Exciting News! You can Fix Intune Policy Conflict using Policy Health Workflow. Microsoft Intune’s recent update changed many features for device management, making it an important place to maintain device management health. The new update of device management will help the user simplify the Intune policy conflicts.
An IT admin must know how to fix policy conflicts; it’s essential for work productivity. Policy Health Workflow is the best method for fixing policy conflicts. This option will help the admin resolve the conflicts easily to identify and fix them.
Do you know how a conflict happens? When 2 policies are in the tenant, they update the same setting differently when the conflict occurs. The policies must be set up correctly so the updates can be assigned successfully.
Windows Autopatch is the best option for deploying Intune policies for enrollment tenants. It will monitor the Microsoft Intune policies. In this blog post, we can discuss how to fix Intune policy conflicts through Policy Health Workflow.
- Fix Windows Autopatch Device Configuration Critical Alerts
- Enable Windows Autopatch Driver and Firmware Updates Automation
- How to Manage Windows Autopatch Groups from Intune
Fix Intune Policy Conflict using Policy Health Workflow
In the above, I mention that Windows autopatch can monitor when policy conflicts happen in the tenant. The critical fact is that the admin can review the policies and settings and fix the conflict manually. This is the best feature to identify the conflicts so the admin can view the below features
- A list of all Autopatch policies that conflict with other device policies in the tenant
- Admin can view the summary of conflicting policies, affected devices and open alerts
- The admin can view affected devices.
- Admin can take action over the conflicts so the expected policy can be assigned successfully on the device
See More: Fix Windows Autopatch is Inactive Error
How Resolve Policy Conflict Works
Resolving a conflict policy is very important when a device reports a conflict policy. Autopatch policies are assigned to autopatch groups. When the conflict is solved, it does not have any effect on the device until the next Intune Sync.
Note! – After the conflict is fixed, the view will be refreshed every 24 hours, and it might take up to 72 hours for the view to be updated.
- This view only shows the policy conflict between Microsoft Intune policies.
- In this view, it does not show the cause of the configuration
View of Policy Conflict
Windows autopatch policies manage Windows autopatch groups and devices. When expected, policies can’t be deployed for one or more devices. Why does it happen? When 2 policies ( Expected policy and policy from Intune) are assigned for a device in the autopatch group. The 2 policies are giving equivalent settings in another policy, which will create conflict in policies.
- When the Expected policy conflicts with multiple Intune policies, each conflict is displayed on separate lines in the Policy conflict view.
- Sign in to the Intune admin center
- Navigate to Devices > Windows Autopatch > Policy health
- In the Policy conflicts, the list of expected policies and conflicting policies are to be displayed.
- Select View alert and review the details of the Recommended action and alert details.
Note: This option is now in Preview
- Windows Autopatch Audit Logs | How to Track Change Details
- Windows Autopatch Service Health Status In Intune MEM Portal
- Windows Autopatch Implementation Setup Guide
Policy Conflict Alerts
Above, I mentioned that when conflicts are created on a device, alerts are raised. When an alert is raised, the admin has to take action against the conflicts and fix them based on the information. The following table will show the alerts in this flyout.
| Alert | Info |
|---|---|
| Expected Policy | The Windows Autopatch policy is assigned to the Windows Autopatch group, and the service expects it to be assigned. |
| Expected Microsoft Entra Group | The device is a member of the Windows Autopatch group to which the service assigned the policy. |
| Conflicting Policy | Other policies on the tenant are configuring the same settings and with different values. This policy is also targeted to the same devices, which is causing the policy state to report a conflict. |
| Conflicting Microsoft Entra Group | The device is also a member of this Microsoft Entra group that the conflicting policy is assigned to. |
| Affected devices | Number of devices reporting the policy conflict. This check is only performed on devices where the last sync is within 28 days. |
| Conflicting settings | Includes the specific setting values causing the conflict. |
Affect Device View
The Affected Devices view shows a list of devices that have policy conflicts with the Expected policy. When a conflict is created, one reason should be that devices belong to multiple groups, each with different policies. Affected devices only include devices that have a successful Intune sync status in the last 28 days.
To view affected devices, follow the steps
- Sign in to the Microsoft Intune Admin Center
- Navigate to Windows Autopatch > Policy health > Affected devices tab.
- Select View alert to see the alert details.
Details of Alert for Affected Device
The device reports conflict alerts in multiple policies, and all policies will show as a separate section in the alert. These alerts happen when the device belongs to multiple groups. So, each policy conflicts with the expected Windows Autopatch policy.
| Options | Info |
|---|---|
| Export alerts | Use this option in either the Policy Conflicts or Affected Devices tabs. Select Export to export all alert details into a CSV file. The CSV file includes the following information Device name Deployment ring Conflicting policies count Last check-in Expected policy name Expected policy group Conflicting policy group Conflicting policy name |
| Search | You can use the search option to find policies-affected devices. You can search with the Expected policy name or the Conflicting policy name in the search option. |
Reference
Resolve policy conflicts (public preview)
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
Krishna. R is a computer enthusiast. She loves writing about Windows 11 and Intune-related technologies and sharing her knowledge, quick tips, and tricks about Windows 11 or 10 with the community.