Last year Microsoft was planning to mark devices that were not evaluated by a compliance policy as non-compliant. The default behavior is that if a device is not evaluated by a compliance policy that it is being marked as compliant and therefor the user has access to services controlled by Conditional Access in Azure AD, which could be lead to compliance issues.

After feedback from customers Microsoft decided to push back the change so that the current customers would not be impacted. The last release of Microsoft Intune now allows us to configure what Microsoft Intune needs to do when no compliance policy is assigned.

As an Administrator you are now able to choose if a device is automatically marked as compliant or marked as non-compliant when no compliance policy is assigned.

When using Conditional Access in Azure AD (which you should), you are able to block access to Office 365 services or applications on Azure for non-compliant devices. The default option is Non Compliant. So be sure to change it if you do not want your devices to be marked as non-compliant.

New Compliance Settings in Microsoft Intune

In the figure above, you see also a new option called Enhanced jailbreak detection. When enabling this option iOS devices will check in more often to the Microsoft Intune service to evaluate the compliance state of the jailbreak states of the device at least every 72 hours. This option uses the location service of the device, which could impact the battery life of the device.