This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 26%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Hi,
We have a group "Intune testers" to test out our policies. At the moment this group consists of four users which each have a M365 E5 license assigned to them. We have one Windows 10/11 policy and several configuration policies (WiFi, device restrictions, etc..). These policies all have the "Intune testers" group included, without any filters/excludes.
Two of the users are getting all policies correctly assigned to them, two of them aren't getting any policies. They are getting marked non-compliant because the built-in policy requires atleast one assigned policy.
We have used the troubleshooting tool to compare the "faulty" users with the "correct" ones. Everything seems to be in order but they are still not getting the policies applied to them. The only difference is that the users who are working correctly are "Owner" of the security group in Azure AD.
Does anyone have a clue what might be the problem here? Thank you in advance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Stephan Bisschop , From your description, it seems two users can't get any device configuration policy. If there's any misunderstanding, feel free to let us know.
For the two affected user, try to login one affected AAD user on one affected device, go to Settings->Accounts->Access work or school, find the account, info and then click sync to see if it can sync successfully.
On the device side, check the DeviceManagement-Enterprise-Diagnostic-Provider Event log to see if there's any error related.
https://learn.microsoft.com/en-us/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10#collect-logs-directly-from-windows10-pcs
Please check the above information and if there's any update, feel free to let us know.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Stephan Bisschop , Hope things are going well. If there's any update, feel free to let us know.