You can manually force MDM check-in and Intune Agent check-in for Intune Policies/configuration profiles/application deployment from a target device after they have been assigned. Syncing forces your device to connect with Intune to get your organization’s latest updates, requirements, and communications.
Intune Management Extension must be installed on the macOS device for the agent check-in process. Intune agent on a macOS device is responsible for downloading shell scripts from Intune. The Intune agent also executes the shell scripts per the script run schedule and retries failed attempts.
The Intune Management Extension is automatically and silently Installed on a managed macOS device when you assign at least one Shell script from the Intune admin center. Intune agent Installation location is: /Library/Intune/Microsoft Intune Agent.app.
You have two options to initiate the Intune Device check-in/Sync process. You could either wait for the next Intune policy refresh cycle, which might take a couple of hours, or initiate the process yourself.
If you wait for the Intune device check-in process, you’ll have to wait before knowing whether the policy has been successfully applied or if the app has been installed on the device. This delay can slow down your testing and app deployment process. Microsoft provides the following guidance, but there may be situations where manual initiation of the sync process is necessary.
According to Microsoft: “When you target a device or user with an action, then Intune immediately notifies the device to check in to receive these updates. For example, when a lock, passcode reset, app, or policy assignment action runs.”
Note
You can trigger an Intune Sync not just from a macOS device but also from a Windows device. If you’d like to learn more about how to initiate an Intune sync from a Windows device manually, you can find detailed instructions in this article: Manually Sync Intune Policies on Windows: 6 Ways
Table of Contents
Manually Initiate Intune Sync from a macOS Device
You have several options to trigger a check-in for macOS devices in Intune. You can do this directly from the macOS device or the Intune admin center. In the upcoming section of the blog post, we’ll explore various methods for forcefully initiating the Intune sync process on macOS devices.
Method 1 – Initiate Intune sync using the Company Portal App
The Company Portal application ensures regular syncing for your macOS device. However, if you want to start device check-in immediately, you can use this app to initiate the MDM Check-in and Agent Check-in processes with one click.
To manually initiate a sync from your macOS device using the Company Portal App, follow these steps:
- Click on the Spotlight Icon and search for Company Portal App.
- If you’re not already signed in to the app, click the Sign In button and enter your company-provided user account and password to log in. Please note: After clicking the Sign In button, it may sign in automatically using previously cached credentials.
- Select the three dots arranged in a circle, and then choose Check Status.
- This action will trigger a device check-in with Intune to confirm whether there are any updates related to device configuration policies or any new policies or applications targeted for this specific device.
- As displayed on the screen below, the device check-in has been initiated. You will notice a message beneath the Status progress bar stating, Checking to see if this device meets compliance and security policies. This might take a few minutes.
- Once the device check-in process is finished, you will observe its status. As illustrated in the screenshot below, the status displays In Compliance, indicating that the device satisfies the compliance requirements established by the administrator in the Intune admin center.
Method 2 – Initiate Intune Sync using the macOS Terminal
If you wish to forcefully initiate the device check-in process with Intune using the macOS terminal, you can use the following command: sudo killall IntuneMdmAgent. This command will terminate the Intune agent process. Subsequently, the IntuneMdmAgent process will automatically restart, triggering both the MDM check-in and agent check-in with Intune.
Method 3 – Initiate Intune Sync using the Intune admin center
You can initiate the Intune device check-in process from the Intune admin center. It’s important to note that when you use the Intune admin center for device check-in, it initiates only the MDM check-in but not the agent check-in.
To initiate a sync from the Intune admin center, please follow these steps:
- Sign in to the Intune admin center.
- Click on Devices and then click on All Devices
- Please search for the device and click on it to manage.
- Click on the Sync button and then Click on Yes to confirm.
Method 4 – Sync using Bulk device Actions
When you have multiple devices that need to be synchronized with Intune, the process can become quite laborious as you’d have to go to each device individually and click on the Sync button from the Intune admin center to initiate the sync process.
Navigate to Devices > All devices > Bulk device actions. Select the OS and then Device Action as sync to initiate Sync on devices in bulk.
There are more efficient methods to achieve this through the Intune admin center. PowerShell can initiate a bulk sync or use the bulk device actions feature under All Devices.
More Information
Collect Intune device check-in logs for macOS
You can inspect the IntuneMDMDaemon*.log and IntuneMDMAgent*.log log files for any issues with macOS device check-ins with Intune. My other blog post, How to Collect Intune Logs from a MacOS Device, provides more information on how to find these files.
Intune default Policy refresh frequency
Devices in Intune check in either when notified to do so or during their scheduled check-in. The default Intune Policy refresh frequency and scheduled check-in times vary by device type.
Here’s the default Intune device check-in duration for all device types:
| Device Type | Refresh Cycle |
| iOS/iPadOS | ~ 8 Hours |
| macOS | ~ 8 Hours |
| Android | ~ 8 Hours |
| Windows 10/11 PCs enrolled as devices | ~ 8 Hours |
| Windows 8.1 | ~ 8 Hours |
Below is the default Intune Policy refresh frequency if the device is recently enrolled:
| Device Type | Refresh Cycle / Frequency |
| iOS/iPadOS | Every 15 minutes for 1 hour, and then around every 8 hours |
| macOS | Every 15 minutes for 1 hour, and then around every 8 hours |
| Android | Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours |
| Windows 10/11 PCs enrolled as devices | Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours |
| Windows 8.1 | Every 5 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours |
Conclusion
In a large enterprise environment, testing Intune policies and app deployments on a few devices before full implementation is common. Instead of waiting for the 8-hour Intune Policy Refresh cycle, you can manually trigger a sync for quicker results.
Note that Intune instantly initiates check-in for updates when you target a device or user with an action, like a lock, passcode reset, app, or policy assignment. You can use the manual option to address sync issues or initiate a sync at your convenience, even if the device hasn’t been offline for an extended period.
