"Windows failed to apply the MDM Policy settings" error when you run "gpupdate /force" on a hybrid Azure AD-joined device

Applies to: Microsoft IntuneIntune


When you run the gpupdate /force command on a hybrid Azure Active Directory (Azure AD)-joined Windows device that's enrolled in Microsoft Intune, you receive the following warning message:


This issue occurs if the Auto MDM Enrollment with AAD Token Group Policy Object (GPO) is applied to the Windows device. In this case, it tries to enroll the device in MDM when you run the gpupdate /force command. Because the device was already enrolled, you receive the warning message.

This behavior is expected. You can safely ignore the warning message.

More information

The following is an example of the %windir%\debug\usermode\Gpsvc.log file entry when you enable Group Policy Service debug logging by following the steps in Group Policy Troubleshooting with GPSVC Log Analysis:

The 0x8018000a error means that the device is already enrolled.