431 votesAlex Fields commented
There would be multiple ways to address the shared computer problem with device compliance. For example, we don't necessarily need to measure compliance against shared computers. We just want Conditional access. Therefore, why not add an access control called "Require device to be enrolled" that would allow us to implement conditional access without requiring compliance? That would allow us to have every Windows 10 device with access to resources enrolled to Intune, so that we could have leverage over the device.
Otherwise why not just stop evaluating every single user for compliance, and instead measure the active/most recent user session only? Or just target the device and not the user with compliance.
It is just not possible today to implement Conditional access for Windows 10 in like 90% of the environments out there. Please fix this in any of those ways.
63 votesAlex Fields commented
This is crazy to me that we haven't seen any movement on it. Let's get this working! It makes implementing conditional access impossible in any environment where machines are shared--think rotating shifts, conference room PC's, even situations where a user departs and the machine is re-assigned. How is Intune so dumb that it cannot ignore inactive users? Just evaluate compliance for the current logged in user, or make it targeted at the device only, and not the user. Whatever produces a more stable experience.
18 votesAlex Fields shared this idea ·