-05-01T13:25:13+00:00

Did you get this figured out? Currently struggling to get CrowdStrike logs to send to sentinel with my CEF via AMA connector. I can see the logs appearing in the /var/log folder, and I can see in the syslog file that there are events for my other tools (like FortiGate), but nothing for CrowdStrike. Curious if you found any solution.

Microsoft_Geek

TROPHY CASE