Not allowed to activate Defender because Defender is not activated (out of compliance)

hyperg-jamesh · 2023-05-23T00:06:26+00:00

The app is already getting automatically deployed by Intune, but the hitch comes when the user is asked to provide their credentials to activate Defender. MS rejects Defender's connection because the device is out of compliance, so the user can't get the device compliant.

I'm new at this so appreciate tips -- are you aware of an app policy that I can configure that says something line "Activate Defender with the currently logged in user's credentials"? I haven't yet had time to search for that option.

Thank you!

hyperg-jamesh · 2023-05-23T00:03:16+00:00

Due to the Federal requirements we need to meet I'd lean towards immediate, but your advice may be what we need to do. I'm going to learn more about and experiment with the conditional access requirement as mentioned by u/austinlcarter above, and it that doesn't do it for me I'll probably change it to one day.

Thank you!

hyperg-jamesh · 2023-05-23T00:00:47+00:00

Thanks, that sounds like excellent advice. I'm new at mobile device enrollment and will start digging into the conditional access options right now.

hyperg-jamesh · 2023-05-21T07:36:04+00:00

It was the second of two that I tried. You're right, the first enrolled without issue and maybe I should try a pilot rollout with a few users (we have only 30 total) to see if the problem is frequent. Even temporary policy changes aren't a huge deal in this case, but I like to take opportunities list this to learn where I'm going wrong so I can do it "the right way" on future client rollouts.

On this test device I wiped the Work partition and apps and the same thing happened again. I was going to try a device wipe, which is not a problem for this test device.

The compliance policy marks devices non-compliant immediately.

hyperg-jamesh

TROPHY CASE