ERR_POLICY_NOT_APPLIED · STATUS: DEPLOYING FOREVER · DEVICE_COUNT: ¯\_(ツ)_/¯
Dynamic groups that don't update. Policies that apply to the wrong devices. Compliance states stuck in limbo. Sound familiar? You don't have to live like this.
// Known Issues
001
Dynamic Groups Are a Lie
Device joins AAD. Policy should apply. It doesn't. You check the group. Device isn't there yet. You wait. You wait more. You file a ticket. The ticket closes itself.
002
Compliance Is a Feeling
Device shows compliant. Device is not compliant. Device shows non-compliant. Device is fine. Conditional access disagrees with all of the above simultaneously.
003
Certificate Deployment: Roll the Dice
SCEP profile assigned. NDES is configured. Everything looks right. Half the devices get certs. The other half just… don't. No error. No log entry. Nothing.
004
Enrollment: Choose Your Adventure
Autopilot, User-Driven, White Glove, ADE, BYOD — each one a choose-your-own-adventure book where most endings are a wipe-and-retry.
005
The Reports Lie Too
Device count in Intune ≠ Azure AD ≠ what your CEO asked about. Export to CSV. Numbers still wrong. Try Graph API. Now you have two problems.
006
iOS Update? Good Luck.
You push the update policy. 200 devices update. 47 don't. There is no rhyme. There is no reason. Apple and Microsoft are in a silent disagreement and your users are caught in the middle.
// About Me
I'm an enterprise endpoint engineer with years of hands-on experience managing large-scale Microsoft Intune environments — including government deployments with thousands of devices across dozens of agencies.
I know where Intune hides its failures, why your dynamic groups lag, and how to get certificates deploying reliably at scale. I've lived in the Graph API logs so you don't have to.
Whether you need an environment audit, a one-time fix, or an ongoing expert to call when things break — I can help you turn your Intune deployment from a source of dread into something that actually works.
// What I Can Do
A deep-dive review of your Intune tenant. Policies, groups, compliance settings, enrollment configs — I'll find the landmines before they find you.
Something's broken and you need it fixed fast. Bring me in, let's diagnose it together, and get your environment back on track.
Build a policy structure that scales. Dynamic group strategy, compliance baselines, configuration profiles — designed to actually do what you intend.
SCEP, PKCS, Conditional Access, certificate chain troubleshooting. Get your certs deploying reliably and your auth flows actually authenticating.
Autopilot, ADE, BYOD, JAMF-to-Intune migration. Plan it right, run it cleanly, and avoid the re-enrollment death march.
PowerShell + Graph API solutions for bulk operations, reporting, license management, and anything else you're doing manually that you shouldn't be.
// Let's Talk
Tell me what's broken. No sales call, no pitch deck — just a real conversation about your environment and what it'll take to fix it.