Forum Discussion

OhhAhh's avatar
OhhAhh
Copper Contributor
Sep 20, 2023

Configuration profile status not updating when profile removed

I have created a configuration profile which sets 3 user settings.

This was deployed to a group of users.  I can see the settings were applied successfully when I look at the profile Assignment Status in the Overview pane of the profile.

I want to remove the settings now and apply them to a different group of users (a subset of the original group).  If I remove the original group from the deployment I can see on some machines that the settings have been removed (by physically connecting to the machines and viewing that the settings have gone from the registry) however the status page is still showing as successful.

Should this change, and if not, how can I work out if the settings have actually been removed from the devices ?  

 

Thanks

 

  • Hi OhhAhh,

    There are a few things to keep in mind about configuration profile status updates in Intune:

    • Configuration profile status updates are not real-time. It may take some time for Intune to update the status of a profile after it has been deployed or removed.
    • Configuration profile status updates are not always accurate. There are some cases where the status of a profile may not be correctly reflected in the Intune console.

    If you are concerned about whether or not a configuration profile has been successfully removed from a device, you can verify the device's settings manually. 

    You can also use the Intune PowerShell module to get more detailed information about the status of a configuration profile on a device. For example, you can use the following command to get a list of all the configuration profiles that are applied to a device:

     

    Get-IntuneManagedDevice -DeviceId <device ID> | Get-IntuneManagedDeviceConfigurationProfile

     

     

    This command will return a list of all the configuration profiles that are applied to the device, along with their status.


    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic

  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor

    Hi OhhAhh,

    There are a few things to keep in mind about configuration profile status updates in Intune:

    • Configuration profile status updates are not real-time. It may take some time for Intune to update the status of a profile after it has been deployed or removed.
    • Configuration profile status updates are not always accurate. There are some cases where the status of a profile may not be correctly reflected in the Intune console.

    If you are concerned about whether or not a configuration profile has been successfully removed from a device, you can verify the device's settings manually. 

    You can also use the Intune PowerShell module to get more detailed information about the status of a configuration profile on a device. For example, you can use the following command to get a list of all the configuration profiles that are applied to a device:

     

    Get-IntuneManagedDevice -DeviceId <device ID> | Get-IntuneManagedDeviceConfigurationProfile

     

     

    This command will return a list of all the configuration profiles that are applied to the device, along with their status.


    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic

    • khess13's avatar
      khess13
      Copper Contributor

      LeonPavesic 

      Leon the command you provided is exactly what I need but it does not work? What am I missing? Connecting to MS Graph and trying your command. Get-IntuneManagedDevice does not like "-DeviceID". Okay, so it likes just "id". Also, "Get-IntuneManagedDeviceConfigurationProfile" is not valid either. What it appears to be is "Get-IntuneDeviceConfigurationPolicy". However, you cannot pipe that into Get-IntuneManagedDevice.

       

      Get-IntuneManagedDevice | Where-Object {$_.id -eq 'id of device'} | Get-IntuneDeviceConfigurationPolicy

      I'm still trying to find work the powershell command to return all devices attached to a configuration profile but I'm hitting a wall here.

       

      Thanks!

Resources