In this article, we’ll explore different methods to manually sync Intune policies on Windows 10 and Windows 11 devices. Syncing forces your work device to connect with Microsoft Intune to get the latest updates, policies, requirements, and communications from your organization.
According to Microsoft, the Company Portal app regularly syncs devices with Intune as long as you have a Wi-Fi connection. However, if you ever need to disconnect for an extended period of time, you can manually sync to get any updates you missed when you return.
Synchronizing policies between devices and Microsoft Intune is one of the most common tasks performed by Intune administrators following the deployment of a policy or app. This is true for application deployments, PowerShell script deployments, custom OMA-URI policy deployments, and various other scenarios.
Also Read: 4 Ways to Rotate Local Admin Password using Intune
What happens when you force a device to sync policies with Intune?
When you initiate a sync on a device, Intune notifies the device to check in to receive the latest updates and policies. Intune will attempt to check with this device. If successful, it will sync current actions or policies to the device.
For example, if you have deployed a Win32 app to a Windows device group, running a sync will force devices to check with Intune to see if there are any new deployments. In a nutshell, the sync action forces the devices to connect to the Intune service and get the most recent policies and deployments.
Requirements for Syncing Intune Policies on Windows Devices
To perform a policy sync on Windows devices, the devices must be enrolled in Intune and should be online. If the Intune company portal app is installed on devices, it makes it even easier to synchronize the policies.
We advise you to read the instructions below, which walk you through enrolling Windows 10 and Windows 11 devices in Microsoft Intune, if you are new to the Intune.
When should you manually sync policies for devices?
There are four situations when you would manually sync the Intune policies on enrolled devices in Microsoft Intune:
- When you want to test the Intune policies ASAP on the user’s device, you can force the policy update on devices.
- Manually syncing the policies is a common step in troubleshooting an issue on a user’s Intune-managed device.
- If you’re experiencing slow or unusual behavior while installing or using a work app, try syncing your device to see if an update or requirement is missing.
- Syncing can also help resolve work-related downloads or other processes that are in progress or stalled.
See Also: How to Manually Sync macOS device with Intune
Ways to Force Intune Sync Manually from Windows device
We will explore the following methods in this article to show you how to sync Intune policies on Windows devices:
- Company Portal app
- Desktop taskbar or Start menu
- Using the Settings app
- Sync Action in Intune Admin Center
- Refresh Intune Policies on Cloud PCs and Windows devices using Bulk Device Actions
- Use PowerShell to trigger Intune Policy Sync on a single Windows device and all Windows devices
- Sync from Settings app (Microsoft HoloLens)
Intune Default Policy Sync Interval
Do you know how long it takes for devices to receive an Intune policy, profile, or app after they are assigned? The answer is 8 hours. This is known as the Intune Policy refresh cycle. Microsoft has already specified the default Intune policy time intervals for various device types.
The policy sync intervals for various devices, including Windows, macOS, Android, and others, are listed in the table below.
| Device Type | Default Intune Policy Refresh Intervals |
|---|---|
| Windows 10/11 PCs enrolled as devices | Every 8 Hours |
| Android | Every 8 Hours |
| macOS | Every 8 Hours |
| Windows 8.1 | Every 8 Hours |
| iOS/iPadOS | Every 8 Hours |
Note: The Intune management extension (IME) policy cycle is set to run every 60 minutes. If devices recently enroll in Intune, then the compliance, non-compliance, and configuration check-in runs more frequently.
Intune Policy Refresh Intervals for Recently Enrolled Devices
The table below shows the frequency of Intune device check-ins based on device type.
| Platform | Device Check-In Frequency |
|---|---|
| Windows 10/11 PCs enrolled as devices | Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours |
| Android | Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours |
| macOS | Every 15 minutes for 1 hour, and then around every 8 hours |
| iOS/iPadOS | Every 15 minutes for 1 hour, and then around every 8 hours |
| Windows 8.1 | Every 5 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours |
We will now look at different methods with which you can manually sync Intune policies on Windows devices.
1. Manually Sync Intune Policies from Device Taskbar or Start menu
On a Windows device, you can manually sync Intune policies from the Taskbar or Start Menu. Click Start and type “Company Portal” in the search box. Right-click the Company Portal app and select “Sync this device“.
