How to Manually Sync Intune Policies ASAP Time Intervals from Enrolled Devices Endpoint Manager? There are two scenarios where we need to sync the Intune policies as soon as possible from end-user devices. One scenario is when you have to test the policy changes on the test devices ASAP.
The second scenario is when you need to troubleshoot an issue on a user’s device. What is the default sync time for devices? Different platforms have different default sync timings (policy refresh timings).
I have added additional manual Intune policy sync options to cater to some of the new scenarios here in this post. For example, initiate quick manual sync from the Company Portal app on Windows 10 and Windows 11 PCs.
Time Interval Manually Sync Intune Policies ASAP
So, policy refresh intervals for Devices managed by Microsoft Intune are hardcoded. Following are the default Intune policy refresh intervals:-
- iOS and Mac OS X: Every 6 hours.
- Android: Every 8 hours.
- Windows Phone: Every 8 hours.
- Windows 8.1 and Windows 10 PCs enrolled as devices: Every 8 hours.
- Intune management extension (IME) policy Cycle is every 60 minutes similar to SCCM default policy settings.
When the devices have just enrolled, the Intune policy check-in frequency will be more frequent more details are as follows:-
- iOS and Mac OS X: Every 15 minutes for 6 hours, and then every 6 hours.
- Android: Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours.
- Windows Phone: Every 5 minutes for 15 minutes, then every 15 minutes for 2 hours.
- Windows PCs enrolled as devices: Every 3 minutes for 30 minutes.
In the scenarios explained above, the user can’t wait for the default policy refresh cycle. In some scenarios, the user doesn’t need to wait for the default refresh time intervals rather Intune will immediately notify the devices to sync ASAP. Those scenarios are wipe, lock, passcode reset, new app deployment, new profile deployment (Wi-Fi, VPN, email, etc.), or new policy deployment.
Windows Devices – How to Manually Sync to refresh Intune Policies
Different device platforms have different options to manually initiate a sync with Intune. For Windows devices, there are two options to immediately sync the device or user Intune policies. The first option is to Settings – Accounts – Access work or school – Work or School Account – Info – Sync.
Right-click on the company portal taskbar icon – Sync this device -> Sync this device to get access to corporate resources faster
The second option is to open the following URL “http://portal.manage.microsoft.com/” and sign in with the corporate user name and password (in case SSO is not working for the enrolled device). Select the device to which you have logged in from the device list (if the user has more than one device).
Once you are there then, click on the compliance check link and wait for it to complete. If your Windows 10 device has Intune company portal installed then, you can use the following method to immediately initiate the Intune policy sync.
iOS/Android Devices – How to manually sync to refresh Intune policies
iOS and Android devices come to Intune management via an application called Intune company portal. Hence, Intune company portal app is the place where you can go and check for changed Intune policies. This will help users to get the updated policies immediately applied to the device.
Open the company portal app and go to my devices – click on the Android or iOS device which you are using, and click on the check compliance link. This will initiate new policy sync with Intune and intern check the compliance of the iOS or Android device.
Author
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about technologies like ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.…
This was just what I was looking for, thanks. I subsequently found the official documentation too https://docs.microsoft.com/en-gb/intune-classic/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies
Thank you Thom!
Hi
How can I redeploy the same profile on the device.
I found that when profile (for example with widnows defender setting) first time is appled to machine, some process create registry key HKLM\Software\Policys\Microsoft\Windows Defender\Policy Manager and values accroding to the settings confiured on the portal.
But when I delete this values this process not create again this values during next sync.
It is look like profile have some flag to Apply only one time .
Is possible to profile reapply on every sync process and recreate this values on the registry?
This is known fact. This is the way MDM policies work. This is why we can control the user rights…. don’t provide user to remove registry keys 😉 Sorry I don’t know any other way to re-enforce Intune policies to machines.
Thanks for your quick replay
Hi Anoop,
How does it work with MAM?
For example, on iPhone, they have Microsoft authenticator which “pass” the policy through it
you don’t have to use Intune company portal app.
there is a way to enforce sync without the Intune company portal?
Sort of, according to Microsoft’s official documentation you need the company portal app installed anyway for MAM. You don’t need to enroll just have it installed and the user logged in.
Forcing a sync for MAM is nearly impossible, it’s just a case of waiting 🙁
It depends on which OS. For Android MAM yes, you just need to install company portal app and NO NEED Configure it. For iOS, you need to have Microsoft Authenticator application to felicitate MAM functionality !
Is there a way to do this on a shared iPad, which cannot use the company portal app?
Hey Anoop, is there a way to sync from command line or Powershell yet?
Good point – I don’t know the answer but you will get some clue if you look at some of the scheduled tasks available in the Windows 10/11 devices that are enrolled in Intune.
There are some scheduled tasks …not the ones that are listed in the post but the ones available in Windows default ST location https://www.anoopcnair.com/intune-management-extension-health-evaluation/
and what to do, if sync just takes ages?
No matter which way I use, it takes ages to finish sync. Even when I “wipe” the device, it happens frequently, that absolutely nothing happens for hours. I even used “reset” in company portal on the device I want to reset and still had to reboot three times before it actually did the reset.
And in the end, wiping the whole device even if it doesn’t start reliably is still the “fastest” way to actually have it syncing.
I can’t use autopilot to end users, as it takes literally DAYS until the configuration is as desired.
Andreas – I think it remains forever even though it completes in a minute or two. It just isn’t updating the GUI.
If you navigate off and go back you will see the ‘last sync’ time update
No, it does not.
What he is saying is the machine does not get the command.
We have seen the same thing from time to time. I can sit and watch a machine for hours waiting for it to get a wipe command or similar and to restart and start wipeing. But nothing happens.
You will have to force the management extension to refresh several times and then it will get the command and notify you it will restart in 60 sec or whatever