![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 16%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELW%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 87%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPI%3C/text%3E%3C/svg%3E)
Hello Liam Woollery,
This could be expected because compliance policy checks and reports but doesn't enforce. It might have worked during enrollment when configured along with conditional access with the option "Require Device to be marked compliant".
To achieve your requirement, configure a Device Restriction Configuration Policy that will enforce and prompt to set/reset the password accordingly.
Refer to: Restrict devices features using policy in Microsoft Intune | Microsoft Learn
Android configuration list for Intune settings catalog | Microsoft Learn
Please note this setting only works for fully managed, dedicated, and corporate-owned work profile devices.
Hope that helps!
If you found the information above helpful, please Click Yes. This will assist others in the community who encounter a similar issue, enabling them to quickly find the solution and benefit from the guidance provided.