We've seen customers have issues where they deploy an iOS or Android policy to a device, but it doesn’t get applied to the device. This could simply be because the policy is not compatible with the OS version and device type or that the policy is incorrectly targeted to the user or device. Another way you can resolve this is by following the troubleshooting steps we’ve listed below.
In portal.azure.com, go to Intune > Troubleshoot and select the user to troubleshoot.
- After the user is selected, make sure Intune License and Account Status appear with green checks.
- On the same page, under Devices, find the device to troubleshoot and check that the Managed By column shows MDM or EAS/MDM. If you do not see these values, the device is not enrolled. It will not receive compliance or configuration policies until it’s enrolled. App Protection Policies (also known as MAM policies) do not require enrollment.
- Check that Azure AD Join Type shows Workplace. If you see Not Registered, there might have been a problem during enrollment. Unenrolling and re-enrolling the device will resolve this problem.
- Check that Intune Compliant and Azure AD Compliant show Yes. A No in either column might indicate one of the following problems:
- The device does not meet the requirements defined in your organization’s compliance policies.
- The device is not connected to the Intune service.
- Check that Last Check In shows a recent time and date. Devices check in with Intune at least every 8 hours. If it’s been more that 24 since last check-in, there might be a problem with the device. A device that cannot check in cannot receive policies from Intune. To force a device to check in, follow the set of instructions below that matches the device’s OS. These steps can be done from any device.
- a) For Android, open the Company Portal app and select Devices > problem device from list > Check Device Settings.
b) For iOS, open the Company Portal app and select Devices > problem device from list > Check Settings.
c) For Windows, open the device Settings and select Accounts > Access Work or School > applicable connection > Info > Sync.
- Select the device to view the device’s policy details.
- Under Devices > Manage, go to both Device compliance and Device configuration and make sure the device policy you’re trying to assign is listed.
- a) If the policy is listed, review its State:
- Not applicable - this policy is not supported on this platform. For example, iOS policies won’t work on Android devices, and Samsung KNOX policies won’t work on non-Samsung KNOX devices.
- Conflict - There is an existing setting on the device that Intune cannot override.
- Pending - The device has not checked in to Intune to retrieve the policy.
- Errors – Review a list of possible errors in the Intune documentation
b) If the policy is not listed, it has not been assigned correctly. Go back to policy creation and assign policy to the user device.
We hope this helps you narrow down the reason for iOS or Android policies not applying to devices.