This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

The Community is now in read-only mode to prepare for the launch of the new Flexera Community. During this time, you will be unable to register, log in, or access customer resources. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Forcing a machine to sync with Intune after processing a request for an app with Intune deployment

Angersma
By
Level 6

Hello - Has anyone developed their own work around to the issue that App Portal can only force devices look for new jobs (check for policy) when the deployment technology is ConfigMan?   

If the deployment system is Intune the device is not forced to sync, to download the policy and start the install.   Asking our users to wait an unspecific amount of time for their device to sync on its own just isn't acceptable.   

Thanks!

‎Jan 26, 2024 01:31 PM

(7) Replies

jcolemn3
By
Level 5

Currently, going through the same issue. Would be interested to see what can be done about this. It's definitely unacceptable.

‎Mar 29, 2024 09:45 AM

0 Kudos

CharlesW
By Level 12 Flexeran
Level 12 Flexeran

This functionality will be included in 2024 R1. No luck working around this by using a PowerShell script to call the SyncDevice endpoint?

‎Mar 29, 2024 10:24 AM

Angersma
By
Level 6
In response to CharlesW

That is great news, thank you @CharlesW !

‎Mar 29, 2024 12:46 PM

0 Kudos

jdempsey
By Moderator Moderator
Moderator

Instead of telling the user to wait an unspecified period of time (up to 8 hours if connected to the internet), can't you just instruct users to run a manual sync?

https://www.prajwaldesai.com/manually-sync-intune-policies-windows-devices/

 

Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".

‎Mar 29, 2024 11:23 AM

0 Kudos

Ralph_Crowley
By
Level 6

Are there any updates / timelines on when this might be addressed via a hotfix? Thanks!

‎May 08, 2024 09:15 AM

jdempsey
By Moderator Moderator
Moderator
In response to Ralph_Crowley

App Portal 2024 R1 is currently slated for Q3 (no exact date set yet).  I would imagine any hotfix for this on the current release (2023 R2) would be around the same timeframe.

I'll reiterate Charlie's earlier question, "has anyone tried working around this by using a PowerShell script to call the SyncDevice endpoint?"

Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".

‎May 20, 2024 10:37 AM

0 Kudos

Angersma
By
Level 6

We investigated this for a while and I wanted to provide some notes here for others.   We learned it is not possible to force machines to sync in an automated way if deploying win32 apps.   We have to just wait for the IME service on the device to perform its every-hour sync for the machine to learn about the install job they shopped for. 

When a device is targeted with a new deployment Intune will attempt to sync with the device automatically once the policy is created.  You can see this by looking at the Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin event log on the machine.    It takes a few minutes for Intune to create the policy (in my testing it usually took 3 minutes, although I did see 20 minuets one afternoon) and I always see the sync fail at first, and then try again 5 minutes later and it is successful.   

I was refreshing the Managed Apps page for the device (available on the left side when you drill into a specific device in Intune) to monitor the policy.   It seems the policy is ready to be picked up once you see the app/deployment show up. 

But this sync is only an MDM sync (the sync that our machines do every 8 hours), and this does NOT  force the IME to sync (the IME syncs every hour).   This would be great if you are deploying LOB aps, but the IME needs to sync to process win32 apps, which is all we deploy.  

I explored some creative ways to force the IME to sync but could not find a way to do this programmatically / automatically. Only thing that works is to sync manually from Company Portal. 

This article was really helpful to me while trying to understand all of this - 

When does a Windows client sync with Intune? – Out of Office Hours (oofhours.com)

and I was very optimistic after reading this - Triggering Intune Management Extension (IME) Sync – Modern IT – Cloud – Workplace (oliverkieselbach.com)   but the sync command here did not work for me.    The IME does seem to perform some action when we run this (the IME log moves A LOT) but it does not learn about the new job.   The IME has gone through many updates and the article was written a while ago.  Maybe this  undocumented 'feature' has changed over time?  

We opened a case with MS and also talked to various people at MS and they confirmed all of this was the expected behavior.       So we are stuck with our users waiting for their App Portal orders to install sometime in the next hour.     

If you have been researching this as well please post your findings here!   Thanks!

‎Sep 19, 2024 05:34 AM

Top Kudoed Authors
View all