Event banner
Event details
Underrated question. Intune is *horrifyingly* slow to apply changes to endpoints. Very scary to think about when you have a security incident and need to make a response.
GPO is incredibly predictable - next reboot or gpupdate sync (with LOS to AD) and changes are nearly guaranteed.
Jason_Sandys
Microsoft
MicrosoftThere are a lot of mitigating factors here. I suggest you bring in a knowledgeable Intune person to help with this or open a support case as this is not the expectation. All changes should apply targeted managed endpoints within 8 hours but in general, changes are pushed out as soon as they are made in the admin console. On Windows, this requires that WNS is open and can communicate with the endpoints; we often find that enterprise environments do not allow WNS and thus the endpoints must wait the full 8 hours. As for GPO reliability, that's great if your systems are on-prem, but that's rarely the case in today's world and also, GPO provides no reporting, so while you may expect this, I find more often than not, most orgs have varying levels of GPO delivery failures for a variety of reasons.
- Thanks Jason...do you have a learn-article what to check if WNS is allowed or not (GPO? FW?) thanks
- Jason_SandysI don't have any references off-hand. I don't believe that there are any built-in policies for WNS but we have seen orgs disable the service. Here's a doc on configuring firewalls for allowing WNS: https://learn.microsoft.com/en-us/windows/apps/design/shell/tiles-and-notifications/firewall-allowlist-config
