One of the essential tasks in Intune is to synchronize policies and profiles between devices and Microsoft Intune service. While Intune automatically syncs these updates periodically, there may be times when you need to force a sync manually.
You can either go to Settings App on your windows device or use microsoft Intune admin enter to force initiate the sync.
In this blog post, we’ll explore how to force an Intune Sync using PowerShell and Microsoft Graph. Using Microsoft Graph APIs, we can manage organization’s devices which are enrolled into Intune including invoking sync on those devices.
Let’s first check the default Intune policy refresh frequency duration.
Intune default Policy refresh frequency
Devices check in with Intune when they receive a notification to check in, or during the scheduled check-in. Below is the default Intune Policy refresh frequency / scheduled check-in along with Device Type.
| Device Type | Refresh Cycle |
| iOS/iPadOS | ~ 8 Hours |
| macOS | ~ 8 Hours |
| Android | ~ 8 Hours |
| Windows 10/11 PCs enrolled as devices | ~ 8 Hours |
| Windows 8.1 | ~ 8 Hours |
Below is the default Intune Policy refresh frequency if the device is recently enrolled:
| Device Type | Refresh Cycle / Frequency |
| iOS/iPadOS | Every 15 minutes for 1 hour, and then around every 8 hours |
| macOS | Every 15 minutes for 1 hour, and then around every 8 hours |
| Android | Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours |
| Windows 10/11 PCs enrolled as devices | Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours |
| Windows 8.1 | Every 5 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours |
Invoke Intune sync on specific device using Powershell
Now, let’s see how to Invoke or force start Intune sync on one device using Powershell. We would require Microsoft Graph Intune module for this procedure and then create a connection wth MSgraph.
Install Microsoft Graph Intune Powershell Module
Install-module Microsoft.Graph.Intune -force
Connect to Microsoft Graph
Connect-MSGraph
Check when last Intune sync was completed on a specific device
Get-IntuneManageddevice | Where {$_.devicename -eq "pilot-Win10"} | fl Lastsyncdatetime
Invoke Intune sync on a device name pilot-Win10
Get-IntuneManageddevice -Filter "contains(devicename, 'pilot-Win10')" | Invoke-IntuneManagedDeviceSyncDevice
Invoke Intune sync on all windows devices using Powershell
As an Intune administrator, you may be managing a small number of devices or thousands of devices. Your task is to make sure that the devices are upto date with Intune policies. If you want to sync all your organization devices, then you can either wait for the device check-in process to complete or force a sync manually.
We are going to use a powershell command Invoke-IntuneManagedDeviceSyncDevice to Initiate / Invoke / force a device check-in process on all Intune managed devices remotely.
Before running below commands, please make sure you have Installed Microsoft Graph Intune Powershell module and created a connection with MS Graph. I have provided the commands of both of these steps in previous section.
Let’s check the steps:
Collect all Intune managed windows devices in a variable
We have used Get-IntuneManagedDevice -Filter “contains(operatingsystem, ‘Windows’)” command which filter’s only windows devices, you can replace the operatingsystem filter from windows to iOS or Android to collect those type of devices and initiate Intune sync accordingly. For Example:
- Get-IntuneManagedDevice -Filter “contains(operatingsystem, ‘iOS’)”
- Get-IntuneManagedDevice -Filter “contains(operatingsystem, ‘Android’)”
Loop through each device and run Invoke-IntuneManagedDeviceSyncDevice
#Loop through each device and run Invoke-IntuneManagedDeviceSyncDevice Foreach ($device in $devices) { Invoke-IntuneManagedDeviceSyncDevice -managedDeviceId $device.managedDeviceId Write-Host "Sending Intune Sync request to $($device.managedDeviceId)" }
If your organization has more than 1000 devices / you want to Initiate Intune sync on more than 1000 devices then you would need to use Get-MSGraphAllPages cmdlet with Get-IntuneManagedDevice cmdlet.
Invoke Intune sync on more than 1000 devices
Loop through each device and run Invoke-IntuneManagedDeviceSyncDevice
#Loop through each device and run Invoke-IntuneManagedDeviceSyncDevice Foreach ($device in $devices) { Invoke-IntuneManagedDeviceSyncDevice -managedDeviceId $device.managedDeviceId Write-Host "Sending Intune Sync request to $($device.managedDeviceId)" }
Invoke Intune Sync using Bulk Device Actions
You can also Initiate device check-in process on multiple devices at once from Microsoft Intune admin center as well. Sync action can be initiated for Windows, macOS, iOS/iPadOS, Chrome OS, Android etc using Bulk device action option.
When you are using Microsoft Intune admin center to Bulk initiate Sync on the devices, you can filter the list by OS and then select the devices on which you want to Initiate Sync. Let’s check the steps:
- Login on Microsoft Intune admin center.
- Go to Devices > All devices > Click on Bulk Device Actions.
- Select OS from the drop-down list. For example: Windows.
- Select Device action as Sync.
- On the Devices tab, click on + Select devices to include to select the devices on which you want to start the Sync action.
- On Review + create page, click on Create to Initiate Sync action on the selected devices.
- Succesfully initiated Sync all all devices which we had selected while creating the Bulk device action.
Conclusion
In this blog post, we have seen how to Force Intune Sync on all devices. You can Invoke intune sync on one device by using the devicename filter in the Get-IntuneManageddevice command or you can loop through all your organization’s devices and then Initiate the Intune Sync as well.
