I recently configured some custom profiles in Microsoft Intune, and it turned out that one of the policies failed hard on all devices. I had not seen this error before and went to search on the big internet for the error code to understand more about the return code.
I went to this website and the error says “the requested command is not allowed on the target”
All right, so I must have configured something wrong in my policy…
Let’s have a look!
This is how the error looks like in Intune.
If we deep dive into the client’s event log we can better see what happens
(The event log can be found in Applications and Services Logs -> Microsoft -> Windows -> DeviceManagement-Enterprise-Diagnostics-Provider -> Admin)
MDM PolicyManager: Set policy int, Policy: (AllowTelemetry), Area: (System), EnrollmentID requesting set: (CAB662A0-E788-4DE5-B203-2240C4006957), Current User: (Device), Int: (0x2AFE388), Enrollment Type: (0x6), Scope: (0x0), Result:(0x86000011) Unknown Win32 Error code: 0x86000011.
We have discovered the problem. Now to the configuration in Microsoft Intune to see what we configured.
I have configured AllowTelemetry and set the Data type to a string.
To troubleshoot further I went to the registry of a device and searched for “AllowTelemetry” until I found this
Did you notice what I missed?
Yes, I had by accident set the custom profile to a “String” and not an “integer”, that’s why the policy cannot apply to the client.
I went back to Microsoft Intune and into the policy with error.
Deleted the old row and changed the data type to “Integer” and saved it.
Manually synced a client with the policy assigned and THEN the policy applied as supposed.
This article was created to show how to debug such error.
To configure telemetry going forward you should use the Settings Catalog.
Microsoft Intune is very good at reporting back; however, it could have been a better error message to easier understand the issue without too much searching around.
Hope this helped you along with your troubleshooting.