What is the first safe action for Intune Device Not Checking In?

Check the device's last check-in time in Intune and whether it is affecting compliance, Conditional Access, or app deployment. A short delay may not require intervention if the device is offline or asleep.

Does Intune Device Not Checking In require administrator access?

This runbook includes steps that require administrator access and should be handled by IT support.

When should this issue be escalated?

Do not remove the device from management or delete the Intune device record as a first-line fix unless the endpoint/Intune team approves it. Re-enrollment can impact BitLocker/FileVault keys, app deployments, and compliance history.

← Back to Corporate Tech Fixes

Designed for Enterprise IT Support & Corporate Environments

O365

Intune Device Not Checking In

Use this guide when a managed device shows stale check-in status in Intune. It separates user-safe sync checks from admin-only actions such as re-enrollment or compliance policy remediation.

Severity: HighAdmin Required

Estimated Fix Time

20-40 min

Access Level

Admin Required

Total Steps

Author & Verification

Tamem J

IT Solutions Engineer

Last verified: March 3, 2026

Runbooks and troubleshooting guides are reviewed for enterprise-safe usage and avoid security bypass patterns.

Tested on Windows 11 23H2Tested on Windows 10 22H2Tested on macOS Sequoia 15Tested on macOS Sonoma 14

Trust Signals

No ratings yet

0 total helpfulness votes

• Enterprise Microsoft 365 Administration
• Endpoint Management (Intune, Jamf, Kandji)
• Identity & Access (Entra ID, Okta)

#intune#device-management#company-portal#compliance#windows#macos

Note: “Download as PDF” opens the browser print dialog. Choose “Save as PDF” for a printable runbook copy.

Step-by-Step Resolution

Expand each section as needed

1
Confirm check-in delay and compliance impact
Info
Recommended validation or troubleshooting step
Check the device's last check-in time in Intune and whether it is affecting compliance, Conditional Access, or app deployment. A short delay may not require intervention if the device is offline or asleep.

Verify network access to Microsoft endpoints

Command

Includes a copyable command block

Command

# Windows (PowerShell)
Test-NetConnection login.microsoftonline.com -Port 443
Test-NetConnection enterpriseenrollment.manage.microsoft.com -Port 443
 
# macOS (Terminal)
nc -vz login.microsoftonline.com 443
nc -vz enterpriseenrollment.manage.microsoft.com 443

3
Collect local enrollment status (Windows)
Command
Includes a copyable command block
Command
```
# Windows (Command Prompt or PowerShell)
dsregcmd /status
```
4
Trigger a manual sync from the managed client
Info
Recommended validation or troubleshooting step
On Windows, use Settings > Accounts > Access work or school > connected account > Info > Sync. On macOS, use Company Portal (or the approved MDM agent) to check device status and initiate sync.
5
Check date/time drift and sign-in token issues
Info
Recommended validation or troubleshooting step
Incorrect system time can break token-based authentication and check-ins. Confirm the device time is syncing automatically and the signed-in work account is still valid.
6
Escalate before re-enrollment or device record deletion
Warning
Review carefully before proceeding
Do not remove the device from management or delete the Intune device record as a first-line fix unless the endpoint/Intune team approves it. Re-enrollment can impact BitLocker/FileVault keys, app deployments, and compliance history.