cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Support tip: Troubleshooting iOS or Android policies not applying to devices
By
Intune_Support_Team
Published Oct 30 2018 11:39 AM 20.7K Views
Intune_Support_Team
Microsoft
‎Oct 30 2018 11:39 AM

Support tip: Troubleshooting iOS or Android policies not applying to devices

‎Oct 30 2018 11:39 AM

First published on TechNet on Aug 29, 2018
We've seen customers have issues where they deploy an iOS or Android policy to a device, but it doesn’t get applied to the device. This could simply be because the policy is not compatible with the OS version and device type or that the policy is incorrectly targeted to the user or device. Another way you can resolve this is by following the troubleshooting steps we’ve listed below.

In portal.azure.com, go to Intune > Troubleshoot and select the user to troubleshoot.





    1. After the user is selected, make sure Intune License and Account Status appear with green checks.

 

    1. On the same page, under Devices , find the device to troubleshoot and check that the Managed By column shows MDM or EAS/MDM. If you do not see these values, the device is not enrolled. It will not receive compliance or configuration policies until it’s enrolled. App Protection Policies (also known as MAM policies) do not require enrollment.

 

    1. Check that Azure AD Join Type shows Workplace . If you see Not Registered , there might have been a problem during enrollment. Unenrolling and re-enrolling the device will resolve this problem.

 

    1. Check that Intune Compliant and Azure AD Compliant show Yes. A No in either column might indicate one of the following problems:




    • The device does not meet the requirements defined in your organization’s compliance policies.

 

    • The device is not connected to the Intune service.




    1. Check that Last Check In shows a recent time and date. Devices check in with Intune at least every 8 hours. If it’s been more that 24 since last check-in, there might be a problem with the device. A device that cannot check in cannot receive policies from Intune. To force a device to check in, follow the set of instructions below that matches the device’s OS. These steps can be done from any device.

 

    1. a) For Android, open the Company Portal app and select Devices > problem device from list > Check Device Settings .



b) For iOS, open the Company Portal app and select Devices > problem device from list > Check Settings .

c) For Windows, open the device Settings and select Accounts > Access Work or School > applicable connection > Info > Sync .

    1. Select the device to view the device’s policy details.

 

    1. Under Devices > Manage , go to both Device compliance and Device configuration and make sure the device policy you’re trying to assign is listed.

 

    1. a) If the policy is listed, review its State :




    • Not applicable - this policy is not supported on this platform. For example, iOS policies won’t work on Android devices, and Samsung KNOX policies won’t work on non-Samsung KNOX devices.

 

    • Conflict - There is an existing setting on the device that Intune cannot override.

 

    • Pending - The device has not checked in to Intune to retrieve the policy.

 



b) If the policy is not listed, it has not been assigned correctly. Go back to policy creation and assign policy to the user device.

We hope this helps you narrow down the reason for iOS or Android policies not applying to devices.

0 Likes
Like
3 Comments
wroot
Silver Contributor
‎Nov 02 2018 02:12 AM
‎Nov 02 2018 02:12 AM

We are using free MDM option of Office 365 and i have seen a few cases when enrolling Android phones with standard Email app already setup before that and email still working fine. After removing email account and trying to add it again, then it showed a message that it must be enrolled first.

0 Likes
Like
Koen Vandeghinste
Copper Contributor
‎Aug 02 2019 01:13 AM
‎Aug 02 2019 01:13 AM

hi, I have followed this procedure to the letter and am at device configuration policy is pending. However my devices has checked in numerous times (over 24h) since the assignment of the policy, but the status remains pending. what's the next step?

 

I think I figured it out...
Here's the use case: I have tablets and phones that are used as tools by employees. They are staged using Knox Enrollment and Intune (Android Enterprise) (so that we can push apps and not require a google account).

Some of these are used at sites where a camera is not allowed. I wanted to set up a device configuration to block the camera for these users. I can easily block it in the work profile, but of course I need it blocked completely. The device restriction (on device level) will not apply (it remains pending). Switching the device to Android, and setting a device restriction also works, but is pretty useless to me, especially since everyone is saying that as of Android 10, Enterprise will be the only way forward.

 

Conclusion (mine): 

All though I am strongly in favor of the Android Enterprise solution (much tighter security), it seems like Intune + Android (google?) still have a lot of work set out before the functional needs of the reel world, will combine with the technical limitations currently at hand (another example is contact integration between the work profile and the built in contact list, e.g. to be able to dial contacts from your car).

0 Likes
Like
Jason Maclauchlan
Brass Contributor
‎Feb 12 2020 12:17 PM
‎Feb 12 2020 12:17 PM

Need an option to troubleshoot by device, we are starting to do enrollments via token.

0 Likes
Like
Version history
Last update:
‎Dec 19 2023 01:26 PM
Updated by: