Fix Intune Policy Conflict using Policy Health Workflow

Exciting News! You can Fix Intune Policy Conflict using Policy Health Workflow. Microsoft Intune’s recent update changed many features for device management, making it an important place to maintain device management health. The new update of device management will help the user simplify the Intune policy conflicts.

An IT admin must know how to fix policy conflicts; it’s essential for work productivity. Policy Health Workflow is the best method for fixing policy conflicts. This option will help the admin resolve the conflicts easily to identify and fix them.

Do you know how a conflict happens? When 2 policies are in the tenant, they update the same setting differently when the conflict occurs. The policies must be set up correctly so the updates can be assigned successfully.

Windows Autopatch is the best option for deploying Intune policies for enrollment tenants. It will monitor the Microsoft Intune policies. In this blog post, we can discuss how to fix Intune policy conflicts through Policy Health Workflow.

Patch My PC
Fix Intune Policy Conflict using Policy Health Workflow - Fig.1
Fix Intune Policy Conflict using Policy Health Workflow – Fig.1

Fix Intune Policy Conflict using Policy Health Workflow

In the above, I mention that Windows autopatch can monitor when policy conflicts happen in the tenant. The critical fact is that the admin can review the policies and settings and fix the conflict manually. This is the best feature to identify the conflicts so the admin can view the below features

  • A list of all Autopatch policies that conflict with other device policies in the tenant
  • Admin can view the summary of conflicting policies, affected devices and open alerts
  • The admin can view affected devices.
  • Admin can take action over the conflicts so the expected policy can be assigned successfully on the device

See More: Fix Windows Autopatch is Inactive Error

Adaptiva
Fix Intune Policy Conflict using Policy Health Workflow- Fig.2 Creds to MS
Fix Intune Policy Conflict using Policy Health Workflow- Fig.2 Creds to MS

How Resolve Policy Conflict Works

Resolving a conflict policy is very important when a device reports a conflict policy. Autopatch policies are assigned to autopatch groups. When the conflict is solved, it does not have any effect on the device until the next Intune Sync.

Note! – After the conflict is fixed, the view will be refreshed every 24 hours, and it might take up to 72 hours for the view to be updated.

  • This view only shows the policy conflict between Microsoft Intune policies.
  • In this view, it does not show the cause of the configuration

View of Policy Conflict

Windows autopatch policies manage Windows autopatch groups and devices. When expected, policies can’t be deployed for one or more devices. Why does it happen? When 2 policies ( Expected policy and policy from Intune) are assigned for a device in the autopatch group. The 2 policies are giving equivalent settings in another policy, which will create conflict in policies.

  • When the Expected policy conflicts with multiple Intune policies, each conflict is displayed on separate lines in the Policy conflict view.
  • Sign in to the Intune admin center
  • Navigate to Devices > Windows Autopatch > Policy health
  • In the Policy conflicts, the list of expected policies and conflicting policies are to be displayed.
  • Select View alert and review the details of the Recommended action and alert details.

Note: This option is now in Preview

Fix Intune Policy Conflict using Policy Health Workflow - Fig.3
Fix Intune Policy Conflict using Policy Health Workflow – Fig.3

Policy Conflict Alerts

Above, I mentioned that when conflicts are created on a device, alerts are raised. When an alert is raised, the admin has to take action against the conflicts and fix them based on the information. The following table will show the alerts in this flyout.

AlertInfo
Expected Policy
The Windows Autopatch policy is assigned to the Windows Autopatch group, and the service expects it to be assigned.
Expected Microsoft Entra GroupThe device is a member of the Windows Autopatch group to which the service assigned the policy.
Conflicting Policy
Other policies on the tenant are configuring the same settings and with different values. This policy is also targeted to the same devices, which is causing the policy state to report a conflict.
Conflicting Microsoft Entra Group
The device is also a member of this Microsoft Entra group that the conflicting policy is assigned to.
Affected devices
Number of devices reporting the policy conflict. This check is only performed on devices where the last sync is within 28 days.
Conflicting settings
Includes the specific setting values causing the conflict.
Fix Intune Policy Conflict using Policy Health Workflow – Table.1

Affect Device View

The Affected Devices view shows a list of devices that have policy conflicts with the Expected policy. When a conflict is created, one reason should be that devices belong to multiple groups, each with different policies. Affected devices only include devices that have a successful Intune sync status in the last 28 days.

To view affected devices, follow the steps

  • Sign in to the Microsoft Intune Admin Center
  • Navigate to Windows Autopatch > Policy health > Affected devices tab.
  • Select View alert to see the alert details.
Fix Intune Policy Conflict using Policy Health Workflow - Fig.4 Creds to MS
Fix Intune Policy Conflict using Policy Health Workflow – Fig.4 Creds to MS

Details of Alert for Affected Device

The device reports conflict alerts in multiple policies, and all policies will show as a separate section in the alert. These alerts happen when the device belongs to multiple groups. So, each policy conflicts with the expected Windows Autopatch policy.

OptionsInfo
Export alerts
Use this option in either the Policy Conflicts or Affected Devices tabs. Select Export to export all alert details into a CSV file. The CSV file includes the following information
Device name
Deployment ring
Conflicting policies count
Last check-in
Expected policy name
Expected policy group
Conflicting policy group
Conflicting policy name
Search
You can use the search option to find policies-affected devices. You can search with the Expected policy name or the Conflicting policy name in the search option.
Fix Intune Policy Conflict using Policy Health Workflow – Table.2

Reference

Resolve policy conflicts (public preview)

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here â€“HTMD WhatsApp.

Author

Krishna. R is a computer enthusiast. She loves writing about Windows 11 and Intune-related technologies and sharing her knowledge, quick tips, and tricks about Windows 11 or 10 with the community.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.