The Graph API and Intune portal(s) give insight into device compliance status, but what about a local equivalent? How can we locally detect from e.g. a script on a Windows 10 laptop if the device is compliant or not?
I couldn’t find any documentation, WMI properties or registry keys, but I did find that the Company Portal shows the compliance status and caches this in a file. So, although it isn’t pretty, I’ve settled for this method for now and created a UserVoice item requesting a local W10 API/regkey/WMI property to query Intune compliance status of the device.
((get-content -Path (Get-Childitem –Path (Join-Path $env:LOCALAPPDATA `
-ChildPath "Packages\Microsoft.CompanyPortal_8wekyb3d8bbwe\TempState\ApplicationCache") `
-Include *.tmp* -File -Recurse | sort-object -Descending -Property lastWritetime)[0] | convertfrom-json).data | convertfrom-json).ComplianceState
Hi!
Building a remediation script that helps users getting their devices compliant after enrollment, and needed a way of checking that the device is not compliant (locally). I’ve searched and searched, and yet I only find this 3 year old post, nothing new seems to have come from Microsoft.
Your solution works, most of the time, but I do have a few issues:
Have you found any alternative way of checking this? Of have any recommendations for what I can do?
Thank you!
Hi Jos! Thanks for this message. Are you sure this script is working correctly? When I run it locally, it mentions my device is non-compliant, but when checking the company portal and intune portal, my device is compliant. In reality, the device is fully compliant with the policies that I set, but this script mentions otherwise :/