Intune Policy Troubleshooting

Hello my fellow Nerdio community,

If you're managing devices with Microsoft Intune, you've probably run into issues with policies and profiles not working as expected. It can be a real headache, but don't worry—I'm here to help you troubleshoot some common problems!

Use the Built-In Troubleshoot Pane

The first stop for troubleshooting is the built-in troubleshoot feature in Intune. Here's how you can use it:

1. Go to the Troubleshooting Pane:

  • In the Intune admin center, go to Troubleshooting + support > Troubleshoot.

2. Select the User:

  • Choose the user having an issue and check if the Intune license shows a green check mark. If it doesn’t, you might need to assign licenses or add users to Intune.

3 Check the Device:

  • Under Devices, find the device with the issue. Make sure it shows as Managed (MDM or EAS/MDM) and is Microsoft Entra joined (Workplace or AzureAD).

  • If the device isn’t enrolled or not compliant, it won't get your policies. Unenroll and re-enroll the device if needed.

 Key Checks for Device Compliance

  •  Intune Compliant: Should be Yes. If not, check for compliance policy issues or network connectivity.
  •  Last Check-In: Should be recent. Devices check in every 8 hours. If it’s been more than 24 hours, there may be a problem.

Force Check-In

  • Android: Open the Company Portal app > Devices > Choose the device > Check Device Settings.
  •  iOS/iPadOS: Open the Company Portal app > Devices > Choose the device > Check Settings.
  • Windows: Go to Settings > Accounts > Access Work or School > Select the account or MDM enrollment > Info > Sync.

Reviewing Policy States

  • Not Applicable: The policy doesn’t apply to the device's platform.
  • Conflict: There’s an existing setting on the device that Intune can't override, or you have two policies with conflicting settings.
  •  Pending: The device hasn’t checked in to get the policy yet.

Confirm Configuration Profile Application

  • Sign in to the Intune admin center and go to Devices > All devices > select the device > Device configuration.
  • Check the status of each profile. Possible statuses include:
  • Conforms: The device has received the profile and conforms to the settings.
  • Not Applicable: The profile setting doesn’t apply to the device’s platform.
  • Pending: The profile is sent but not yet reported to Intune.

Common Issues

  • Saving of Access Rules to Exchange has Failed:
  • This happens if you're using policies for on-premises Exchange with Microsoft 365. Delete the legacy rules and create new policies for Microsoft 365.
  • Can't Change Security Policies:
  • Sometimes Windows 10 devices won’t remove security policies. You might need to reset the policies or re-enroll the device.

Final Tips

  • Check Tenant Status: Ensure your subscription is active and check for any service advisories.
  • Test Changes Gradually: Before making widespread changes, test them on a small group of devices.

I hope these tips help you troubleshoot Intune policies and profiles more effectively. Got any other tips or experiences?  Drop them in the comments below! Let’s help each other out and make Intune management easier for everyone.

Author: Rolando Jimenez
Feel free to share your thoughts and tips in the comments!


Comments (0 comments)

Please sign in to leave a comment.