migration-from-3rd-party-mdm-to-intune-–-compliance-partnership-issues

Migration from 3rd party MDM to Intune – Compliance Partnership issues

Hello Community,

we are currently in the situation, that smartphones are managed via a 3rd party device management system, which is connected via Partner Compliance Management to Intune.

 

We are in the process of migrating MDM from the 3rd party system to Intune. Users unenroll their devices (removal of the Management Profile and App), install the company portal and enroll into Intune.

This works so far, but suddenly after some time we started having issues that the smartphones that got migrated switch into a not compliant and not managed state, but in Entra ID only. In Intune they are still compliant. This happened to devices that have been enrolled to Intune since several months, as well as devices that have been enrolled only a few weeks. Also not all at the same time, first 1, then 2, then suddenly 10ish a few days later…

 

In the Entra ID device audit log we can see, that “Microsoft Intune” executed a “Device no longer managed” activity on the device. But it seems as the the Activity is always listed as Intune, no matter if its really initiated by Intune or via the Compliance Partnership in Intune. We cannot find any logfile that let’s us nail it down to if this really triggered by the 3rd party mdm via the compliance partner interface, or maybe some weird hidden Intune Cleanup job, that sets this if devices are no longer synced from the partner management.

 

As a workaround, we currently assign a Compliance Policy that is impossible to fulfill by the device, wait until the device also turns not compliant in Intune, then unassign the policy again. When the device now turns compliant in Intune again, it also synchronizes the status to Entra ID again and the Device Object in Entra is back in a compliant and managed state.

 

Do you have any suggestions for that case?

 

One idea was, to delete the Entra ID Objekt and have a new object created when the user enrolls his device to Intune again, but that would cause a lot more efforts in the rollout. (Currently the Entra ID Device Object stays the same).

 

Thank you

 

Similar Posts