Hello all,
We are in the process of evaluating CPPM integration with MS Intune, I am referencing the latest extension technote (ClearPass_Integration-Guide_Microsoft-Intune_v2018-04.pdf).
I am curious about the compliance attribute, msft_complianceState attribute that is returned by Intune. Is this a True/False attribute or do the values map to the Intune Device Compliance Policy State as shown below.
Are there any other options for determining different levels of compliance?
Thanks!
Compliant: The device successfully applied one or more device compliance policy settings.
In-grace period: The device is targeted with one or more device compliance policy settings. But, the user hasn't applied the policies yet. This means the device is not-compliant, but it's in the grace-period defined by the admin.
Not evaluated: An initial state for newly enrolled devices. Other possible reasons for this state include:
- Devices that aren't assigned a compliance policy and don't have a trigger to check for compliance
- Devices that haven't checked in since the compliance policy was last updated
- Devices not associated to a specific user, such as:
- iOS/iPadOS devices purchased through Apple's Device Enrollment Program (DEP) that don't have user affinity
- Android kiosk or Android Enterprise dedicated devices
- Devices enrolled with a device enrollment manager (DEM) account
Not-compliant: The device failed to apply one or more device compliance policy settings. Or, the user hasn't complied with the policies.
Device not synced: The device failed to report its device compliance policy status because one of the following reasons:
Unknown: The device is offline or failed to communicate with Intune or Azure AD for other reasons.
Error: The device failed to communicate with Intune and Azure AD, and received an error message with the reason.