This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 21%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
We have had this recurring issue for a long time now, and despite searching the error all over the place, there seem to be a lot of other IT professionals in the same boat, but no obvious answers.
The error is on the Anti-Virus setting on the default compliance policy.
2016345612(Syncml(500): The recipient encountered an unexpected condition which prevented it from fulfilling the request)
The compliance policy in question is assigned to all users.
This is a very annoying issue as it stops users from being able to access any MSFT apps as it marks the device as non compliant.
we are forced to add users to the exclusion list of the policy until the error clears on it's own days/weeks later.
If anyone has any ideas on what could be the cause or any possible fixes, it would be greatly appreciated
We have been dealing with this issue since March and it isn't getting any better.
Looks like there are multiple people in this thread having the same problem.
Please open support cases so we can get more traction on this issue, and they can start to get it resolved.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 69%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESO%3C/text%3E%3C/svg%3E)
Rename the device up to 15 characters only, it will resolve the issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 67%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
I am getting this error on Firewall and not Antivirus...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 17%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
We are seeing this error as well. And our machine names are only 10 characters, so Less than 15 is not going to fix the issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 91%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECC%3C/text%3E%3C/svg%3E)
We have been having the same issue since we started using Intune. It hits different computers on different days, and it clears after hours/days/resyncs.
Our device names are 15 characters or less. We have removed and redeployed machines, removed and recreated the compliance policy. The issue may resolve for a while, but it always comes back.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAF%3C/text%3E%3C/svg%3E)
Hi,
For our environment we resolve this by letting the user click "Fix now" under the Work or school account settings menu.
After that they can click on "Check access" under the device menu in Company portal.
We dont have any hybrid devices, only AAD.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 25%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERY%3C/text%3E%3C/svg%3E)
We've just seen this appear in our environment. The Senior VP got an email that she forwarded onto my team for action. Not a good look MS.
Anti-Virus is ESET Protect.
We need this addressed PDQ!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ4%3C/text%3E%3C/svg%3E)
We are experiencing the same issue. Our devices are AzureAD Joined, we do several app installations when the devices is joined. The issue only happens with Windows 11. The machine becomes very slow and AV stops working after reboot. It appears the Microsoft Defender AV (Endpoint security) is trying to restart. EDR show as if it is updating.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 55.00000000000001%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Keep having this issue intermittently affecting random users using random AAD hybrid joined Windows 10 endpoints.
Machine names are less then 15characters.
Fixed the issue once by running sync from Endpoint and InTune.
All other times need to wait days to weeks for the issue to resolve itself, else delete the endpoint from InTune and AzureAD then do a fresh Azure AD hybrid + InTune join.
Myself and colleagues gave raised tickets with MSFT 365 support who aren't much help, leaving poor 1st line guys struggling when a senior team needs to get involved and gather debug logs to determine the actual cause.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 9%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFO%3C/text%3E%3C/svg%3E)
We also have a few users affected by this issue (until now all hybrid joined):
2016345612(Syncml(500): The recipient encountered an unexpected condition which prevented it from fulfilling the request)
It's always the Windows Firewall. Never AV (we use windows defender):
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 30%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Same issue here: It occurs randomly after users restart their machines. Sometimes, a sync is enough to fix the issue, but other times we have to reboot the machine, sync, check for compliance, and repeat the process multiple times.
We use Windows Defender AV, and our machines’ names are only 11 characters. Last year, this issue was happening very often, but Microsoft fixed it. However, we now observe the same issue occurring since the beginning of March 2024.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 5%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
One machine had this issue, the devicename in autopilot was blank, the devicename in intune was below 15 chars. the machine was also inactive.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 10%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
I have reinstalled the Company Portal its working fine
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 42%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAY%3C/text%3E%3C/svg%3E)
Hi Guys, i have had this issue for several users. fix is to turn off the windows firewall and turn it back again. then go to company portal click once on check access and wait 2-3mins until it completes. do not click again and again as it will then take more time. if its taking way too long turn off the conditional access policy that check for compliance. then once company portal check is ok you can turn on the conditional access.
To verify further you can check azure ad portal devices and select the device you are checking on. check if its compliant. Then you can go to intune portal check if it shows compliant. it may be compliant on azure ad and not in intune. give it some time and then it will show compliant on intune as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 64%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
So I have this on multiple instances of both Win11 and Win10 machines for various clients (different intune configs, different methods of setup), I've poked and asked around, mostly from what I can see it's a sync issue. Again cloud loves to take its time with these, and its v. intermittent.
With Stricter compliance policies it appears more frequently than less relaxed policies but I will try and investigate further into this, I don't really have a concrete answer to this other than sync-ing devices.
Usually (on device) i'll run intunemanagementextension://synccompliance in the run diag
This usually clears up after about 10-30ish minutes
We continue to have this issue several times a week. We either wait several days for it to clear on its own or have the user initiate a sync, reboot, etc.
