iOS Device Compliance - Device is not marked as compliant

jonn1e
New Contributor III

Hi,

I registered a few devices via Self Service and the Device Compliance to our Azure AD. The registration process is fine and the devices show up after 2-3 min in Azure, but it takes many hours or a day that the device is marked as compliant? There is just "N/A". As long as the status isn't marked as compliant the user can't access apps which are restricted to company devices that must be compliant.

Does somebody have the same issues? I think it is not related to AzureAD because Jamf checks the compliance criteria by itself and send it to AAD. The devices are listed in the Smart Group with the compliance criteria's.

Best regards, Jonny
f49083adfdd24d84a9ade60297f655d6

Update: As you can see in the following image, the device was not updated until the next day. The screenshot is from the AAD Audit Log. 3e8ad160844a410697931fb8e464c17f

First the device is marked as "managed" and on the next day as "compliant". eb56a3b6b8634159808c5b1d3c4c505d

87ea4fc89c8f49aabc48d51e7bb7930d

7 REPLIES 7

jonn1e
New Contributor III

push

Cayde-6
Valued Contributor

I've not seen that on my tests, I believe I've heard from Jamf colleagues that compliance is re-assessed after a device unlock or the daily inventory update

jonn1e
New Contributor III

Hey, Thanks for your reply. Yes, if I registered my own Device it was marked as compliant within minutes in AAD. So I'm wondering why this is happening now.
This workflow would be pretty "inelegant" if we tell new colleagues that they have to wait hours or a day after registration to use their new IPhones. The IPhones were in use after registration.

Any ideas how to trigger the compliance update or maybe a workaround?

Cayde-6
Valued Contributor

@jonn1e

I cannot remember where I read about it however there are 2 events that trigger a device compliance check

1). After each device unlock (IE from a locked screen to unlock and access to the homescreen)
2). After the daily inventory scan

jonn1e
New Contributor III

Hm so it seems like a bug? At least for 1). Today we registered a few more devices and none of them getting marked as compliant and they are in use which means they will get unlocked many times a day. Maybe I should raise a support ticket.

petew
New Contributor

Has anyone found a solution to this as I'm having a similar issue.

jonn1e
New Contributor III

I'm still investigating with Jamf Support. Will give you an update as soon as possible.