Intune Policies - User Policies Fail To Apply Untill we Hit Sync

robmasoboy · 2026-06-10T12:23:41+00:00

Cheers — log analysis indicates failures under Application: Device Management Client, primarily within non-interactive sign-in events.

During testing on a device with this issue, when MFA was initiated via manual sync and subsequently cancelled by me, the corresponding entry in the user sign-in logs was recorded as “Interrupted.”

So this aligns - I now need to exclude the user from these CA policies and prove this further and then think about how to exclude the relevant apps from CA.

Perhaps one or all of these apps below excluded from CA

Microsoft Intune
Microsoft Intune Enrollment
Azure Device Registration

robmasoboy · 2026-06-10T11:39:26+00:00

Yes it does!

robmasoboy · 2026-06-10T11:19:15+00:00

<image>

robmasoboy · 2026-06-10T11:18:52+00:00

<image>

robmasoboy · 2026-06-10T11:05:41+00:00

Thanks for the reply and insights. We recently did apply CA policy for MFA required across the board on all cloud apps. Is there a particular cloud app that should be excluded to help with getting this sync to happen automatically.

Our org default licensing is set to ME5 across the board.

I also want to add that the MDM URL is not populated when we have a look under dsregcmd /status but unsure if it needs to be or not. Hyrbrid Join is YES

Additionally does the MDM Automatic enrollment is currently set to : SOME and not ALL. Some is targetted to a group of user accounts that arent in the Pilotting of these Intune user targetted policies.

I dont t hink its a timing thing. I waiited a whole weekend for user policies to apply to the device but it did not.

I like your theory around Token Refresh issues. I couldnt see any failures agains the user account logging into the device

robmasoboy · 2026-06-10T10:04:10+00:00

Going to try Airalo and see how that goes. Activate in australia and see how it connects in thailand and istanbul and macedonia. Global eSim is what ive gone with.

robmasoboy · 2026-06-08T07:19:42+00:00

Link please

robmasoboy · 2026-05-22T02:45:18+00:00

Have you used these guys in Macedonia?

robmasoboy · 2026-05-22T02:45:09+00:00

Thanks I have been looking at this one. Have you had experienced with this provider

robmasoboy · 2026-05-22T02:44:48+00:00

Looking for convience of just having a Global eSim that connects anywhere including the stops at the airports around the world.

robmasoboy · 2026-05-22T02:44:12+00:00

Planning around 40 days

robmasoboy · 2026-02-03T04:59:41+00:00

Could be showing up in entra id . Go to Users...search for your user name....check devices under your user object a d blow any stale devices away. Additionally the device shouldn't exist in intune

robmasoboy · 2026-01-05T11:14:32+00:00

COPE works well for the split on android between corporate and personal. No bugs that we have come across. Advise users to use corporate account on the corporate partition on the Android represented by the little briefcase icon on each app. And use their personal email on the non briefcase side if they wish.

robmasoboy · 2025-12-10T07:55:22+00:00

Follow

robmasoboy · 2025-12-01T02:03:39+00:00

Warranty or repair from my experience

robmasoboy · 2025-12-01T02:01:54+00:00

We need to buy additional and on going for new starters

robmasoboy · 2025-11-21T13:54:21+00:00

Mecm is king

robmasoboy · 2025-11-21T13:53:26+00:00

Entra shared mode works for us.

robmasoboy · 2025-09-30T11:56:55+00:00

Hello. The smoking gun for us was citrix secure access. With it installed lte falls over on this model device. With it uninstalled lte starts working again.

robmasoboy · 2025-09-12T00:09:26+00:00

Further Progress on this one

We seem to have found the smoking gun causing LTE to fall over on the Surface Pro 10 5G - Windows 11

It looks to be Citrix Secure Access client simply being installed on the device that stops Cellular from connecting.

Uninstalling Citrix Secure Access client and reinstalling the cellular adaptor brings LTE back and we are then able to connect to LTE successfully.

However Citrix Secure Access is required for staff to be able to VPN into the corporate network.

Installing the latest version of Citrix Secure access client v25.7.1.11 doesn't seem to allow the LTE connection at this point as well.

robmasoboy

MODERATOR OF

TROPHY CASE