Windows Failed to Apply the MDM Policy [Fix]

ByLiam Last Updated On

Seeing the “Windows Failed to Apply the MDM Policy” error on your PC can be frustrating, especially when your device is managed through Microsoft Intune, Azure Active Directory, or another Mobile Device Management (MDM) platform. This issue usually appears when Windows cannot properly receive, process, or enforce a policy sent from the organization’s management server.

In this guide, I have explained multiple working methods to fix the Windows Failed to Apply the MDM Policy error on Windows 11 and Windows 10.

What Causes the “Windows Failed to Apply the MDM Policy” Error?

Before jumping into the fixes, it helps to understand why this problem appears.

An MDM policy allows organizations to manage Windows devices remotely. These policies control settings like password rules, device encryption, app restrictions, Windows updates, firewall settings, and security configurations.

When Windows cannot successfully apply these rules, you may see messages such as:

  • Windows failed to apply the MDM policy.
  • MDM PolicyManager error.
  • Policy application failed.
  • Device management policy failed.

The issue commonly happens because of:

  • Corrupted Windows system files
  • Broken Intune or Azure AD enrollment
  • Invalid or outdated device certificates
  • Internet connectivity issues
  • Conflicting Group Policy settings
  • Damaged Windows Update components
  • Incorrect registry entries
  • Sync failures between Windows and the MDM server
  • Outdated Windows builds

Now let’s go through the solutions one by one.

Windows Failed to Apply the MDM Policy [Fix]

Windows Failed to Apply the MDM Policy [Fix]
Windows Failed to Apply the MDM Policy [Fix]

To fix the “Windows Failed to Apply the MDM Policy” error, restart the PC, sync your work or school account, verify internet connectivity, update Windows, and re-enroll the device in the MDM service. You can also repair corrupted system files using SFC and DISM, check the Event Viewer logs, restart MDM-related services, and remove conflicting policies. If the issue continues, disconnect and reconnect the device from Azure AD or Intune enrollment settings.

Step 1: Restart Your Computer and Sync the Work or School Account

The first thing you should do is restart the PC and manually sync your connected organizational account. Temporary Windows glitches often prevent policies from applying correctly.

Open the Settings app by pressing Windows + I on your keyboard> Select Accounts from the left sidebar> Click Access work or school.

You will see the connected organizational account used for device management. Select the account and click Info.

Scroll down and click the Sync button.

Windows will now attempt to reconnect with the MDM server and apply pending policies again. Wait a few minutes and restart the computer afterward.

If the sync process completes successfully, the issue may already be fixed.

Step 2: Check Your Internet Connection

MDM services rely heavily on internet communication. If your connection is unstable, blocked, or disconnected, Windows cannot retrieve or apply management policies.

Start by opening a web browser and testing whether websites load properly. If pages are not loading, restart your modem or router.

You should also temporarily disable any VPN connection because some VPN configurations block communication with Microsoft Intune or enterprise servers.

Next, check whether your firewall or antivirus software is interfering with the connection.

Open Windows Security> Go to Firewall & network protection> Temporarily disable the firewall and test the sync again.

If the issue disappears after disabling security software, you may need to whitelist the MDM service URLs used by your organization.

Corporate environments sometimes restrict Microsoft endpoints through proxy settings or DNS filtering. In that situation, contact the organization’s IT administrator for approved network configurations.

Step 3: Update Windows to the Latest Version

An outdated version of Windows may contain bugs that prevent proper policy deployment.

Microsoft frequently releases fixes for Intune, Azure AD, and MDM-related components through Windows updates.

Open Settings> Go to Windows Update> Click Check for updates> Download and install all available updates> Restart the PC after installation finishes.

After rebooting, sync the work or school account again and check whether the error still appears.

Keeping Windows updated is important because newer builds improve compatibility with cloud-based management services and enterprise security features.

Step 4: Run the SFC and DISM Repair Commands

Corrupted Windows system files can interrupt the MDM policy engine and cause deployment failures.

Windows includes built-in repair tools called System File Checker (SFC) and Deployment Image Servicing and Management (DISM).

Start by opening Command Prompt as Administrator> Type the following command and press Enter: sfc /scannow

The scan may take several minutes to complete. Windows will automatically repair corrupted system files if problems are detected.

Once the SFC scan finishes, run these DISM commands one at a time:

DISM /Online /Cleanup-Image /CheckHealth
DISM /Online /Cleanup-Image /ScanHealth
DISM /Online /Cleanup-Image /RestoreHealth

These commands repair the Windows image and restore damaged operating system components. Restart the computer after the repair process completes.

Try syncing the device again to see if the MDM policy error has been resolved.

Step 5: Restart the Device Management Services

Windows uses several background services to communicate with MDM servers and process policies.

If these services stop running, policy application failures can occur.

Press Windows + R to open the Run dialog box> Type: services.msc> Press Enter> Inside the Services window, locate the following services:

  • Device Management Enrollment Service
  • Microsoft Account Sign-in Assistant
  • Windows Management Instrumentation

Double-click each service and ensure the Startup type is set to Automatic. If a service is stopped, click the Start button.

Restart the PC after enabling the services.

This refreshes the management infrastructure and often fixes enrollment communication problems.

Step 6: Check Event Viewer for MDM Errors

The Event Viewer tool can provide detailed information about what is causing the policy failure.

Press Windows + X and select Event Viewer > Navigate to: Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider

Look for warning or error entries marked with red icons.

