Intune built-in Device Compliance Policy marks devices with no compliance policy assigned as 'Not compliant'.
Why This Matters
When devices without an assigned compliance policy are not automatically marked as noncompliant, administrators may overlook unmanaged or misconfigured endpoints. This creates a security gap where unmonitored devices could access corporate resources without meeting security requirements. Ensuring the built-in compliance policy flagging is enabled provides a baseline for device trust and reduces the risk of unauthorized access.
What Aether365 Checks
This validation verifies that the Intune built-in Device Compliance Policy is configured to automatically mark devices with no assigned compliance policy as "Not compliant." It appears in the Aether365 dashboard under intune checks as a Medium severity finding.