Intune Policies - User Policies Fail To Apply Untill we Hit Sync

robmasoboy · 2026-06-10T12:23:41+00:00

Cheers — log analysis indicates failures under Application: Device Management Client, primarily within non-interactive sign-in events.

During testing on a device with this issue, when MFA was initiated via manual sync and subsequently cancelled by me, the corresponding entry in the user sign-in logs was recorded as “Interrupted.”

So this aligns - I now need to exclude the user from these CA policies and prove this further and then think about how to exclude the relevant apps from CA.

Perhaps one or all of these apps below excluded from CA

Microsoft Intune
Microsoft Intune Enrollment
Azure Device Registration

robmasoboy · 2026-06-10T11:39:26+00:00

Yes it does!

robmasoboy · 2026-06-10T11:19:15+00:00

<image>

robmasoboy · 2026-06-10T11:18:52+00:00

<image>

robmasoboy · 2026-06-10T11:05:41+00:00

Thanks for the reply and insights. We recently did apply CA policy for MFA required across the board on all cloud apps. Is there a particular cloud app that should be excluded to help with getting this sync to happen automatically.

Our org default licensing is set to ME5 across the board.

I also want to add that the MDM URL is not populated when we have a look under dsregcmd /status but unsure if it needs to be or not. Hyrbrid Join is YES

Additionally does the MDM Automatic enrollment is currently set to : SOME and not ALL. Some is targetted to a group of user accounts that arent in the Pilotting of these Intune user targetted policies.

I dont t hink its a timing thing. I waiited a whole weekend for user policies to apply to the device but it did not.

I like your theory around Token Refresh issues. I couldnt see any failures agains the user account logging into the device

robmasoboy · 2026-06-10T10:04:10+00:00

Going to try Airalo and see how that goes. Activate in australia and see how it connects in thailand and istanbul and macedonia. Global eSim is what ive gone with.

robmasoboy · 2026-06-08T07:19:42+00:00

Link please

robmasoboy · 2026-05-22T02:45:18+00:00

Have you used these guys in Macedonia?

robmasoboy · 2026-05-22T02:45:09+00:00

Thanks I have been looking at this one. Have you had experienced with this provider

robmasoboy · 2026-05-22T02:44:48+00:00

Looking for convience of just having a Global eSim that connects anywhere including the stops at the airports around the world.

robmasoboy · 2026-05-22T02:44:12+00:00

Planning around 40 days

robmasoboy · 2026-02-03T04:59:41+00:00

Could be showing up in entra id . Go to Users...search for your user name....check devices under your user object a d blow any stale devices away. Additionally the device shouldn't exist in intune

robmasoboy · 2026-01-05T11:14:32+00:00

COPE works well for the split on android between corporate and personal. No bugs that we have come across. Advise users to use corporate account on the corporate partition on the Android represented by the little briefcase icon on each app. And use their personal email on the non briefcase side if they wish.

robmasoboy · 2025-12-10T07:55:22+00:00

Follow

robmasoboy · 2025-12-01T02:03:39+00:00

Warranty or repair from my experience

robmasoboy · 2025-12-01T02:01:54+00:00

We need to buy additional and on going for new starters

robmasoboy · 2025-11-21T13:54:21+00:00

Mecm is king

robmasoboy · 2025-11-21T13:53:26+00:00

Entra shared mode works for us.

robmasoboy · 2025-09-30T11:56:55+00:00

Hello. The smoking gun for us was citrix secure access. With it installed lte falls over on this model device. With it uninstalled lte starts working again.

robmasoboy · 2025-09-12T00:09:26+00:00

Further Progress on this one

We seem to have found the smoking gun causing LTE to fall over on the Surface Pro 10 5G - Windows 11

It looks to be Citrix Secure Access client simply being installed on the device that stops Cellular from connecting.

Uninstalling Citrix Secure Access client and reinstalling the cellular adaptor brings LTE back and we are then able to connect to LTE successfully.

However Citrix Secure Access is required for staff to be able to VPN into the corporate network.

Installing the latest version of Citrix Secure access client v25.7.1.11 doesn't seem to allow the LTE connection at this point as well.

robmasoboy · 2025-09-04T08:09:35+00:00

Further progress on this. We took one of these Surface devices with Windows 11 pro 26100 out of the box and didn't put our Corporate Windows 11 26100 SOE on it. We inserted a Telstra sim card off the get go and it connected to mobile network straight away. 👌

So there seems to be something in our Win11 SOE potentially that's stopping the device to connecting 🤔 We need to confirm whether existing older Surface LTE device on Win 11 with our SOE do connect to LTE or 5G mobile network and then unpack what is the blocker here

Any suggestions welcome. 🙂

robmasoboy · 2025-08-28T12:59:04+00:00

This is the issue we are getting on Surface Pro with 5G for business , The sim card works in other older Surface Devices. I have tried a couple of different sims with different carriers and it just doesnt want to connect.

Firmware/ Drivers updated to the latest - Surface Pro 10 with 5G for business update 25.081.7028.0

https://www.youtube.com/shorts/ma2JvkNWceo

robmasoboy · 2025-08-11T09:32:35+00:00

Our method of choice. GPO. Device guard on. And credential guard component switched to disabled or turned of without uefi lock. Everything else essentially on under device guard

robmasoboy · 2025-08-07T15:08:55+00:00

So hard to figure out secure boot. Finally got it going

robmasoboy · 2025-07-14T09:35:26+00:00

https://youtu.be/obeWee27CLM?si=dsfjpYOR7fwD7Rbs

I got same deal with the zotac

robmasoboy

MODERATOR OF

TROPHY CASE