Common Event IDs related to MDM issues include: Event ID 404, Event ID 7016, Event ID 813, Event ID 850.

These logs often reveal whether the issue is related to enrollment, certificates, permissions, or policy conflicts.

For example, if the logs mention authentication errors, the device may need to be re-enrolled into Intune or Azure AD.

If the logs mention policy conflicts, an administrator may need to modify the configuration settings in the management console.

Reading these logs can help you pinpoint the exact reason for the failure instead of relying on trial-and-error troubleshooting.

Step 7: Disconnect and Reconnect the Work or School Account

Sometimes the MDM enrollment becomes corrupted. Reconnecting the device can refresh the registration and repair the broken link.

Open Settings> Go to Accounts> Select Access work or school> Choose the connected account and click Disconnect> Restart the computer.

After restarting, return to the same section and click Connect.

Sign in using the organizational account credentials.

Windows will re-register the device with the MDM platform and download fresh policy configurations.

This method fixes many enrollment-related errors in both Windows 10 and Windows 11.

Step 8: Remove Conflicting Group Policies

In some environments, traditional Group Policy settings conflict with cloud-based MDM policies.

When both systems attempt to control the same Windows feature, policy application failures can happen.

Press Windows + R> Type: gpedit.msc> Press Enter.

Navigate through the Local Group Policy Editor and review any recently modified policies. Pay close attention to settings related to:

  • Windows Update
  • Password policies
  • Security settings
  • BitLocker
  • Defender
  • Firewall configurations

If you suspect a policy conflict, revert the changes to their default configuration. Afterward, open Command Prompt as Administrator and run:

gpupdate /force

Restart the PC and attempt another sync.

This refreshes local policies and removes outdated settings that may interfere with MDM deployment.

Step 9: Re-Enroll the Device into Intune or Azure AD

If none of the earlier fixes work, the device enrollment itself may be damaged.

Re-enrolling the device completely refreshes communication between Windows and the organization’s management service.

  • First, disconnect the device from the work or school account.
  • Next, open Command Prompt as Administrator and run: dsregcmd /status
  • This command shows the current Azure AD registration status.
  • If the device shows enrollment issues or incorrect registration states, you can leave Azure AD by running: dsregcmd /leave
  • Restart the PC.
  • Now reconnect the device using the organizational account.

Once the enrollment finishes, Windows will download fresh MDM policies from the server.

This is one of the most effective fixes for persistent MDM policy errors.

Step 10: Reset Windows Management Components

Corrupted Windows management components can prevent policies from processing correctly.

You can reset certain Windows services and cached management files using Command Prompt.

Open Command Prompt as Administrator. Stop the Windows Management Instrumentation service by entering: net stop winmgmt

Next, rename the repository folder: winmgmt /resetrepository

Restart the computer afterward.

This rebuilds the Windows Management Instrumentation repository and fixes many underlying policy processing issues.

Be careful when resetting system management components because improper changes may affect enterprise management settings.

Step 11: Contact the Organization’s IT Administrator

If the problem continues after trying all the methods above, the issue may exist on the server side rather than the computer itself.

The organization’s administrator may need to:

  • Review Intune deployment settings
  • Remove duplicate device registrations
  • Check policy conflicts
  • Renew expired certificates
  • Verify Azure AD synchronization
  • Review compliance settings
  • Reset enrollment records

Many enterprise environments apply complex security configurations that can accidentally break policy deployment.

In managed corporate networks, the administrator usually has access to logs and policy reports that are unavailable on the local PC.

FAQs

What does “Windows Failed to Apply the MDM Policy” mean?

This error means Windows could not successfully receive or enforce a management policy sent through an MDM platform like Microsoft Intune or Azure AD.

Can corrupted system files cause MDM policy errors?

Yes. Damaged Windows files can interrupt policy processing services and trigger deployment failures. Running SFC and DISM scans often helps fix the issue.

Does resetting the work or school account fix the problem?

Yes. Disconnecting and reconnecting the organizational account can refresh the enrollment configuration and restore communication with the MDM server.

Is Intune related to MDM policies?

Yes. Microsoft Intune is one of the most common MDM platforms used to manage Windows devices remotely.

Will reinstalling Windows fix MDM policy issues?

A clean Windows installation can fix the issue, but it should only be used as a last resort after trying all troubleshooting methods.

Why do Group Policies conflict with MDM policies?

Traditional Group Policy settings and cloud-based MDM policies sometimes try to control the same Windows feature, which creates configuration conflicts.

Summary

The “Windows Failed to Apply the MDM Policy” error usually appears when Windows cannot properly communicate with the organization’s device management service. The issue may be caused by corrupted files, enrollment problems, network interruptions, outdated Windows builds, or conflicting policies.

Fortunately, the problem can often be fixed by syncing the work account, updating Windows, repairing system files, restarting management services, reviewing Event Viewer logs, and reconnecting the device to Intune or Azure AD.

If the error continues after all troubleshooting steps, the issue may require assistance from the organization’s IT administrator because the root cause could involve server-side configurations or enrollment restrictions.

Hi, my name is Liam, I'm the man who shares his tech experience on GadgetsNurture by writing articles (About error codes, Guides, or How To's). I have more than 10 years of experience having a good knowledge of technology and Gadgets. I faced many issues with my home appliances and gadgets, and sometimes, the apps or other software that I regularly use. So, I decided to help people like me who daily face issues with their gadgets and tech!

Leave a Reply

Your email address will not be published. Required fields are marked *