Subsequent drift awareness (Answered)

We appreciate your feature request—community input is essential to our ongoing development.

Next steps:
     • We will review your suggestion and update its status during the evaluation process.
     • If further clarification is needed, we'll contact you via comments.

We also encourage others to contribute through feedback and voting.

It’s unfortunate that this feature has not yet been implemented. At the moment, once a drift in an Intune policy is accepted, any subsequent drifts in that same policy are no longer detected. This effectively removes the policy from further monitoring after the first accepted drift.

Drift monitoring is one of the biggest reasons we chose this product, and without this capability it feels inefficient.

For proper drift monitoring in an MSP context, it’s important that policies continue to be evaluated even after a drift has been acknowledged. We need ongoing visibility to ensure that new deviations are surfaced, rather than assuming the policy will remain static once one drift is accepted. This capability is necessary to maintain consistent baseline enforcement across tenants.

I agree - detecting additional drift after accepting drift is critical.

For example:

1. Create an anti-phishing policy and push it out to tenants
2. Add individuals to the anti-impersonation protections (which causes a drift)
3. Accept the drift in Nerdio
4. Disable the anti-impersonation protection

Step 4 should absolutely trigger a drift alert. It's a completely different field when you pull the anti-phish policy, so why wouldn't you monitor for that?

I queried Nerdio on this matter, and their response was this is “expected behavior.” Ummm… Clearly not!

This should be detected. Otherwise, what's the point?