The Sync this device action should be available for the company portal app installed on Windows 10 and Windows 11 devices. If the company portal app is pinned to the taskbar, you won’t get the sync device action.
The Company Portal app opens to the Settings page and initiates the policy sync with Microsoft Intune. If the Intune Policy sync is successful, you should see the message “Sync Successful” on the same screen.
2. Sync Intune Policies from Company Portal App
You can quickly initiate the Intune Policy Sync from the Company Portal app. This method requires you to launch the company portal app and select the Sync option from the Settings menu.
Click Start and launch the Company Portal app. Click on Settings and select Sync to synchronize your device with the latest updates from MS Intune.
The Company Portal app initiates the sync. It takes a while to synchronize the latest Intune policies. The line “Last Sync on Date Time was successful” confirms the policy synchronization is successfully completed.
3. Manually Sync a device from Intune Admin Center
In the Intune admin center, the Sync device action forces the selected Windows device to immediately check in with Intune. When a device checks in, it immediately receives any pending actions or policies that have been assigned to it.
Tip: The Sync device action is also available for cloud PCs. With Cloud PC Remote Actions, you can remotely manage Cloud PCs in Intune just like any other managed device.
Intune currently supports the following device types for the Sync device action:
- Windows
- iOS
- macOS
- Android (Device administrator and Android for Work only)
To sync a remote Windows device from Intune, follow these steps:
- Sign in to the Microsoft Intune admin center.
- Select Devices > Windows > All Devices.
- In the list of devices you manage, select a device to open its Overview pane, and then select Sync. To confirm Sync, select Yes.
A message box appears when you initiate a device sync from the Intune admin center. Intune will attempt to check in with this device. If successful, it will sync current actions or policies to the device. Would like to continue. Select Yes.
4. Perform Intune Policy Sync using Settings App
You can manually sync to refresh Intune policies on Windows devices using the Settings App. On your device, select Start > Settings. Select Accounts. Under Accounts, select Access Work or School. Select the account that has a briefcase icon next to it. Click Info.
Under Device Action Status, select Sync. This will sync the latest security policies, network profiles and managed applications from Intune.
5. Force Intune Policy Sync using PowerShell
You can use Microsoft Graph and PowerShell to force Intune policy sync on Windows devices. With PowerShell, you can choose to refresh Intune policies on a single Windows device or on all Windows devices. We will look at both examples in this article. The below commands are taken from the Microsoft Graph PowerShell SDK documentation.
Step 1: Install Microsoft Graph Intune Module
In this step, we will install Microsoft.Graph.Intune PowerShell module. Launch PowerShell as an administrator and enter the below PS command.
Install-Module -Name Microsoft.Graph.Intune
Step 2: Connect to Microsoft Graph
Once you have installed the Intune PowerShell SDK, we will use it to perform some basic tasks. The Connect-MgGraph cmdlet is used to connect to Microsoft Graph via PowerShell.
Connect-MgGraph
You’ll need to sign in with an admin account to consent to the required scopes. On the resulting web page, sign in to your tenant with a user account that has the appropriate read and write permissions. We are using a global administrator account in this example.
Step 3: Connect to Device Management scopes
Run the below PowerShell command to connect to the required device management scopes. This is required to read the properties of the objects managed by Intune. You’ll need to sign in with an admin account to consent to the required scopes.
Connect-MgGraph -scope DeviceManagementManagedDevices.PrivilegedOperations.All, DeviceManagementManagedDevices.ReadWrite.All,DeviceManagementManagedDevices.Read.All
Step 4: Check Last Sync Date and Time of Windows Device
Before invoking an Intune policy on a Windows device, run the following command to determine when the device was last synced.
Get-MgDeviceManagementManagedDevice -Filter "contains(deviceName,'CLOUDVM1')" | fl lastsyncdatetime
Step 5: Invoke Intune Sync on a single Windows Device
The Get-MgDeviceManagementManagedDevice cmdlet lets you read properties and relationships of the managed device object in Microsoft Intune. In this step, we will run the following PowerShell command to invoke Intune sync on a given Windows device.
