Home

Device restrictions conflict

%3CLINGO-SUB%20id%3D%22lingo-sub-1061220%22%20slang%3D%22en-US%22%3EDevice%20restrictions%20conflict%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1061220%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20a%20conflict%20in%20our%20device%20restrictions%20after%20we%20change%20another%20setting%20in%20that%20profile.%3C%2FP%3E%3CP%3EIn%20the%20Windows%20Defender%20settings%20we%20have%20set%20'%3CSPAN%3ETime%20to%20perform%20a%20daily%20quick%20scan'.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAfter%20setting%20a%20another%20setting%20in%20the%20device%20restrictions%20this%20setting%20resulted%20in%20a%20conflict.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAfter%20reviewing%20this%20intune%20shows%20that%20there%20only%20one%20profile%20with%20conflict.%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EWe%20have%20no%20other%20settings%20with%20this%20specific%20setting.%20So%20there%20no%20logical%20reason%20for%20a%20conflict.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20459px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F161177iFA83D31D20956197%2Fimage-dimensions%2F459x305%3Fv%3D1.0%22%20width%3D%22459%22%20height%3D%22305%22%20alt%3D%22Schermafbeelding%202019-12-11%20om%2023.09.07.png%22%20title%3D%22Schermafbeelding%202019-12-11%20om%2023.09.07.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1061220%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1064251%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20restrictions%20conflict%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1064251%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10381%22%20target%3D%22_blank%22%3E%40Ronald%20Meer%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ethis%20is%20more%20brain%20storming%20and%20not%20a%20fact%2C%20not%20a%20verified%20answer%20but%20maybe%20helps%20for%20further%20troubleshooting...%20you%20may%20have%20configured%20the%20value%20before%20with%20a%20different%20policy%20and%20then%20unassigned%20this%20policy%2C%20which%20might%20left%20the%20setting%20behind%20(tattoo)%20and%20then%20the%20new%20policy%20finds%20this%20leftover%20and%20tells%20conflict.%20The%20back%20end%20service%20(Intune)%20can't%20show%20a%20conflict%20as%20the%20original%20policy%20is%20not%20assigned%20anymore%2C%20so%20it%20only%20shows%20the%20current%20one.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ebest%2C%3C%2FP%3E%0A%3CP%3EOliver%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1064860%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20restrictions%20conflict%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1064860%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F174439%22%20target%3D%22_blank%22%3E%40Oliver%20Kieselbach%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20issue%20also%20happens%20with%20fresh%20enrolled%20devices.%20Is%20there%20any%20logging%20were%20i%20can%20look%20at%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1065105%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20restrictions%20conflict%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065105%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10381%22%20target%3D%22_blank%22%3E%40Ronald%20Meer%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOh%20this%20is%20strange.%20I%20would%20open%20a%20support%20case%20for%20this.%20I%20don't%20have%20any%20idea%20how%20to%20solve%20this%20from%20the%20client%20side.%20I%20think%20you%20need%20some%20info%20from%20service%20side%20why%20it%20is%20flagged%20as%20conflict.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1065564%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20restrictions%20conflict%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065564%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10381%22%20target%3D%22_blank%22%3E%40Ronald%20Meer%3C%2FA%3E%26nbsp%3BWe%20started%20experiencing%20the%20same%20issue%2C%20on%20thousands%20of%20devices%20for%20this%20very%20configuration%20item.%20We%20have%20no%20conflicting%20MDM%20configuration%20profiles%2C%20or%20GPO.%20We%20have%20on%20occasion%20edited%20existing%20MDM%20profiles%20instead%20of%20creating%20new%2C%20and%20re-assigning%20groups.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1067056%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20restrictions%20conflict%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1067056%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F488027%22%20target%3D%22_blank%22%3E%40SinceVanilla%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThat%20what%20we%20did%20too.%20Just%20edited%20an%20existing%20configuration%20profile%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1067869%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20restrictions%20conflict%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1067869%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10381%22%20target%3D%22_blank%22%3E%40Ronald%20Meer%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F488027%22%20target%3D%22_blank%22%3E%40SinceVanilla%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3ESame%20Issue%20here.