If an installation hasn't gone as planned or if a user reports issues with an app installation, you can investigate problems by going into troubleshooting and support from the endpoint manager admin center homepage. First, select the user to troubleshoot. The troubleshooting home page has four statuses displayed. Assignments tell us which apps and policies have been allocated to the user with the drop-down list enabling us to filter by assignment type.

Here we can see two windows applications that have been assigned to the user. There are no compliance policies assigned, but we have one configuration policy in the form of a trusted certificate. Drilling down into an installed application, we can see basic details like the app's version number, its current install status, and the name of the installation package. Under monitor, you can see the app's installation broken down by the user's devices it's installed on, as well as a user view with the install status broken out.

Back on the home page, the devices section lists the user's devices that have been enrolled or have Intune deployed apps installed. Let's drill into the device to investigate the failure. The device's home page displays the device's properties but doesn't highlight the failure. Everything looks to be in order, with Intune saying the device is compliant. At the top of the page, there are functions for retiring, wiping, deleting, restarting, and scanning the device. I'll go through the left-hand menu to find the failure. Ok, here we go. It's a device compliance policy problem.

As we saw earlier, under assignments, there is no compliance policy assigned, but why does the overview page say the device is compliant, and what does this 65001 (not applicable) status mean? If we go into devices, compliance policies, then compliance policy settings, we see an option that marks devices with no compliance policy as compliant. To me, this is a having your cake and eating it situation. If no compliance policy is assigned, you're defaulting devices to be compliant, yet you are also being told that the device isn't compliant because it doesn't have a policy. But the warning is flagged as not applicable because of a setting that says to make devices with no compliance policy compliant.