To mark a trusted user's device as compliant, ensure it is enrolled in your organization's tenant. If the device is already enrolled, verify its compliance status and take further actions to mark the device as compliant.

If it is not enrolled, instruct the user to register it using one of the methods below.

• Enroll a device in Microsoft Intune using account settings

• Register a device using the company portal

Enroll the Device in Microsoft Intune Using Account Settings

Registering the device in Intune allows the admin to mark the device as compliant and enables users to pass the Conditional Access policy successfully. Follow the steps below to enroll Windows 10 devices (version 1511 and earlier) in MDM.

• Open Settings, select Accounts, and click Access work or school.

• Select Connect, then enter your email address and select Next.

• Enter your password and select Sign in.

• It may take some time for your device to enroll in Microsoft MDM. If it doesn’t connect after a while, click Info and select Sync.

Register a Device Using the Company Portal

The Intune Company Portal in Microsoft 365 is a centralized platform that allows users to securely access organizational resources, apps, and services while also managing their device compliance and security settings.

Use the following steps to register Windows 10 (version 1607 and later) and 11 in Intune.

• Install and open the Company Portal app from the Microsoft Store.

• Sign in to the Company Portal website using your account.

• Navigate to the Home screen and click Next under Set up your device.

• Click Connect and sign in with your account again.

• After signing in successfully, hit Next at the bottom of the page and click Done.

Note

If you're having trouble accessing work or school settings, try syncing your device. 

• For Windows 1607 & later and Windows 11, go to the Company Portal app » Settings » Sync.

• For Windows 1511 & earlier, go to Settings » Accounts » [Your account] » Info » Sync.

Once a device is enrolled, administrators must ensure it is recognized as compliant within the organization. Compliance policies in Microsoft Intune define the rules and conditions that determine the compliance status of a device. A device is considered as compliant only if it meets all the conditions specified in the assigned policies.

Follow the steps below to verify and configure the compliance status of the device.

• Find the compliance status of the device in Microsoft Intune

• Identify and configure the compliance policies assigned to a device

Find the Compliance Status of the Device in Microsoft Intune

• Sign in to the Microsoft Intune admin center and navigate to Devices » All devices.

• Here, all the enrolled devices will be listed. Locate the device and check its compliance status under the Compliance column.

• If the status is Compliant, the device meets all assigned policy requirements and should pass Conditional Access (CA) policies.

• If the status is Not Compliant, proceed to the next step to investigate and resolve the issue.

Identify and Configure the Compliance Policies Assigned to a Device

• Navigate to Compliance policies under Devices in the Intune admin center.

• Click Add filters, select Platform or OS, and choose the device’s platform.

• Click Apply to filter policies specific to the selected platform.

• Select the relevant policy and go to the Properties tab to review compliance requirements.

Check for any unmet conditions that may prevent the device from being marked as compliant. If any issues are found, make the necessary adjustments, such as updating the compliance policy or adjusting the device configurations to meet all specified requirements.

Once all conditions are met, the device will automatically be marked as compliant. After marking the device as compliant, you can ask the user to try sign-in again using that device.