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdded%20a%20few%20Exclusions%20into%20our%20Defender%20Device%20restrictions%20Policy%20last%20week%20now%20its%20reporting%20conflicts%20on%20every%20device.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMade%20sure%20there%20are%20no%20conflicting%20settings%20as%20described%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fnl-nl%2Fintune%2Fconfiguration%2Fdevice-restrictions-windows-10%23microsoft-defender-antivirus%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E%20under%20the%20section%20%22%3CSPAN%20class%3D%22sxs-lookup%22%3EType%20of%20system%20scan%20to%20perform%22%3C%2FSPAN%3E.%20Still%20reporting%20conflicts.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1068449%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20restrictions%20conflict%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1068449%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F490127%22%20target%3D%22_blank%22%3E%40Michiel_Singor%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10381%22%20target%3D%22_blank%22%3E%40Ronald%20Meer%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F488027%22%20target%3D%22_blank%22%3E%40SinceVanilla%3C%2FA%3E%26nbsp%3BI'm%20having%20the%20same%20issue%20aswell.%20I%20had%20to%20raise%20a%20support%20request%20this%20morning%20as%20this%20one%20thing%20is%20pretty%20much%20preventing%20us%20moving%20over%20to%20Intune%20at%20the%20moment.%20The%20quick%20scan%20isn't%20even%20being%20done%20automatically.%20I%20can%20do%20it%20manually%2C%20so%20there%20must%20be%20some%20backend%20configuration%20issue%20that%20needs%20addressing.%20The%20security%20intelligence%20updates%20are%20scanning%20and%20updating%20fine%3CBR%20%2F%3E%3CBR%20%2F%3EReally%20hope%20this%20is%20resolved%20soon%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1068514%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20restrictions%20conflict%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1068514%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10381%22%20target%3D%22_blank%22%3E%40Ronald%20Meer%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F174439%22%20target%3D%22_blank%22%3E%40Oliver%20Kieselbach%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHey%20all%2C%20we%20have%20the%20same%20Problem.%20I%20created%20a%20support%20request%26nbsp%3B%20by%20MS-Intune-Team.%20That%20is%20now%20closed%2C%20becouse%20it%20looks%20like%20a%20%22Windows-Issue%22%20(endpoint%20and%20not%20Intune-Case).%20Now%20I%20should%20create%20a%20new%20request%20for%20Windows-Enpoint%20Team....%20Now%20is%20the%20ouestion%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F174439%22%20target%3D%22_blank%22%3E%40Oliver%20Kieselbach%3C%2FA%3E%2C%26nbsp%3B%20did%20you%20created%20some%20request%20by%20MS%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1071349%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20restrictions%20conflict%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1071349%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20the%20same%20issue%20in%20all%20our%20tenants%20as%20well%20(without%20even%20editing%20anything).%20Would%20be%20interested%20as%20well%20if%20someone%20knows%20more%20about%20this%20-%20we%20don't%20have%20open%20tickets%20yet.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1094213%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20restrictions%20conflict%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1094213%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10381%22%20target%3D%22_blank%22%3E%40Ronald%20Meer%3C%2FA%3E%3C%2FP%3E%3CP%3EHave%20you%20found%20any%20solution%20with%20the%20conflict%20state%20for%20'Time%20to%26nbsp%3B%20perform%20a%20daily%20quick%20scan'%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1095356%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20restrictions%20conflict%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1095356%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20case%20opened%20for%20this%20problem.%20We%20have%20MDM%20only%20managed%2C%20Hybrid%20AD%20Joined%20devices.%20No%20conflict%20issue%20with%20GPO%2C%20or%20Device%20Configuration%20profile%20was%20identified.%20This%20appears%20to%20be%20an%20issue%20on%20the%20service%20end.%20I'd%20say%20open%20a%20case%20with%20Microsoft%20if%20you're%20experiencing%20the%20issue%2C%20as%20your%20problem%20maybe%20different%20than%20ours.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10381%22%20target%3D%22_blank%22%3E%40Ronald%20Meer%3C%2FA%3E%26nbsp%3B%40%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1095598%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20restrictions%20conflict%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1095598%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10381%22%20target%3D%22_blank%22%3E%40Ronald%20Meer%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3ESame%20problem%20here%20as%20well.%20Hope%20Microsoft%20notices%20this%20thread%20and%20propose%20a%20solution.%3CBR%20%2F%3E%3CBR%20%2F%3E%2F%2FMarkus%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Ronald Meer
Contributor

