5,571 questions
Were there changes made to the policy? As per your screenshot most devices are reporting a similar status time. Also if you rolling out Sept 20 version then you need to have edge version 85 and above installed.
Intune Policy deployment not accuratly showing who it has been deployed to.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 38%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEN%3C/text%3E%3C/svg%3E)
Ed Newman
191
Reputation points
Hi all, I have another very annoying Intune issue that is making it very hard to manage our Windows 10 devices.
We have a bunch of policies (Baselines, security policies and classic device policies) that are deploying to Windows 10 devices without any issue and the Intune portal correctly shows all the devices or users with the polciy.
Then we have a few policies (again a mxi of classic policies and baselines) that are deployed to All Devices or All Users that show that the policy as only being deployed to a small handful of devices or users. On investigation, we can see from the device that the policy has been pushed to the devices (settings that can only have come from the policy are correctly applied), but the device in question is showing as "pending" on the policy (this hasn't changed after weeks).
An example of our Edge Baseline Policy (applied to all users (we have also tried deploying it to All Devices and just a group of two)).
This should have been deployed to 150+ devices, but we get:
When I look at the devices against the policy, all the devices that should have got it have a UPN of None (looking against a working policy all the UPN's have users in):
Anyone got any ideas how we can make Intune display who the policy has been deployed to correctly? It is getting to the point that it is almost impossible to manage now as we have no idea what policies are being deployed correctly and what isn't.
We have opened a case with MS, but they have drawn a blank after 3 weeks.
Thanks for any help in advance!
Ed
Microsoft Security | Intune | Other
2 answers
Sort by: Most helpful
-
Rahul Jindal [MVP] 10,911 Reputation points MVP2020-12-12T08:27:00.383+00:00 -
Ed Newman 191 Reputation points
2020-12-12T11:55:38.173+00:00 Thanks for you response Rahul, in answer to your questions:
All the devices have Edge as their default browser and are set to auto update, a vast majority are on 87, all of them are on 85 or higher.Yes the policy has been changed. It was upgraded from the April baseline in mid-November (at least 4 weeks ago), and then a change was made to turn off password saving a week after that. When the April baseline was in place, all devices were showing as successfully having the policy applied, it was after that upgrade to the current baseline that we started seeing the current situation.
We have exactly the same issue with some other policies (notably our enterprise wifi policy), we know the policies are being applied as the settings are on the device, it is just not showing as applied (stuck on pending) in the Intune Policy. A majority of a policies are reporting correctly though.
Thanks,
Ed. -
Rahul Jindal [MVP] 10,911 Reputation points MVP
2020-12-13T00:11:54.577+00:00 Thanks for sharing the details. If the policies are applying then the issue appears to be only with compliance data not being presented properly. Have you tried deleting the profile and creating it again? Then deploy only to devices.
-
Ed Newman 191 Reputation points
2020-12-14T08:58:00.073+00:00 Thanks Rahul, I think you are right in the fact that if I delete the policy and recreate it it will probably fix the problem, but that doesn't help "fix" the issue of why they don't report properly. Unfortunately, we have I identified one policy where about 95% of the devices are showing successful and the last 5% stuck on pending, this makes it much harder to spot issue policies. If we only had one policy with the issue then deleting and recreating would be fine, but as it is multiple it isn't so easy.
Possibly off topic, but you mention deploying to Devices rather than users. As all these devices should always have this baseline, deploying to Devices is the logical way to go, but then we always seems to get a good number of devices with a failure when deploying to the "System Account" (works fine against the user), so again, this just causes reporting issues. Any idea how to solve that issue?!
Thanks for your help!
Ed.
Sign in to comment -
-
Lu Dai-MSFT 28,501 Reputation points2020-12-14T05:42:41.44+00:00 @Ed Newman Thanks for posting in our Q&A. From your description, I know that you wonder why the device status of Microsoft Edge Baseline Policy is pending in other devices. If there’s any misunderstanding, feel free to let us know.
For this issue, I have done the test in my lab. I deploy the default Microsoft Edge baseline to my windows 10 device group and it seems the policy is deployed to the device successfully. In general, “pending” means the device hasn't checked in with Intune to receive the policy yet.
To clarify this issue, we appreciate your help to collect the following information:- Check if it is successful when we sync the device.
- Check if there is any other policy conflicts with Microsoft Edge Baseline Policy. We can read the following article as a reference.
https://learn.microsoft.com/en-us/mem/intune/protect/security-baselines-monitor#resolve-conflicts-for-security-baselines
If this issue still persists, I think it is important to do log analysis. We can check the event log under Event viewer > Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider to find if there is any error.
If there is anything unclear, feel free to let us know.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.-
Lu Dai-MSFT 28,501 Reputation points
2020-12-18T02:58:19.157+00:00 @Ed Newman I am currently standing by for further update from you and would like to know how things are going. If you have any questions or concerns on the recent information I've provided you, please don't hesitate to let me know.
Sign in to comment