Well, i mixed up "version" and "short version", as version is 43487 in both cases and the "short version" missing on the problematic iPhone is 4.7.2...
As an addon - on the respective iPhone i get no Short Version at all, not from a single app...
McAfee® Enterprise Mobility Management 10.1
Product Guide - Page 22
About device compliance
Device compliance is determined based on the following predefined parameters.
A device is considered compliant if the following is true:
•The device has the current version of the McAfee EMM software installed.
•The device has the current security policy installed.
•The iOS device has the correct device certificate that was issued during provisioning.
A device is considered noncompliant if one or more of the following is true:
•The device does not contain the McAfee EMM software.
•The security policy has been updated and the device does not yet have the new policy.
•The device has not checked in since the software or security policy was last updated.
•The device has been hard-reset because of a company policy, and the device no longer contains the
McAfee EMM software.
•The device has been jailbroken (iOS) or rooted (Android).
thanks! I did suspect RTFM was the solution, but somehow i missed that page :-(
"The security policy has been updated and the device does not yet have the new policy." was the reason. Which happened due to the pending tasks...
Re-provisioning alone didn't solve the issue, only deleting and reinstalling the EMM Agent, and then re-provisioning it the iPhone worked again as "compliant"... :-(
So, the recommended approach worked, but i didn't find out _why_ the "Pending operations" ran up, even while the iPhone could connect, could be disconnected and connected again...
So, thanks again!