You can manually force MDM check-in and Intune Agent check-in for Intune Policies / configuration profiles / application deployment from a target device after they have been assigned. Syncing forces your device to connect with Intune to get the latest updates, requirements, and communications from your organization.
Intune Management Extension needs to be Installed on macOS device for agent check-in process. Intune agent on a macOS device is responsible for downloading shell scripts from Intune. Intune agent also executes the shell scripts as per the script run schedule, retries, failed attemps configuraiton.
Intune Management Extension is automatically and silently Installed on an managed macOS device when you assign at least one Shell script to the device from Intune admin center. Intune agent Installation location is: /Library/Intune/Microsoft Intune Agent.app.
You could either wait for the next Intune policy refresh cycle, but this would mean that you will have to wait for couple of hours before you know if the policy has been applied succesfully or an app has been installed on the device. This can delay your testing and app deployment.
According to Microsoft: “When you target a device or user with an action, then Intune immediately notifies the device to check in to receive these updates. For example, when a lock, passcode reset, app, or policy assignment action runs.” So, you may not even have to manually force initiate a sync from the Device but if you have to, then we will see how you can do that in the next sections of this blog post.
Not only you can force Intune Sync from a macOS device but also from a Windows device as well. If you are interested in knowing more details about how to force initiate Intune sync from a windows device, you can read about it here: How To Force Intune Sync Manually From A Windows Device.
Let’s first check the default Intune Policy refresh cycle if there are no actions which have triggered a notification for device to check-in with Intune.
| Invoke Intune Sync using powershell |
|---|
| If you want to use Powershell to force Initiate Intune sync on multiple devices at once then you can check out the blog post: How to force Intune Sync using Powershell. |
Intune default Policy refresh frequency
Devices check in with Intune when they receive a notification to check in, or during the scheduled check-in. Below is the default Intune Policy refresh frequency / scheduled check-in along with Device Type.
| Device Type | Refresh Cycle |
| iOS/iPadOS | ~ 8 Hours |
| macOS | ~ 8 Hours |
| Android | ~ 8 Hours |
| Windows 10/11 PCs enrolled as devices | ~ 8 Hours |
| Windows 8.1 | ~ 8 Hours |
Below is the default Intune Policy refresh frequency if the device is recently enrolled:
| Device Type | Refresh Cycle / Frequency |
| iOS/iPadOS | Every 15 minutes for 1 hour, and then around every 8 hours |
| macOS | Every 15 minutes for 1 hour, and then around every 8 hours |
| Android | Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours |
| Windows 10/11 PCs enrolled as devices | Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours |
| Windows 8.1 | Every 5 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours |
Manually Initiate Intune Policy Refresh / Sync from a macOS Device
There are multiple ways to Initiate macOS device check-in with Intune. You can Initiate device check-in either from macOS device or you can also Initiate device check-in using Intune admin center. In the next section of the blog post, we will see different ways to force Initiate the Intune sync process on macOS device.
1. Initiate Intune sync using Company Portal App on macOS
Company Portal applcation makes sure that your macOS device is synced on a regular basis. However, if you have deployed a policy or application and want to Immediately check-in with Intune, you can force a manual sync from a device.
When you use below process to force Initiate device check-in using Company portal app, It Initiates both MDM Check-in and Agent Check-in with Intune.
Forcing a manual sync also helps in cases when a device has been disconnected from a long period of time and by Initiating a Sync, it reconnects the device with Intune to updates all targeted Intune policies and it also retries any deployments / assignments which could be pending for this device.
You can follow below steps to Initiate a manual sync from a macOS device using Company Portal App.
- Click on the Spotlight Icon and search for Company Portal App.
- If you are not signed in to the App, Click on Sign in button and use your company provided user account and password to login. After you click on Sign in button, it may automatically Sign in as your device is already enrolled into Intune.
- Click on three Dots in a circle and then chick on Check status. It will Initiate device check-in with intune to check if there are any updates on device configuration policies, any new policy or application deployment targeted to this device.
- As you can see from below screen, Device check-in has been initiated. You can see a message under the Status progress bar “Checking to see if this device meets compliance and security policies. This might take few minutes.”
- Once the Device check-in process completes, you will see the Status of the Device. As you can see from below screenshot, the Status is showing In Compliance that means device meets the Compliance requirements set by the administrator from Intune admin center.
- Also you can see the Last checked date and time is updated / refreshed.
- There is another message below Last checked, which confirms that “This device meets company compliance and security policies. You can access resources like company email with this device.“
2. Initiate Intune sync using macOS terminal
If you prefer to force Initiate device check-in process with Intune using macOS terminal then you can use a command sudo killall IntuneMdmAgent to kill the Intune agent process. IntuneMdmAgent process will restart automatically and will force initiate both MDM check-in and agent check-in with Intune.
3. Initiate Intune sync on macOS using Intune admin center
You can force initiate Intune device check-in process from Microsoft Intune admin center as well. Please note when you use Intune admin center for device check-in, It only Initiates only MDM check-in but not agent check-in.
Please follow below steps to Initiate Sync from Intune admin center:
- Login on Microsoft Intune admin center.
- Click on Devices and then click on All Devices.
- Search for the device and click on it to manage.
- Click on Sync button and then Click on Yes to confirm.
As you can see from below screenshot, the Information on the Sync prompt says “Intune will attempt to check in with this device. If successful, it will sync current actions or policies to the device. Would yo like to continue ?“
After you Initiate a sync for macOS device using Intune admin center. The device will check-in with intune immediately. If you have access to that device, then you can launch Company portal App to check the Last checked Info, which will be refreshed / updated to show the latest sync date and time.
Bulk device Intune Sync / check-in from Intune admin center
If you have more than one device which you want to Sync with Intune, it becomes tedious process to go to each device and then click on Sync button to Initiate the sync process from Intune admin center.
There are faster ways to accomplishing this from Intune admin center. You can either use a Powershell Cmdlets to Initiate Sync in Bulk or use Bulk device actions under All devices.
Collect Intune device check-in logs for macOS
You can check IntuneMDMDaemon*.log and IntuneMDMAgent*.log log files if there are any issues related to macOS device check-in with Intune. To know more about how to locate those files, I have written more detailed blog post on How to collect Intune logs from a macOS device. You can read about it here: How to collect Intune logs from macOS device.
Conclusion
When we are creating Intune Policies and deploying Apps to devices in a large enterprise environment, we generally perform testing on couple of devices first to make sure that the policy is applying successully or an app is deployed successfully.
Therefore, instead of waiting for Intune Policy Refresh cycle to kick in which generally is around 8 hours, you can force initiate a sync manully from a device. However, please note when you target a device or user with an action, then Intune immediately notifies the device to check in to receive these updates.
For example, when a lock, passcode reset, app, or policy assignment action runs. This option is available for you to use when you are facing any issues in device sync or if the device has been offline for a long time but its not the condition though, you can force initiate a Device sync anytime you want.