In this blog, we’ll dive into the powerful feature of Pausing Config Refresh in Intune. First, we’ll explore how to pause config refresh in Intune to take back control, prevent unintended consequences, and streamline your management process.
To begin with, here is a quick step guide to pause config refresh in Intune:
- Sign in to the Microsoft Intune admin center
- Go to the “Devices” section
- Select the desired device
- Locate the option to “Pause Config Refresh
- Specify pause duration
- Click “Pause” to initiate the pause
However, continue reading the blog further, as this is just an overview. In addition, we have detailed steps to pause config refresh in Intune.
Furthermore, discover practical tips and best practices to effectively utilize this feature and optimize your Intune environment.
What is Config Refresh in Intune ?
Config Refresh is a feature in Microsoft Intune designed to improve the efficiency and reliability of policy management for Windows devices.
Moreover, it allows for more frequent and predictable policy updates without relying on the traditional device check-in or restart mechanisms.
How Config Refresh Works ?
Typically, Intune policies are refreshed every 8 hours, which can lead to delays in applying necessary changes.
However, Config Refresh addresses this by enabling administrators to set a specific refresh interval for their policies, ranging from 30 minutes to 24 hours.
When a Config Refresh cycle begins, the device reapplies the policies it has previously received from Intune, without requiring a check-in or restart.
Consequently, this ensures that the device’s configuration aligns with the latest policies defined in Intune.
Key Benefits of Config Refresh
- Faster policy application: Firstly, reduces the time it takes for policy changes to take effect on managed devices.
- Improved security: Secondly, enables more frequent updates to security policies, helping to protect devices from threats.
- Enhanced user experience: Thirdly, ensures that users have access to the latest applications and settings.
- Better control over policy refresh cycles: Lastly, allows administrators to customize the refresh frequency based on their organization’s needs.
Config Refresh vs. Group Policy
While Config Refresh offers similar functionality to Group Policy’s refresh cycle, there are key differences:
- In terms of Scope: Config Refresh is specifically for Intune-managed devices, while Group Policy is primarily used in Active Directory environments.
- Regarding Frequency: Config Refresh offers more granular control over refresh intervals compared to Group Policy.
- As for the Mechanism: Config Refresh relies on Intune’s cloud-based infrastructure, while Group Policy uses a traditional on-premises approach.
Also Check: How to schedule automatic reboots for Windows devices with Intune ?
How do you pause Config Refresh on a Windows device in Intune ?
In this section, we will walk you through the steps to pause Config Refresh on a Windows device using Intune.
Specifically, this process allows you to temporarily halt policy enforcement, providing flexibility for troubleshooting or maintenance tasks.
Method 1: Using the Intune Admin Center
First and foremost, this is the most common and straightforward method.
- To begin, sign in to the Microsoft Intune admin center.
- Next, navigate to Devices > All devices.
- Then, select the specific device you want to pause config refresh for.
- After that, click the ellipsis (…) button next to the device name.
- Subsequently, choose Pause config refresh.
- Following that, specify the desired pause duration (maximum 1440 minutes or 24 hours).
- Finally, click Pause.
Method 2: Using PowerShell (Advanced Users)
Although not as common, PowerShell can be used for bulk operations or scripting.
Prerequisites:
- Firstly, Intune PowerShell module installed
- Secondly, Azure AD module installed
- Lastly, necessary permissions
Steps:
Initially, connect to Intune PowerShell:
- Connect-Intune
Next, get the device ID:
- $device = Get-IntuneDevice -DeviceId <DeviceID>
- Replace <DeviceID> with the actual device ID.
Finally, pause config refresh:
- Invoke-IntuneDeviceAction -Id $device.Id -Action PauseConfigRefresh -DurationInMinutes <Minutes>
- Replace <Minutes> with the desired pause duration.
Important Considerations
- Pause Duration: First and foremost, carefully consider the required pause duration to avoid unnecessary interruptions.
- Multiple Devices: Secondly, for multiple devices, repeat the process for each device or use PowerShell for bulk operations.
- Resuming Config Refresh: Additionally, to resume normal config refresh, pause it again for 0 minutes.
- Device Status: Lastly, monitor device status after pausing and resuming to ensure everything is working as expected.
Also Check: How to create an Autopilot deployment profile ?
What is the difference between policy refresh and Config Refresh ?
In this section, we’ll explain the key differences between policy refresh and Config Refresh in Intune.
