Resolve Configuration Profile Conflicts in Intune

Within the Intune portal, multiple dashboards provide reports on devices, settings, and configuration. However, as an administrator, you know that identifying policy conflicts is a headache. While Intune provides some valuable reports, they fall short when it comes to determining the root cause of policy conflicts. A simple question arises: Is there a better way to Resolve Configuration Profiles Conflicts in Intune?

Tired of spending hours hunting for conflicts between Intune Configuration Profiles?

Consider the frustration of applying security baseline policies provided by Intune only to find conflicts between ‘The Windows 10/11 Security Baseline,’ ‘Defender for Endpoint Baseline,’ and ‘Microsoft Edge Baseline policies.

Although starting with baseline policies may not be a regular occurrence, you’ll inevitably be introducing new configuration policies at some in the future. Therefore it’s important that you can quickly identify where these policy settings conflict and what actual setting differences are.

From an Intune dashboard perspective, you can use the Device Configuration report. This provides you with a good overview, but the report doesn’t allow you to delve into the details of the conflict and how to identify which policies are causing the conflict: 

The Device Configuration section for a device shows some more details on the setting in question:

But again, it doesn’t help you identify the corresponding conflict/s elsewhere. Here are some troubleshooting steps that Microsoft offers, still not straightforward and often confusing!

The good news is that there is a better way. By using MPA Tools, you can easily select the device and obtain a detailed list of configuration settings applied to the device. This tool provides an overview of all the Intune properties in one view, including ‘Applied Configurations.’

Within the MPA Tools dashboard, you can navigate to the device and see the Intune properties laid out in one view, including ‘Applied Configurations(x)(x)(x)(x)’. The number in the first brake shows how many policy profiles apply. These policy profiles are Baselines, Endpoint Security Policies, Configurations Profiles, etc. All configurations policies that apply to a computer from Intune are combined here for a complete view. The following three brackets with numbers indicate a number of settings in a particular state; Error/Fail, Conflict, and Not Applicable.

From Intune Computer Properties page, you can select ‘Applied Configuration’ to get a detailed breakdown of the applied settings and which policies they relate to. Let’s see what Intune configuration profiles issues we have.

One interesting and very useful thing to note is that you can open multiple Intune Computer Properties at the same time for a quick comparison of what policies apply between different computers. 

Now, in this case, we want to identify the conflict settings and which policies they relate to. From the same view, you can drag the Configuration Name value into the filter header and then drag the State column header there as well to group data even further. Troubleshooting policies and profiles in Microsoft Intune becomes much easier with these tools in hand.

As shown in the picture above, we have all our Configuration Policies in one place; we have all the settings and setting values, and now we can easily identify where the conflicts are coming from. An interesting thing to point out immediately is that the same conflicting setting may not have the same name in different configuration profiles. For example, “Logon Options” is actually “Internet Explorer Zone Logon Options” in Baseline configurations. Another one to mention is that sometimes the conflicts can come from more than two profiles at the same time, then it becomes even more fun to use MPA Tools to troubleshoot intune configuration profiles!

And last but not least is the ability to export the configurations to Excel or text for further reporting or troubleshooting. Not much to add here other than that it is a very simple and quickest way to report on what Intune Configuration Policies applied to a computer.

MPA Tools also provides the same ability to view applied GPO configurations, making it very simple to understand what applies to a computer in Hybrid Joined environments.

In summary, when it comes to identifying policy conflicts, using the Intune dashboard alone can be time-consuming and frustrating. By using MPA Tools, you can easily resolve configuration profile conflicts in Intune, saving you time and reducing your headaches!