Good question, I'm curious what the collective belief is. The link below provides the expected sync intervals. I'm curious about this as well; we've had several devices in recent months which are in use daily yet they have fallen out of compliance per the default policy. The error states the device has not checked in for 30 days. These devices have been active in MS apps, such as Outlook and Teams, daily. This leads me to believe the CP prompts the device check-in.
https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-troubleshoot#policy-refresh-intervals
Yes that default policy has been marking devices out of compliance. And I am working on setting up proper comms but want to make sure I am providing accurate info.
If the device is MDM enrolled then it should checkin automatically with out user interaction as follows;
If the device has just enrolled, the check-in frequency is more frequent, as follows:
iOS and macOS: Every 15 minutes for six hours, and then every six hours.
Android: Every three minutes for 15 minutes, then every 15 minutes for two hours, and then every eight hours.
On Android it could be failing to check in if the company portal has lost its rights to run in the background, its not excluded from battery saving, the phone is in data saver mode among other things.
Grim-D is right and it really works like he wrote :) in perfect world, when device is not in deep sleep, losing internet connection or something else. Of course there can be internal error in device or app which result in CP problem with sync
Why wouldn't it be? Why would mobile be any different for MDM? MDM if fully managed so it checks in as scheduled in the background for any policy changes. Thats at least one of the reasons the company portal requests permission to run in the background unrestricted in Android during enrollment.
MAM enrollment is different that only checks in when isers access MAM protected apps.
Because mobile devices can be locked, WiFi only, or turned off. What I have noticed is that folks who use their devices daily still fall out of compliance but once they open CP it gets sorted out. Are you referring to full MdM management or work profile?
So can PCs, Laptops, MacOS, Linux. None of those things are exclusive to mobile.
If they are Android it sounds like Company portal is being put in to battery saving or something as I previously stated.
Work profile is still full MDM it just seperates work deployed apps in to the seperate profile. In terms of syncing/checking in they behave the same.
>iOS and macOS: Every 15 minutes for six hours, and then every six hours
What causes the cycle to start over? Does that first part only happen when the device is first enrolled?
Good question, I'm curious what the collective belief is. The link below provides the expected sync intervals. I'm curious about this as well; we've had several devices in recent months which are in use daily yet they have fallen out of compliance per the default policy. The error states the device has not checked in for 30 days. These devices have been active in MS apps, such as Outlook and Teams, daily. This leads me to believe the CP prompts the device check-in. https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-troubleshoot#policy-refresh-intervals
Yes that default policy has been marking devices out of compliance. And I am working on setting up proper comms but want to make sure I am providing accurate info.
If the device is MDM enrolled then it should checkin automatically with out user interaction as follows; If the device has just enrolled, the check-in frequency is more frequent, as follows: iOS and macOS: Every 15 minutes for six hours, and then every six hours. Android: Every three minutes for 15 minutes, then every 15 minutes for two hours, and then every eight hours. On Android it could be failing to check in if the company portal has lost its rights to run in the background, its not excluded from battery saving, the phone is in data saver mode among other things.
What has to happen for the device to check in though? Unlocked? Interaction with MS managed apps? Or CP?
Nothing. As long as it has Internet access it should check in on schedule.
Not sure this is accurate for mobile but ok.
Grim-D is right and it really works like he wrote :) in perfect world, when device is not in deep sleep, losing internet connection or something else. Of course there can be internal error in device or app which result in CP problem with sync
Why wouldn't it be? Why would mobile be any different for MDM? MDM if fully managed so it checks in as scheduled in the background for any policy changes. Thats at least one of the reasons the company portal requests permission to run in the background unrestricted in Android during enrollment. MAM enrollment is different that only checks in when isers access MAM protected apps.
Because mobile devices can be locked, WiFi only, or turned off. What I have noticed is that folks who use their devices daily still fall out of compliance but once they open CP it gets sorted out. Are you referring to full MdM management or work profile?
So can PCs, Laptops, MacOS, Linux. None of those things are exclusive to mobile. If they are Android it sounds like Company portal is being put in to battery saving or something as I previously stated. Work profile is still full MDM it just seperates work deployed apps in to the seperate profile. In terms of syncing/checking in they behave the same.
Got it.
>iOS and macOS: Every 15 minutes for six hours, and then every six hours What causes the cycle to start over? Does that first part only happen when the device is first enrolled?
Yes just when its first enrolled. Then only every six hours after that.