While using super cool Intune Standalone recently, I had some head-scratching for a while over settings still being applied to enrolled devices when they shouldn’t be. It didn’t take long to figure out, and is easily worked around.

Let’s look at the default properties of an iOS device compliance policy:

The System Security setting is not being applied, and note that the greyed out properties are all defaults.

If you assign this to a group you’ll get the desired behaviour.

Here’s the same, but with System Security enabled and the properties configured:

Again assign this to a group and you’ll get the desired behaviour.

Now if you toggle System Security to Not configured, and leave the properties non-defaulted, the properties will still be applied:

It is easy to work around the issue by toggling back to Require then defaulting all the properties and finally setting it back to Not configured before you save it:

I believe this applies to the entire UI when it comes to enabling\disabling settings.

The Intune peeps in Redmond are aware and on it, a fix is coming asap.

It was already found and reported by another EM MPV Oliver Kieselbach but I didn’t notice, much kudos Oliver!

In the meantime follow the advice above and you can easily work around this temporary glitch.