0x87d101f4 Intune Compliance Error: How to Fix It

Resync your Intune policies to apply to all devices

Reading time icon 4 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • Intune is a cloud service that helps you manage mobile devices and apps, but not all devices meet the criteria to enroll in the service.
  • A non-compliant device is one that has been identified by Intune as having a missing or outdated software package.
  • To fix non-compliant devices, ensure your device meets all the requirements.

When you use Microsoft Intune to manage your devices, you might notice that some devices don’t comply with the required security settings. The device compliance settings are based on your organization’s security policy requirements. 

If a device is not compliant, it needs to be rectified to meet these standards. In this article, we will walk you through how to fix the 0x87d101f4 Intune compliance error to ensure that all your devices comply with your Intune policies’ requirements.

How do I make my device Intune compliant?

Intune will automatically check your device compliance when you enroll it. If you have already enrolled a device in Intune and it is not compliant, it will be marked non-compliant in the Azure portal.

To make your device Intune compliant, you need to register the device with Intune. When you register a device, you will be asked for information about the device and its configuration.

Intune has a list of supported OSes, devices, and browsers. To use your device with Intune, you must ensure it’s compatible. That can be done by ensuring the OS is supported and the device has a valid certificate. 

If you’re not sure whether your device is Intune-compliant, check the following:

  • Is there a Microsoft Intune certificate on your device? If yes, it is Intune compliant. The Microsoft Intune certificate is a trusted, secure certificate used by the Intune service to authenticate and enroll devices.
  • Is a Mobile Device Management (MDM) profile installed on the device? If yes, it is Intune compliant. The MDM profile allows you to manage devices through the Intune console. They’re used to set up and configure devices so that they work with your organization’s policies.

How do I fix Intune non-compliant devices?

Before you settle on performing the advanced solutions, ensure you check off the following:

  • Check that the configuration of your managed devices is correct.
  • Ensure your device meets the system requirements to enroll for Intune.

1. Sync Intune policies

  1. Hit the Windows key and click on Settings.
  2. Click on Accounts on the left pane, then select Access work or school.
  3. Locate your account connected to Azure, then select Info.
  4. Select Sync under Device sync status.
  5. Consequently, you can do so via your organization’s portal from the Company Portal app.
  6. You’ll need to download the app from the Microsoft Store first.
  7. Once downloaded, open the Company Portal app and click on Settings at the bottom left.
  8. Press the Sync this device button.

Manually forcing syncing allows your policies to automatically apply the most recent settings to your users, groups, and devices. This allows Intune to enforce the policies on the device and report compliance status.

In case you encounter issues with Intune not syncing, check out our detailed article on how to navigate this issue. Still, it could take up to 24 hours for enrolled devices to show up, so you need to be patient if the synchronization process doesn’t yield immediate results.

2. Reset the non-compliant device

Resetting a device means removing it from Intune, wiping it, and then adding it back into Intune. This will remove all the settings from Intune, such as VPN profiles, MDM policies, and more. 

When the device returns online, it will automatically download the latest policies and settings from Intune again.

If you still have problems with compliance after resetting your devices, another issue may be at play that is causing the 0x87d101f4 error.

What is the grace period for Intune compliance?

Microsoft Intune has a grace period for compliance, which is the amount of time you have to fix any non-compliance issues before your device/account is considered non-compliant. The default grace period for compliance is 30 days, but your admin can change it.

When you create a new compliance policy, you can choose whether or not to enable the grace period. You can use Configuration Manager to remediate your devices against compliance violations during this grace period.

Hopefully, with these steps, you have been able to resolve the 0x87d101f4 error in Intune. While you’re still here, check out our list of network management software, especially if you’re interested in automatic policy updates.

This isn’t the only error you can encounter, and many reported error code 0x87d1fde8, but we covered that one in another guide.

For any additional thoughts on this topic, leave your comments down below.

More about the topics: cloud software