Error 0x87d1fde8: What Is It & How to Effectively Fix It

Turn off restrictions on conditional access to apply policies

Windows 11 ยป Repair

Reading time icon 3 min. read

Calendar icon Updated on

by Claire Moraa 

updated on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • You can fix this issue by resyncing your policies.
  • Adjusting a few settings usually fixes this issue.

Error 0x87d1fde8 usually appears when using Windows Intune or Azure Active Directory (Azure AD) for enrollment.

This issue will prevent you from adding new accounts, so it’s crucial to fix it, and this guide will show you how to do it properly.

Why does 0x87d1fde8 (2016281112) error appear?

The issue appears if the device isn’t enrolled in Intune or if the policy isn’t configured properly. You can also get this error if the device doesn’t meet the compliance requirements or if you have conditional access enabled.

How can I fix error 0x87d1fde8?

Before trying anything else, ensure that your device is connected to the Internet and enrolled in Intune. Also, your device needs to be compatible with your policies.

You also need to review your policies and make sure that Windows is up to date.

1. Disable conditional access

  1. Sign in to your Azure account.
  2. Click on the Menu at the top left corner and select Azure Active Directory.
  3. Select Protect & secure on the left pane, then click on Conditional Access.
  4. Under the Access policy option, toggle it Off.

Conditional access is a security feature that you can use with Intune to help keep corporate data protected. If you are worried about disabling this feature, you can create a custom policy for unsupported devices.

2. Re-sync the policy

  1. Hit the Windows key and click on Settings.
  2. Click on Accounts on the left pane, then Access work or school on the right pane.
  3. Locate your account connected to your AD account and click on Info.
  4. Selectย Syncย underย Device sync status.

How do I know if my device is enrolled in Intune?

  1. Hit the Windows key and click on Settings.
  2. Click on Accounts on the left pane, then Access work or school on the right pane.
  3. Locate your account connected to your AD account.
  4. Check whether the Info option is available. This is the confirmation that assures you that you have enrolled your device in Intune.

Alternatively, you can sign in to the AD portal and view your devices using the Intune device status page. 

If this doesnโ€™t work, check and disable your VPN if it is active. Elsewhere, you may come across the error 0x87d101f4, an Intune compliance error. Find out how to bypass it easily in our expert article.

We also share a step-by-step process on how to sync your devices with Intune, so be sure to check out our article on the same.

If you encounter any problems, we have a guide on what to do if The sync could not be initiated in Intune.

Drop us a comment below if we missed a solution that helped you in a similar situation.

Claire Moraa

Claire Moraa Shield

Windows Software Expert

Claire has a knack for solving problems and improving the quality of life for those around her. She's driven by rationality, curiosity, and simplicity, and always eager to learn more about Microsoft's products. With a background in teaching and reviewing, she breaks down complex topics into easily understandable articles, focusing mostly on Windows 11, errors, and software.