Forum Discussion
Force settings on Dedicated devices during enrollment
Hello all, I'm trying to deploy a Dedicated device profile in Microsoft Intune, I created the configuration profiles and the compliance policy with some settings, in specific about PIN creation an...
Hey LFagni
Thanks for reaching out and for the insights you provided. I'll do some research and let you know what I find. I'll also pass on this information to my colleagues to see if they have any input.
Your explanation has been really helpful, and I appreciate it. I dont think I have come across this one before.
Thanks again!
Reece
Hi ReeceK , do you have any update on this topic?
I wonder how this is failing for the Dedicated Device profile only.
Thanks
/Lucio
Isn't the compliance police exactly doing that?
If a pin is not set the device is highlighted as uncomliant until a pin is set.On dedicated devices (i think you mean COBO?) you can set the pin via the MDM while on a COPE or BYOD you can force a security password policy which the user has to fulfill in complexitiy and so on. And both take part only after they have been enrolled to the MDM as the settings are rolled out only then.
Hi Moombas , thanks for your reply.
This is exactly my question, compliance policies are really similar, but on the other enrollment profile the user is asked to create a passcode during the device setup, this not happen only for the Dedicated Device ones.
As example, I just made some fresh test and an S22 configured as Corporate Device with Work Profile on GZT ask to create a passcode after device registration:For the Dedicated Device this is not happening at all if I use the Token QR from Intune, and I'm just asked to create one if the profile is assigned from GZT, but as example my policy set a minimum lenght of six chars and other settings, that are just ignored in this phase (now I just tried with a Pixel 8Pro)
The device at the end is just not compliant, but the error is not self-explanatory and might create confusion.how are you applying policies to dedicated devices?
Since dedicated devices do not always ask for user credentials during enrollment, you are unable to assign policies to a user since they will probably not work.
If you assigned the policies to a dynamic group, Intune needs time to get the newly enrolled devices into that dynamic group. It can take up to an hour in some cases. You will see that it will ask for a password ones it has recieved a policy that configured that.
A work around for this is using device filters, as en example: Apply policy to all devices with an included filter capturing all devices enrolled via a specified enrollment profile (the one from your QR code for example).
