Forum Discussion
Device restrictions conflict
Hi again.
I'm not sure if Microsoft have done any changes since yesterday evening (12 hours ago) but now my clients starts to get the status "Compliant devices" instead of "Conflict"
The change that might have fixed this.
This morning I've changed the bitlocking encryption from xts-aes 256 to xts-aes 128 due to that no device got encrypted with xts-aes 265 and was categorized as "Devices with errors".I checked cmd with the command "manage-bde -status" and it revealed that all devices was encrypted with xts-aes 128. After the change I get the status "Succeeded" one device after another. The devices that got the new status also got released from "In conflict" for 'Time to perform a daily quick scan" and is now compliant.
Hope that this can help anyone out there with the troubleshooting to solve the problem.
Markus Degerlund
Mercuri International Group
- Feb 06, 2020
Hey Degerlunden,
The problem was mitigated in the meantime. I guess your tenant has all relevant updates and start to behave correct again. See Twitter post from the Intune PG:
From Twitter:Today we fixed an issue with two Defender AV settings reporting Conflict or Error in the #MSIntune / #MEM console. Thanks for those who reached out to report the bug. Happy to say it's fixed & devices should return to green on their next check-in.
The two settings affected were 'Type of system scan to perform' and 'Time to perform a daily quick scan', found in the WDAV section of our Device Restriction profile.
best,
Oliver
- RonaldvdMeerFeb 06, 2020Iron Contributor
- DegerlundenFeb 06, 2020Brass Contributor
Glad to hear that you got the solution last week while I still had my clients as "In conflict" until a couple hours ago. Maybe the bitlocker error blocked the devices somehow, who knows.
- SinceVanillaFeb 06, 2020Copper Contributor
Most devices in our environment no longer show this conflict, However we have ~20% which have checked in several times since the change, which are still showing the conflict. Our case remains open with Microsoft.
Our Configurations are Device targeted, it seems in our case the "System Account" is still showing in conflict for these devices.