We have a conflict in our device restrictions after we change another setting in that profile.

In the Windows Defender settings we have set 'Time to perform a daily quick scan'.

After setting a another setting in the device restrictions this setting resulted in a conflict.

After reviewing this intune shows that there only one profile with conflict.

We have no other settings with this specific setting. So there no logical reason for a conflict.

 

Schermafbeelding 2019-12-11 om 23.09.07.png

12 Replies

Hi @Ronald Meer,

 

this is more brain storming and not a fact, not a verified answer but maybe helps for further troubleshooting... you may have configured the value before with a different policy and then unassigned this policy, which might left the setting behind (tattoo) and then the new policy finds this leftover and tells conflict. The back end service (Intune) can't show a conflict as the original policy is not assigned anymore, so it only shows the current one. 

 

best,

Oliver

@Oliver Kieselbach 

The issue also happens with fresh enrolled devices. Is there any logging were i can look at?

@Ronald Meer 

Oh this is strange. I would open a support case for this. I don't have any idea how to solve this from the client side. I think you need some info from service side why it is flagged as conflict.

@Ronald Meer We started experiencing the same issue, on thousands of devices for this very configuration item. We have no conflicting MDM configuration profiles, or GPO. We have on occasion edited existing MDM profiles instead of creating new, and re-assigning groups. 

@SinceVanilla 

 

That what we did too. Just edited an existing configuration profile

@Ronald Meer @SinceVanilla 

Same Issue here.

 

Added a few Exclusions into our Defender Device restrictions Policy last week now its reporting conflicts on every device.

 

Made sure there are no conflicting settings as described here under the section "Type of system scan to perform". Still reporting conflicts.

 

@Michiel_Singor @Ronald Meer @SinceVanilla I'm having the same issue aswell. I had to raise a support request this morning as this one thing is pretty much preventing us moving over to Intune at the moment. The quick scan isn't even being done automatically. I can do it manually, so there must be some backend configuration issue that needs addressing. The security intelligence updates are scanning and updating fine

Really hope this is resolved soon

@Ronald Meer @Oliver Kieselbach 

Hey all, we have the same Problem. I created a support request  by MS-Intune-Team. That is now closed, becouse it looks like a "Windows-Issue" (endpoint and not Intune-Case). Now I should create a new request for Windows-Enpoint Team.... Now is the ouestion @Oliver Kieselbach,  did you created some request by MS?

We have the same issue in all our tenants as well (without even editing anything). Would be interested as well if someone knows more about this - we don't have open tickets yet.

@Ronald Meer

Have you found any solution with the conflict state for 'Time to  perform a daily quick scan' ?

 

I have a case opened for this problem. We have MDM only managed, Hybrid AD Joined devices. No conflict issue with GPO, or Device Configuration profile was identified. This appears to be an issue on the service end. I'd say open a case with Microsoft if you're experiencing the issue, as your problem maybe different than ours. @Ronald Meer @

@Ronald Meer 

Same problem here as well. Hope Microsoft notices this thread and propose a solution.

//Markus

Related Conversations
Question Restrictions
juryk in Microsoft Forms on
2 Replies
Control External Access in SFB Online
Vineet Arora in Skype for Business IT Pro on
2 Replies
Responses changing from number to text
dfox74 in Microsoft Forms on
9 Replies
Teams channel restrictions
Cherylhop in Microsoft Teams on
4 Replies