Microsoft Technical Takeoff: Windows and Microsoft Intune
Oct 24 2022 07:00 AM - Oct 27 2022 12:00 PM (PDT)

Intune - Change in Always on VPN profile synced and not synced

New Contributor

Hi all,

With Intune we push an Always on VPN profile to our Windows 10 clients. One of the settings in that profile have to do with NRPT (name resolution) in where the client is told to use public DNS servers for a couple of URL's. Recently i removed some of the URL's.

 

What i notice is that some clients use the internal DNS to resolve the URL's (they have the change applied/synced) and others still use the external DNS. 

 

Is there a guideline in order to get changes synced on all devices? 

 

2 Replies

@andrejochemsen 

 

Assuming the devices are connected and configured and properly checking in with Intune, in general they should pick up policy changes within a few hours at best, or a few days at worst.

 

One trick that sometimes helps is to prod at the policy again to save a change which will cause the devices to detect there's a new version they need to download. For example, add another URL into the NRPT, or change some other non-critical setting just to create some entropy.

 

Otherwise, you might want to check Event Viewer DeviceManagement-Enterprise-Diagnostics-Provider logs on some machines which aren't getting the policy change and see if there's an issue.

 

DeviceManagement-Enterprise-Diagnostics-Provider.jpg

Please like or mark this thread as answered if it's helpful, thanks!

Hi Kurt,
Thank you for ur reply.
I will check with a user and look in to the Event Viewer. Triggering a new sync by adding (or removing) some dummy entrie is a good one to try out.