Many times we often run Conditional Access Rules with Microsoft Intune, and we create such rules – if the device isn’t complaint then don’t allow to company resources.

The issue is that often an employee leaves, their devices get put into ‘storage’ and it can be weeks before that device comes online again and will fall out of sync with Microsoft Intune. In a perfect, IT would check over this device before handing it out to staff, however, this isn’t always the case.

I tried syncing via the Intune Admin Portal, and on the device itself via Company Portal, but both didn’t really do anything…

I then came across a Powershell command that worked instantly;

Start-Process -FilePath “C:\Program Files (x86)\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe” -ArgumentList “intunemanagementextension://synccompliance”

Refreshed the Intune Admin Portal, and the device in question had the green tick with compliant next to it.

Service *IMPORTANT*

Please make sure the Device Management Wireless Application Protocol service is running too, the service name is dmwappushservice. If it’s set to manual, I’d recommend changing this to automatic.