We have opened issues with MS Support only to be passed around to different agents/techs with no solutions offered.
Our compliance platform was integrated to Intune to pull device status,. This became unworkable with this issue occurring so often, so we had to go a different route for that.
It is unfortunate that an issue that is this widespread gets no attention from Microsoft, and support is not helpful.
@Chad Coker Changes are supposed to be coming but they missed the 2404 deployment. Waiting to see when they might be implemented and if they do in fact fix these issues. Update from Microsoft below. You can reference our case so you might be in the loop better on the rollout.
2310040040013084
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 1%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EES%3C/text%3E%3C/svg%3E)
Apparently intune thinks (defender firewall) real time or cloud protection setting is not enabled while in reality it is.
As I mentioned before, retire the machine from intune, delete from azure, than try to reset windows on the machine, let it re enrol to both azure and intune and chances are the issue will be gone. No more compliance errors.
Resetting machine apparently does not resolve the issue, that's just a workaround on win11 machines. MS need to fix that.
Let me know if the above procedure helped.
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 22%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
As I mentioned before, retire the machine from intune, delete from azure, than try to reset windows on the machine, let it re enrol to both azure and intune and chances are the issue will be gone. No more compliance errors.
This isn't a suitable solution. We're seeing this on newly imaged machines (don't ask, save that for another thread) that are joining AAD and enrolling into Intune for the first time. Doing nothing to the devices themselves & just waiting it out seems to sort it out.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 87%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
We have the same behavior... totally new computers that was bought week ago.
We can only wait now, but some devices resolve itself and some devices broke itself... this is absolutely random behavior...
Interesting... I had call with MS and this is one of expected state...
https://video2.skills-academy.com/en-us/mem/intune/protect/compliance-policy-create-windows
I checked it in our environment and it is true, all devices that have problems with error status of compliance policy are compliant because they have also second compliant policy.
It means that it isn't really the problem. Support told that it is an issue in windows and that Intune team managed this problem by configuring this error as compliant state...
It is possible that once the problem will be resolved in windows, then error state in MS Intune will be changed back as not compliant. But this is only my opinion.
However, it is resolved for me, because the unknown state is explained and described on MS websites.
That may be true, however sync doesn't seem to resolve the issue.
Don't let M$ get of that easy. Like @Efstratios Stratis mentioned it does not work. It also does not explain why some of us also get the syncml500 error on the antivirus component which isn't fixed by a sync.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 71%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN8%3C/text%3E%3C/svg%3E)
The exact same issue and error will randomly affect our machines. No third-party AV, OneDrive first starts complaining about device compliance, InTune reports AV is out of compliance due to this error. Computer names are less than 15 characters.
Same problem here, on brand new machines. No long computer names.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 84%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
Same problem here! Any solution Microsoft? resetting the PCs is not a popular one
Same here, only a few devices. Firewall is active (Via Intune Policy), AV = Defender (Managed).
We have a culprit, not sure.... will see if it helps:
Resetting firewall defaults didn't help.
Checking compliance via Companyportal (last checkin 40 minutes ago) takes forever, reboot doesn't help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 57.00000000000001%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPN%3C/text%3E%3C/svg%3E)
How are you "resetting firewall defaults"? Is it through the Defender menu or some other way?
Compliance delays on pre-provisioned devices have been an ongoing issue for us. My own view of what is happening at least for us. We have had multiple cased open going back to early 2023.
Word on the street is updates are coming to Intune 2404 that will help alleviate some of the compliance delays on devices in error due to a transient state. I think the goal here was changes to the reporting of the transient state of the FW/AV components. Think SyncML500 errors.
Devices that are pre-provisioned and a delay occurs from user enrollments, think sitting for x days before enrollment, are impacted by the day 1 scheduled task not running every 3 minutes for 15 minutes / every 15min for 2 hours for syncing the device. These tasks are scheduled to run after enrollment but are created and started on the pre-provisioned day. When the user finishes the enrollment, they are not updated with the current date for the user enrollment so they don't seem to run any more to help get the device syncing and compliant like you would see on a user only enrollment.
\Microsoft\Windows\EnterpriseMgmt{enrollmentGUID}\Schedule #1 created by enrollment client
\Microsoft\Windows\EnterpriseMgmt{enrollmentGUID}\Schedule #2 created by enrollment client
We have noticed users that use Windows Hello for Business log into the device faster than the AV/FW services are fully working after a restart and the login scheduled task (\Microsoft\Windows\EnterpriseMgmt{enrollmentGUID}\Login Schedule created by enrollment client) to kick off a sync reports a transient syncml500 error for those components to Intune on the policy and since the devices have never been compliant, they do not follow the error state grace period and get marked non-compliant. Additional manual sync may be required to get out of this state. Since the scheduled day 1 tasks don't run it is a manual process. Or you may have to wait until the every 8 hour sync happens. \Microsoft\Windows\EnterpriseMgmt{enrollmentGUID}\Schedule #3 created by enrollment client