Importantly, understanding these distinctions will help you manage device policies more effectively and utilize Intune’s capabilities to their fullest.
Policy Refresh
- Definition: Firstly, policy refresh is the process by which Intune-managed devices periodically check in with the Intune service to receive and apply updated policies.
- Frequency: Secondly, traditionally, policy refresh occurred every 8 hours.
- Mechanism: Thirdly, devices initiate a connection with Intune to retrieve new policies.
- Limitations: Lastly, relies on device connectivity and check-in intervals, which can lead to delays in policy updates.
Config Refresh
- Definition: to begin with, Config Refresh is a newer feature that allows Windows 11 devices to reapply previously received policies without requiring a connection to the Intune service.
- Frequency: Next, config Refresh intervals can be set from 30 minutes to 24 hours.
- Mechanism: Furthermore, devices locally store and reapply policies based on the configured refresh interval.
- Benefits: In last, improves policy consistency, reduces reliance on device connectivity, and enables faster policy updates.
Key Differences
| Feature | Policy Refresh | Config Refresh |
| Dependency on Intune | Requires regular check-in | Less reliant on Intune connectivity |
| Policy Application | Downloads new policies from Intune | Reapplies previously downloaded policies |
| Frequency | Typically every 8 hours | Customizable from 30 minutes to 24 hours |
| Device OS | Works for all Intune-managed devices | Primarily for Windows 11 |
Also Check: How to repair Remote Desktop Client ?
How do you configure Config Refresh and Refresh Cadence using the Settings Catalog in Intune ?
In this section, we’ll guide you through configuring Config Refresh and Refresh Cadence using the Settings Catalog in Intune.
Specifically, this setup allows you to manage policy refresh schedules and ensure your devices stay updated with the latest configurations.
First and foremost, before diving into the configuration steps, let’s clarify the terms:
- Config Refresh: A feature in Intune that allows Windows devices to reapply previously received policies without requiring a connection to the Intune service.
- Refresh Cadence: The frequency at which Config Refresh occurs.
Steps to Configure Config Refresh and Refresh Cadence
Create a New Configuration Profile:
- Firstly, navigate to Devices > Configuration profiles.
- Secondly, click Create profile.
- Then, select Windows 10 and later as the platform and Settings catalog as the profile type.
- Lastly, give your profile a descriptive name.
Add Settings:
- Next, click Add settings.
- Subsequently, search for “Config Refresh”.
You will find two settings:
- Enabled: This setting enables or disables Config Refresh. Set it to true to enable.
- Cadence: This setting defines the refresh interval. Enter a value in minutes (e.g., 30 for a 30-minute refresh).
Assign the Profile:
- Finally, assign the profile to the desired group of devices.
Additional Considerations
- Minimum Refresh Cadence: First of all, the minimum refresh cadence is 30 minutes.
- Maximum Refresh Cadence: Secondly, the maximum refresh cadence is 1440 minutes (24 hours).
- Testing: Furthermore, it’s recommended to test the configuration with a small group of devices before deploying it widely.
- Pause Config Refresh: Lastly, if needed, you can pause Config Refresh for individual devices using the Intune admin center or PowerShell.
Conclusion
In conclusion, Config Refresh in Microsoft Intune is a powerful tool for enhancing policy management on Windows devices. By understanding how to pause, configure, and optimize Config Refresh, IT administrators can greatly improve device management.
We’ve covered the differences between policy refresh and Config Refresh, and provided step-by-step guides on pausing Config Refresh via Intune Admin Center and PowerShell, as well as configuring refresh cadence using the Settings Catalog.
Consider pause durations carefully, test with small groups first, and monitor device statuses to ensure better policy consistency, security, and user experience.
Source: [learn.microsoft, call4cloud, learnintune, prajwaldesai]
Frequently Asked Question’s (FAQ’s)
Navigate to Devices > Windows > Configuration Profiles. Create a new policy, select “Settings Catalog” as the profile type. Choose “Reboot” from the settings catalog, define the desired schedule (daily, weekly, or single), specify the reboot time, and assign the policy to your target devices.
Intune doesn’t have a global pause function. However, you can temporarily halt configuration updates for specific devices. To do this, navigate to the device in the Intune admin center, select “Pause Config Refresh,” and specify the desired pause duration.
Config refresh is a feature in Intune that allows you to set a schedule for Windows devices to reapply previously received policy settings. This happens without requiring the device to check in to Intune regularly. It helps maintain desired configurations and improves security by quickly reverting unauthorized changes.
