Dex

๐Ÿ“ฑ Recipe ยท Intune & Device Management

Trigger an Intune Device Sync/Check-in and Verify Status

Force a managed device to check in with Intune immediately when policies or updates aren't landing

Complexity

Beginner

Impact

device-management + troubleshooting + intune + end-user-support

Context

Why This Matters

When an end user reports that they aren't receiving expected Intune policies, configuration profiles, apps, or compliance updates, the most common first-line remediation is to force the device to check in with the Intune service. By default, Windows, macOS, iOS, and Android devices check in with Intune on a schedule (typically every 8 hours once enrolled for longer than a day). A manual sync collapses that wait window to minutes.

This recipe walks through identifying a user's managed device, issuing the remote syncDevice action, and verifying the check-in completed successfully.

When to run this

  • User reports missing apps, Wi-Fi/VPN profiles, or certificates pushed from Intune
  • Compliance policy changes aren't reflected on the device
  • You've just assigned a new configuration profile and want to validate deployment
  • Troubleshooting a stale lastSyncDateTime value

Expected Outcomes

After completing this recipe you will have:

  • Located the target user's managed device(s) in Intune
  • Issued a remote sync command that forces an immediate MDM check-in
  • Confirmed the command was accepted by the Intune service (HTTP 204)
  • Verified the device's updated lastSyncDateTime and current compliance state
  • A clear status report you can share with the requester

Risks & Considerations

Things to watch for

  • Device must be online. The sync command is a push notification โ€” if the device is offline, powered off, or on a restricted network, the action will queue but won't complete until the device connects.
  • lastSyncDateTime lag. The timestamp in Graph may take 1โ€“5 minutes to update after the device actually checks in. Don't interpret a stale timestamp as a failure immediately.
  • deviceActionResults quirk. The syncDevice action may not always appear in the deviceActionResults array. Use lastSyncDateTime as the authoritative signal that the check-in happened.
  • Not a fix for enrollment issues. If the device is unenrolled, broken-trust, or the MDM agent is corrupted, a sync won't help โ€” you'll need to re-enroll.
  • Rate limits. Avoid looping sync commands against the same device. One sync, then wait 5โ€“10 minutes before retrying.

Required Permissions

PermissionWhy It's Needed
User.Read.AllResolve the target user's UPN and object ID from their display name
DeviceManagementManagedDevices.Read.AllQuery managed device inventory and read compliance/sync state
DeviceManagementManagedDevices.PrivilegedOperations.AllExecute the syncDevice remote action against a managed device

The fastest way to get this done โ€” just ask Dex. Copy the prompt below and paste it into your Dex conversation.

For IT Admins

Paste into Dex CoAdmin

{user} isn't receiving Intune policies or updates. Trigger an immediate Intune sync/check-in on their managed device(s), verify the check-in completed, and report the current compliance state and last-sync timestamp.
Try in Dex CoAdmin

For End Users

How an employee would ask Dex for help

My work laptop isn't getting the latest company settings or apps from IT โ€” can you push them to me now?
Try in Dex Playground