Intune Policy conflicts caused by ‘hidden’ setting


This week I was looking into an issue with Intune and conflicting policies. In our case the Device Restriction and the Software updates policy were in conflict. In this blogpost I want to share you how I did some troubleshooting and how I solved the conflicting policies.My first step was trying to look into the configured policies and looking for the policies which have a high percentage of error deployments.

I found the 2 policies (Device Restriction and Software Update) which had a lot of deployment errors.

Device Restriction Policy status:


Software Update Policies:


Next step was to check both policies if there were conflicting policy settings. By looking into the Device Restriction Policy there was no related software update setting within the policy. I did the same with the software update policies but I could not find an setting in this policy which was conflicting with a setting in the Device Restriction policy. Next step was to check the MDM Diagnostic Report on one of the clients. Colleague MVP Ronny de Jong has written an excellent blogpost on this topic (when this was release in the Insider Preview) which you can find here. Unfortunately the MDM Diagnostic report did not showed an conflicting setting. Next step was to open the device from the Device section in Intune. After clicking on the conflicting policy I found the following setting in the Device Restriction Policy:


So this setting conflicts with the Software Update policy. Let’s check if this setting is within the Software Update policy:


It looks like the same setting is also within the Software Update policy. Now let’s take a look again within the Device Restriction policy. In the original policy 24 settings were configured:


After creating a new Device Restriction policy with the exact same settings from the GUI I found out that this new policy had 23 configured settings instead of the 24 configured settings. After applying this new policy to the users the policy conflicts were gone.

I don’t know what the root cause is of this issue but creating a new policy solved the issues.

UPDATE 05-12-2017: It looks like both the old and new policy now have 24 settings but only 23 settings are selected. I’m currently looking into this but the new policy is solving the conflict errors so it now looks like a cosmetic issue

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.