Photo by Hunter Harritt / Unsplash
Force Intune settings sync on computers [2023]

Force Intune settings sync on computers [2023]

Published on 03 Aug 2020

Bastien Perez
Bastien Perez

Clap

Default intervals

Default refresh intervals for policies and compliance checks

Intune sends a notification to the device to check in with the service. The timing of these notifications can vary, ranging from immediately to several hours. The frequency of these notifications can also differ depending on the platform.

Platform Refresh cycle
iOS/iPadOS About every 8 hours
macOS About every 8 hours
Android About every 8 hours
Windows 10/11 PCs enrolled as devices About every 8 hours
Windows 8.1 About every 8 hours

If the device doesn't check in to receive the policy or profile after the initial notification, Intune will attempt to notify the device three more times. If the device is offline, such as if it is powered off or not connected to a network, it may not receive these notifications. In this case, the device will receive the policy or profile during its next scheduled check-in with the Intune service. This also applies to checks for non-compliance, including situations where a device moves from a compliant to a non-compliant state.

If devices have recently enrolled, then compliance, non-compliance, and configuration checks will occur more frequently. The frequency of these checks is roughly as follows:

Platform Refresh cycle
iOS/iPadOS Every 15 minutes for 1 hour, and then around every 8 hours
macOS Every 15 minutes for 1 hour, and then around every 8 hours
Android Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours
Windows 10/11 PCs enrolled as devices Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours
Windows 8.1 Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours

Default refresh interval for Win32 applications and scripts

The deployment of PowerShell scripts or Win32 applications (.exe via intunewin) follows its own schedule, occurring every 60 minutes.

The Intune management extension agent checks after every reboot for any new scripts or changes.

Once the script executes, it doesn't execute again unless there's a change in the script or policy.

If the script fails, the Intune management extension agent retries the script three times for the next three consecutive Intune management extension agent check-ins.

For policies, check the keys Results et Download Count in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneManagementExtension\Policies\UserGUID\policyGUID

For Win32Apps and scripts, check : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps\UserGUID\ScriptGUID

To get guid for an app/script, use C:\ProgramData\Microsoft\IntuneManagementExtension\Logs

Force the synchronization to Intune

When you worked with on-premise environments, like Active Directory, you often use some commands to force the configuration applying on computers.

For example, in an AD, you use to run gpupdate, but, what is the gpupdate in Intune ?

You should know that even with the execution of these commands, it may take between 8 and 24 hours for everything to be applied.

There are other methods like Intune portal, via Company Portal, via Settings. However they are not shown here because the command line method is preferred in this article.

On the computer run Powershell as admin an execute:

Get-ScheduledTask 'PushLaunch' | Start-ScheduledTask

If you deploy Win32 applications (.exe), you also have to restart the Microsoft Intune Management Extension service. Always in PowerShell as admin:

If you deploy Win32 applications (.exe via intunewin), you must also restart the Microsoft Intune Management Extension service. There are several methods:

# Méthode 1 : restart the service (admin)
Restart-Service 'IntuneManagementExtension'

# Méthode 2 : use the sync command from run/Win+R (admin) - does not always work
intunemanagementextension:syncapp

# Méthode 3 : sync command with PowerShell object (admin)
$shell = New-Object -ComObject Shell.Application
$shell.open("intunemanagementextension://syncapp")

Comments

banner-Bastien Perez
Bastien Perez

Freelance Microsoft 365 - Active Directory - Modern Workplace

France