Fix: Device Compliance Policy Error Code 0xfde9

Use the built-in troubleshooter to check for policy errors

Reading time icon 4 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • If a device is not compliant in Intune, it cannot access any of the corporate resources. 
  • This does not mean that your device is locked out permanently. You can deploy a policy to remediate the issue.

Microsoft Intune provides robust features to help you manage your devices, including built-in compliance policies. Before you customize these policies, you can use the default policies to ensure that your company’s devices follow security and privacy requirements.

You may, however, run into a device compliance policy error code 0xfde9. This error occurs when you send a device compliance report in Intune, which returns a compliant status even though a compliance policy has not been set.

Let’s have a closer look at how to address this issue.

What happens if a device is not compliant with Intune?

If a user’s devices are not compliant, they will be unable to log into Office 365 services. This is an important aspect to consider when planning your compliance policies and procedures. 

So, what is a compliance policy in Intune? In Intune, the compliance policies can be configured for a group of devices. These policies help ensure that devices and apps in your organization are configured to meet the set requirements. 

You can choose from a predefined set of compliance policies or create your own. A device is compliant if it meets the policy requirements and non-compliant if it does not. When a device is non-compliant, it is subject to action from the administrator.

A non-compliant state can occur for a variety of reasons:

  • Minimum requirements – This is when the device doesn’t meet the requirements defined in your organization’s policy.
  • User compliance – If users who have enrolled their devices in Intune have not installed the required apps or made required changes to their device configuration, their devices may be non-compliant.
  • Network issues – If firewall restrictions or devices cannot connect to a network due to other networking issues, they may also be labeled non-compliant.

Other situations where a device may become non-compliant include:

  • The user may have uninstalled Intune and removed the previous management state from the device.
  • It’s possible that the user may have chosen to switch to another MDM system but did not complete all of the steps required before removing Intune from their device.

How do I change the default device compliance policy in Intune?

Before any advanced troubleshooting, check off the following:

1. Use the built-in troubleshooter

  1. Log in to the Microsoft Endpoint Manager admin center, and select the Troubleshooting + support option.
  2. A list of users will appear. Select the one having compliance issues.
  3. Confirm that your Intune license is active with a green checkmark.
  4. Navigate to Devices and click on the one experiencing issues.
  5. Examine the compliance status of the device and check for any possible errors.

2. Create a new policy

  1. Sign in to Microsoft Intune admin center.
  2. Click on Endpoint Security, then select Device compliance.
  3. Next, click on Compliance policy settings.
  4. You can now proceed to mark devices as compliant or non-compliant.

When you create a policy, Intune creates an enforcement profile that contains settings that apply to your organization’s devices. 

The profile specifies what needs to happen on each device that runs the policy, including whether it must install apps and software updates or contact Microsoft for more information. 

This policy can be deployed to devices that are already non-compliant or may become non-compliant. You can also use policies to prevent devices from becoming non-compliant.

If you’re still experiencing issues and the error 0xfde9 is persistent, you can try resetting the non-compliant device. This will erase any prior configurations that may be causing issues.

You may also encounter another similar Intune policy error 0x87d101f4, so be sure to check out our detailed article on navigating such issues.

Let us know what solution has been able to fix this error for you in the comment section below.