Forum Discussion

shockotechcom's avatar
shockotechcom
Iron Contributor
Nov 26, 2023

Intune Policy Still Showing agianst Device even though Descoped

I have an Intune device configuration that I target at an AzureAD group. I add my Windows 10 devices to this group and after some time the profile applied successfully at these devices. Under each De...
Intune
LeonPavesic's avatar
LeonPavesic
Silver Contributor
Nov 27, 2023

Hi shockotechcom,

Yes, it is expected behavior that the policy remains as applied under DeviceName -> Configuration Profiles -> Profile Name even after the device is removed from the AzureAD group. This is because Intune does not automatically remove security policies when you unassign the policy (stop deployment).

You may need to leave the policy assigned, and then change the security settings back to the default values.

However, if you want to completely remove the policy from the device, you can delete the Windows Device from Azure Active Directory (AAD) and Microsoft Endpoint Manager (MEM) and wait for it to re-sync.

This will clean up any MEM policies and profiles. This practice is often followed before deploying new or redeploying any Windows device.

Azure Active Directory (AAD) and Intune are different systems, so changes in one system may not automatically reflect in the other.

Troubleshoot policies and configuration profiles in Microsoft Intune - Intune | Microsoft Learn

Cleanup Intune profiles and policies - Microsoft Community Hub


Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

  • shockotechcom's avatar
    shockotechcom
    Iron Contributor
    Nov 29, 2023

    LeonPavesic thanks!

     

    You state

     

    Yes, it is expected behavior that the policy remains as applied under DeviceName -> Configuration Profiles -> Profile Name even after the device is removed from the AzureAD group. This is because Intune does not automatically remove security policies when you unassign the policy (stop deployment).

     

    But the settings applied by the policy are no longer being applied at the endpoint.

    • LeonPavesic's avatar
      LeonPavesic
      Silver Contributor
      Dec 04, 2023

      Hi shockotechcom,

      I apologize for any confusion.

      If the policy settings are not taking effect on the endpoint despite removing the device from the AzureAD group and unassigning the policy, it could be due to synchronization delays or an Intune service issue. To address this, try initiating a manual sync on the device and checking the Intune service status for any ongoing problems.



      Please click Mark as Best Response & Like if my post helped you to solve your issue.
      This will help others to find the correct solution easily. It also closes the item.


      If the post was useful in other ways, please consider giving it Like.


      Kindest regards,


      Leon Pavesic
      (LinkedIn)

Resources