This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 21%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
We have had this recurring issue for a long time now, and despite searching the error all over the place, there seem to be a lot of other IT professionals in the same boat, but no obvious answers.
The error is on the Anti-Virus setting on the default compliance policy.
2016345612(Syncml(500): The recipient encountered an unexpected condition which prevented it from fulfilling the request)
The compliance policy in question is assigned to all users.
This is a very annoying issue as it stops users from being able to access any MSFT apps as it marks the device as non compliant.
we are forced to add users to the exclusion list of the policy until the error clears on it's own days/weeks later.
If anyone has any ideas on what could be the cause or any possible fixes, it would be greatly appreciated
We have been dealing with this issue since March and it isn't getting any better.
Looks like there are multiple people in this thread having the same problem.
Please open support cases so we can get more traction on this issue, and they can start to get it resolved.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 69%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESO%3C/text%3E%3C/svg%3E)
Rename the device up to 15 characters only, it will resolve the issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 67%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
I am getting this error on Firewall and not Antivirus...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 17%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
We are seeing this error as well. And our machine names are only 10 characters, so Less than 15 is not going to fix the issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 91%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECC%3C/text%3E%3C/svg%3E)
We have been having the same issue since we started using Intune. It hits different computers on different days, and it clears after hours/days/resyncs.
Our device names are 15 characters or less. We have removed and redeployed machines, removed and recreated the compliance policy. The issue may resolve for a while, but it always comes back.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAF%3C/text%3E%3C/svg%3E)
Hi,
For our environment we resolve this by letting the user click "Fix now" under the Work or school account settings menu.
After that they can click on "Check access" under the device menu in Company portal.
We dont have any hybrid devices, only AAD.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 25%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERY%3C/text%3E%3C/svg%3E)
We've just seen this appear in our environment. The Senior VP got an email that she forwarded onto my team for action. Not a good look MS.
Anti-Virus is ESET Protect.
We need this addressed PDQ!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ4%3C/text%3E%3C/svg%3E)
We are experiencing the same issue. Our devices are AzureAD Joined, we do several app installations when the devices is joined. The issue only happens with Windows 11. The machine becomes very slow and AV stops working after reboot. It appears the Microsoft Defender AV (Endpoint security) is trying to restart. EDR show as if it is updating.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 55.00000000000001%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Keep having this issue intermittently affecting random users using random AAD hybrid joined Windows 10 endpoints.
Machine names are less then 15characters.
Fixed the issue once by running sync from Endpoint and InTune.
All other times need to wait days to weeks for the issue to resolve itself, else delete the endpoint from InTune and AzureAD then do a fresh Azure AD hybrid + InTune join.
Myself and colleagues gave raised tickets with MSFT 365 support who aren't much help, leaving poor 1st line guys struggling when a senior team needs to get involved and gather debug logs to determine the actual cause.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 9%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFO%3C/text%3E%3C/svg%3E)
We also have a few users affected by this issue (until now all hybrid joined):
2016345612(Syncml(500): The recipient encountered an unexpected condition which prevented it from fulfilling the request)
It's always the Windows Firewall. Never AV (we use windows defender):
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 30%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Same issue here: It occurs randomly after users restart their machines. Sometimes, a sync is enough to fix the issue, but other times we have to reboot the machine, sync, check for compliance, and repeat the process multiple times.
We use Windows Defender AV, and our machines’ names are only 11 characters. Last year, this issue was happening very often, but Microsoft fixed it. However, we now observe the same issue occurring since the beginning of March 2024.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 5%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
One machine had this issue, the devicename in autopilot was blank, the devicename in intune was below 15 chars. the machine was also inactive.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 10%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
I have reinstalled the Company Portal its working fine
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 42%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAY%3C/text%3E%3C/svg%3E)
Hi Guys, i have had this issue for several users. fix is to turn off the windows firewall and turn it back again. then go to company portal click once on check access and wait 2-3mins until it completes. do not click again and again as it will then take more time. if its taking way too long turn off the conditional access policy that check for compliance. then once company portal check is ok you can turn on the conditional access.
To verify further you can check azure ad portal devices and select the device you are checking on. check if its compliant. Then you can go to intune portal check if it shows compliant. it may be compliant on azure ad and not in intune. give it some time and then it will show compliant on intune as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 64%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
So I have this on multiple instances of both Win11 and Win10 machines for various clients (different intune configs, different methods of setup), I've poked and asked around, mostly from what I can see it's a sync issue. Again cloud loves to take its time with these, and its v. intermittent.
With Stricter compliance policies it appears more frequently than less relaxed policies but I will try and investigate further into this, I don't really have a concrete answer to this other than sync-ing devices.