Sync-MgDeviceManagementManagedDevice -ManagedDeviceId deviceID
Step 6: Invoke Intune Policy Sync on all Windows Devices
In this step, we will run the following PowerShell script to invoke Intune sync on a all Windows devices.
$Windowsdevices = get-MgDeviceManagementManagedDevice | Where-Object {$_.OperatingSystem -eq "Windows"}
Foreach ($device in $Windowsdevices) {
Sync-MgDeviceManagementManagedDevice -ManagedDeviceId $device.id
write-host "Sending device sync request to" $device.DeviceName -ForegroundColor red
}
Step 7: Run Intune Policy Sync on Windows, Mac, iOS, Android devices using PowerShell
If you want to sync Intune policies on all devices that are enrolled in Intune (Windows, Android, Mac, iOS, Android), you can run the below PowerShell script.
$Alldevices = get-MgDeviceManagementManagedDevice -All
Foreach ($device in $Alldevices) {
Sync-MgDeviceManagementManagedDevice -ManagedDeviceId $device.id
write-host "Sending device sync request to" $device.DeviceName -ForegroundColor yellow
}
6. Use Bulk Device Actions to Force Intune Policy Sync
This method uses the bulk device action to sync Intune policies on multiple Windows devices. If you want to trigger policy sync on multiple Windows PCs in your organization, bulk device actions should be used. You can initiate the policy sync on numerous physical Windows devices, including Windows 365 cloud PCs.
In the Intune Admin Center, go to Devices > Windows > Windows Devices. Select Bulk Device Actions.
On the Basics tab, select the following:
- OS: Windows
- Device type: Physical devices or Cloud PCs
- Device action: Sync.
Click Next.
On the Devices tab, click on the option “Select devices to include” and choose the Windows devices on which you want to manually sync Intune policies. Click Next.
On the Review + Create tab, select Create. On selected Windows devices, the latest policies are now synchronized with Intune.
7. Sync from Settings app (Microsoft HoloLens)
Sync HoloLens running the Windows 10 Anniversary Update or later from the system settings app.
- Open the Settings app on your device.
- Select Accounts and then select Work Access.
- Find your connected account, and then select Sync.
Monitor Intune Policy Sync in Event Viewer
Either of these things can happen when you perform an Intune policy sync on a Windows device. The policy sync is either successful or unsuccessful.
The deployment of a configuration profile, a Win32 app, or a script to your Windows devices may fail. The Event Viewer lets you troubleshoot issues related to company portal sync.
Launch the Event Viewer and go to Application and Services Logs. Select Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin. Review each event to identify the cause of Intune policy sync failures.
Intune also allows you to collect diagnostic logs from Windows devices for troubleshooting common issues. The log collection procedure varies for macOS devices, and you can read the guide on how to collect Intune logs from macOS devices for more information.
I’d like to understand the mechanism of the sync and I am not getting any information from anywhere….
At its simplest, a sync can be pushed via Intune (Portal, Powershell / Intune Graph etc.), or requested from the client.
In the push scenario – what happens? For instance, is a notification sent to the device on a specific port. I m assuming on th ecorporate network this port needs to be allowed, and how do we check on the device whether a sync request was successfully ‘pushed’…alternatively does it simply set a flag in Intune against the device and the device is regularly polling to see if a sync is requested….
I am not getting any answers to the mechanisma nd what we need to allow when devices are using corporate WIFI behind strict firewalls…we’ve allowed the various ports for the actual policy/app sync – this question is specifically about sync notifications!
Similarly what happens when the sync is intiated from the device – what gets updated and what can be monitored etc., to verify a successful sync request has been made?
Great article, I believe a restart of the Intune Management Service is also another way.
Dear Prawaj, Thanks for very valuable blog. Keep up the good work no matter if anyone likes or not. Helps many who can only wish you all the best.
to bad MS is so pathetic with allowing people to change how often PCs sync. I’ve found it very painful to deploy and make FW changes. I feel horrible how bad this product is for our company, but we got suckered into buying E5. If they don’t let you test drive – there is a reason.
I’d be interested in hear about some of your challenge, if you care to share. The long sync time has been in issue I think can solve with this post.