Forum Discussion

drivesafely's avatar
drivesafely
Brass Contributor
Oct 01, 2024

Issue with Device Control Policy Sync in Intune/MDE

Hello,

We onboarded devices to Microsoft Defender for Endpoint through Intune in a co-management environment, with Endpoint Protection workload shifted to Intune. We configured a Device Control policy, which is blocking installation of USB devices like keyboards and mouse. Despite removing the USB blocking settings, syncing devices via Intune, and rebooting the devices, USB devices were still blocked after several hours.

Running the `Get-MpComputerStatus` command on affected devices showed an outdated `DeviceControlPoliciesLastUpdated` date (year 1601).

Could anyone advise on how long it typically takes for policy changes in Intune/MDE to take effect? Is there a way to manually force policy sync across all devices?

Thanks in advance for your help

Resources