Windows Autopilot policies associated in Hexnode not applying after enrollmentSolved

Welcome to the Hexnode Community, @maevee.

For Windows Autopilot enrollments, policies associated with the Autopilot configuration should be applied automatically after the device enrolls into Hexnode, provided the device completes enrollment successfully and comes online.

A useful first check is to confirm that the device is online in Hexnode and then run a Scan Device action from the device page. Syncing Autopilot can also refresh the Autopilot device/configuration association. However, if both actions complete successfully and the pre-associated policies still do not apply, the issue is not likely to be caused by a normal device sync delay.

There was a known issue where policies pre-associated with an Autopilot configuration were not being applied correctly after enrollment in some cases. This has since been addressed. The important point is that the fix applies to new Autopilot enrollments going forward and does not retroactively push those policies to devices that were already enrolled while the issue was present.

For already-enrolled affected devices, manually associate the required policies directly with those devices or their device group.

I tried the usual scan and Autopilot sync steps, but they didn’t change anything for the affected devices. One of them was a fresh Windows install and enrolled through Autopilot, but the policies still didn’t come down at that time.

If the device was enrolled before the fix fully took effect, it may remain in the same state even after scanning. The policy association from the Autopilot configuration is evaluated during enrollment, so devices that missed the association during enrollment need to be handled manually.

For those devices, add the policies directly from Hexnode using one of these methods:

1. Open the device in Hexnode and associate the required policies directly.
2.  Add the device to a device group that already has the required policies associated.
3. Re-enroll the device only if a clean Autopilot enrollment is required for validation.

For new Windows Autopilot enrollments after the fix, the policies associated with the Autopilot configuration should apply automatically during enrollment.

That matches what I’m seeing now. New Autopilot enrollments are getting the policies assigned through the Autopilot configuration. For the earlier affected devices, I had to add the policies manually.