Kiosk devices return Policy Compliance Status of Not Applicable for All Devices targeted policies.
Good morning,
We are looking at migrating our compliance policies to Intune and I have found that devices with no primary UPN listed don't return a compliance value instead returning not applicable. The policy in question is a check for the latest secure boot certificate status (basically checking several registry values). I can see in the logs that the computer does run the custom compliance script but in intune shows not applicable. When I have logged into the machines to troubleshoot them, they eventually return a value.
The service account I have logging into them does not have a M365 license. I could assign it one but it is used across about 40 devices that function as signs in our warehouses. I am unsure if this will resolve the problem or create more confusion in intune.
I have realized that we need to purchase some device-only Intune Licenses for license compliance and I am curious if that is going to fix the issue or not. It seems like these licenses don't really get assigned directly you just purchase them for MS license compliance. I have read several strategies including removing any primary user UPN.
This has me second guessing using Intune for compliance management. Especially because in the device view the devices show compliant. I have found you can change the behavior to show not compliant as well.
Any clarifications or advice from admins who have solved this? Really appreciate your help!