Intune Device Compliance Evaluation not stable (False/Positive)
Intune Device Compliance sometime fails to evaluate the correct data.
We set "Windows Firewall" to be a device compliance setting. The Windows Firewall is running fine but Intune fails to detect (False/Positive) with custom error message:
-2016345612 (Syncml(500): The recipient encountered an unexpected condition which prevented it from fulfilling the request)
We're also getting sometimes Issue with Evaluation of Bitlocker Settings.
adin jacobs commented
Same issue with Antivirus, please can MS explain how does it perform the checks, user has AV and I have to ask them to update McAfee and then it becoms compliant the next day
Firewall shows as reason for not compliant, firewall is clearly on.
We are also having this issue with Windows Firewall in Compliance policy. It is showing the error even though the Firewall is enabled.
Also showing it for Antivirus despite our third-party showing in Windows Defend as the active AV
Any known workarounds yet?
This is effecting our devices bitlocker status and needs fixed asap.
Mikael Bergqvist commented
I've got the same issue, although only on one device out of many autopilot enrolled ones.
Mark Harris commented
Seeing the same on all autopilot enrolled devices as well. Causing a few issues out in the field. If Intune Tech know about it, hopefully a fix will be here soon!
Ben Nichols commented
Im still seeing this occur frequently. On a tenant with approximately 60 Windows 10 devices, we are seeing 1 to 2 per day fail with this error.
The only current resolution is to exempt the device from the compliance policy, wait 24 hours, then remove the exemption. This seems to reset the evaluation of the policy and it then works (however it seems its likely to reoccur, often the same device errors again within a week).
This is a massive issue, as users are locked out of all services when a device errors and it takes a couple of hours for the workaround to kick in.
Savi Thomas commented
Same issue for me. I called Intune tech support today and according to them, the issue is related to Windows (not Intune). They are hoping that the issue will be resolved "soon".
Wolfgang Bach commented
Absolutely agree... now progress so far... No one from Microsoft PG has commented so far
Hey Microsoft (Tech adoption x Tech capability ) ^ Trust...
Intune Compliance Policies on W10 is a complete disaster in contrast to IOS compliance.
We can't use Intune compliance for Windows 10 in conditional access the way it is now.
Autopilot deployed W10 1909 build, Windows Firewall shows not compliant on the system account.
-2016345612 Syncml(500): The recipient encountered an unexpected condition which prevented it from fulfilling the request
No idea where to look.
Same issue here.
I guess we cannot check compliance against firewall and anti-virus anymore, since we use compliance with MFA.
The built-in device compliance policy is causing problems where half of our devices are apparently inactive even though they are all in use.
We have also the same issue. Please fix it.
I confirm the issue. We had to setup notification and evaluation after 1 day of non compliance. But it's still unstable and many false positive are related to the evaluation of the local system account. Case open, but no answer.
Same issue here after wipe and autopilot with white glove setup.
Same issue here.
Autopilot deployed W10 1903 build, Windows Firewall shows not compliant on the system account. The firewall is working as expected and it is showing compliant on the user account.
Syncml(500): The recipient encountered an unexpected condition which prevented it from fulfilling the request
Twan van Balen commented
We have the same issue over here, we tried several things, clear TPM, different versions (1803,1809 and 1903) but it keeps telling that device encryption is not turned on in the company portal/intune portal. If I run the Bitlocker encryption manually (so decrypt and encrypt again) it works.
Also the evaluation of the policies are terribly slow. The strange part is on a Hyper-V VM with TPM enabled it works like it should be. On our Lenovo systems (X1 Carbon, P51s) we've updated all drivers, firmwares and BIOS.
We also raised a ticket at Microsoft but they are telling that the slow evaluation is something for the backend team and we need to buy support for that. Although I think this is really something for the break/fix team. They also told be to post a message at UserVoice. Sorry Microsoft but this not a way to support your customers. At least give us some reaction!
Same issue but with Defender "windows defender antimalware security intelligence up-to-date" even though we aren't even setting that in our compliance checks! Please fix. Our number one compliance error which is inaccurate.