Usually (on device) i'll run intunemanagementextension://synccompliance in the run diag
This usually clears up after about 10-30ish minutes
We continue to have this issue several times a week. We either wait several days for it to clear on its own or have the user initiate a sync, reboot, etc.
We have opened issues with MS Support only to be passed around to different agents/techs with no solutions offered.
Our compliance platform was integrated to Intune to pull device status,. This became unworkable with this issue occurring so often, so we had to go a different route for that.
It is unfortunate that an issue that is this widespread gets no attention from Microsoft, and support is not helpful.
@Chad Coker Changes are supposed to be coming but they missed the 2404 deployment. Waiting to see when they might be implemented and if they do in fact fix these issues. Update from Microsoft below. You can reference our case so you might be in the loop better on the rollout.
2310040040013084
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 33%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
@Nick Eckermann Thank you for your updates on this - We're seeing a similar issue and have referred our Microsoft Support contact to your ticket number. Unfortunately I've not managed to have them get in touch with the engineering team yet... I'm still just getting documentation quoted back at me.
I was wondering if you had any updates from MS recently? It sounds like the fix just keeps getting delayed over and over again.
*Edit - I see you posted a week ago that you'd had another noncommittal response from them. No surprises there! Fingers crossed they finally get it sorted soon.
Thanks again,
Joe
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 27%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIM%3C/text%3E%3C/svg%3E)
same error message
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 70%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
We recently onboarded our devices to Intune. We had no previous MDM so all these devices were never managed by anything before. After using the default the Firewall Windows default policy as our base policy, we started to get this error in our compliance report. I took the provided policy, duplicated it and renamed the duplicate. This fixed our issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 40%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETF%3C/text%3E%3C/svg%3E)
Another report of this for multiple devices. Device Names under 15 characters, Defender as standard AV and fully patched and up to date with Fresh Synch completed locally from device.
Nick Eckermann may be onto something as we have seen this occurring more on pre-provisioned devices where they have been built but the use reenrollment step may be completed several days later or used sporadically after deployment.
Either way MS needs to acknowledge and patch this there so many people reporting this you think there own firewall product and AV could talk to their own systems correctly!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 91%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERF%3C/text%3E%3C/svg%3E)
Has there been any recent feedback from Microsoft regarding this issue and a potential solution in a future release?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 57.99999999999999%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESL%3C/text%3E%3C/svg%3E)
We also had an issue with 2 devices. But since we use 3rd-party AV we deleted that and reinstalled it and it was back to a compliant state. Sync device side didnt do anything other then confirm the error.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 67%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEC%3C/text%3E%3C/svg%3E)
Same issue here for Antivirus and Firewall on multiple Win 11 devices
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 43%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENM%3C/text%3E%3C/svg%3E)
Same here, we have few devices whit that error message, but the Antivirus is up to date and no issues
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 30%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETW%3C/text%3E%3C/svg%3E)
We also have started to have this problem. Multiple restarts and checking status from Company Portal app does not help. Security app confirms all services are running with green checkmarks.
Seems like a problem between Intune system and company portal app. I finally got this to work after 2 1/2 hours with a user. Had to do many restarts and status checking, but eventually the laptop became compliant.
Happens again for few devices, no pattern.
It's mostly hybrid joined devices, name is below 15 characters.
It always complains about the firewall.
Firewall & AV is Windows Defender.
Same issue here: It occurs randomly after users restart their machines. Sometimes, a sync is enough to fix the issue, but other times we have to reboot the machine, sync, check for compliance, and repeat the process multiple times.
We use Windows Defender AV, and our machines’ names are only 11 characters. Last year, this issue was happening very often, but Microsoft fixed it. However, we now observe the same issue occurring since the beginning of March 2024.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 99%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPD%3C/text%3E%3C/svg%3E)
Why is this still a problem over a year later? Is the Intune Team at Microsoft staffed at all?
@Philipp Durrer
Yes.. I got this update this week, but still no details around what the fix is so I can say it actually will fix the issue.
I have see other orgs will move to custom compliance policies to do the checks for these items which is more accurate. They write a custom script and json responses to validate the fw/av settings are correct. I haven't done that myself, but I heard it is helping them.
"There are several CSS Engineers that are monitoring this request / issue with our Engineering team. We have a received an update on a corrective action, however, we do not have a date just yet for the completion. We are attempting to ascertain a definitive date from Engineering and then I will advise. As this has slipped before, we do not want to publish a speculative date, so once Engineering provides a definitive date, I will share it with you."
Been hassling with this issue for several years, ever since started using InTune.
I really don't get how big business corporations and governments see this as a viable product with the amount of hassle it is to use.
But as to the syncml(500) issue, once confirmed Windows Security on the endpoint reports no issues I've been able to clear the bug twice now by:
0. Run sync from device endpoint in InTune MDM admin centre