P2 · Endpoint & Device Management

Intune MDM/Configuration Policy Not Applying to Enrolled Devices

Configuration profiles or compliance policies enrolled via Microsoft Intune fail to apply to Windows/iOS/Android devices despite successful enrollment. Commonly caused by assignment scope gaps, CSP conflicts between profiles, or devices failing to check in.

Indicators

Device shows 'Not applicable' or 'Error' in Intune device configuration blade
Policy shows 'Pending' indefinitely after assignment
Device marked compliant in Intune but settings not applied locally
Event ID 814 in DeviceManagement-Enterprise-Diagnostics-Provider log

Likely causes

Policy assigned to AAD group but device or user not a member
Conflicting CSP from two profiles targeting the same setting
Device not synced — last check-in older than 8 hours
Scope tag mismatch between device and policy
User-targeted policy applied to device needing device-targeted assignment

Diagnostic steps

Intune portal > Devices > select device > Configuration profiles — review per-profile status and error codes
Verify group membership: confirm device or user is in the AAD group assigned to the policy
Force sync from portal: Devices > select device > Sync; or on device run: Start-Process 'C:\Windows\System32\deviceenroller.exe' -ArgumentList '/o'
Check MDM logs: Event Viewer > Apps and Services > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin
Collect full MDM diagnostics: MdmDiagnosticsTool.exe -out C:\MDMLogs — zip and review CAB
If multiple profiles conflict: identify which CSPs overlap, consolidate into a single profile or use Settings Catalog to detect conflicts

Resolution path

Confirm device and user group membership matches policy target
Identify and resolve CSP conflicts by consolidating overlapping profiles
Force device sync and check Intune portal after 15 minutes
Collect MDM diagnostic CAB for Microsoft support if unresolved

Prevention

Use Scope Tags consistently for segmented or multi-tenant deployments
Prefer device-targeted over user-targeted policies for machine-wide settings
Audit policy assignments and group membership quarterly
Monitor Intune Reports > Endpoint analytics > Configuration profile assignment failures

Tools

Microsoft Intune portal
MdmDiagnosticsTool.exe
Event Viewer (DeviceManagement-Enterprise-Diagnostics-Provider)
Azure AD Group audit logs
Intune Settings Catalog

intunemdmconfiguration-profileendpoint-managementmicrosoft-intunecsp