State = error
State Details = -2016281112 (Remediation failed)
It all started when I was checking my Intune Configuration policies and I found that all of a sudden I have a new policy called Intune data collection policy as shown above, that I didn’t created. Worse, it had errors!
When I looked at a specific device that was affected, as shown above, I could see two errors on the device. One was from a user designated as System account, which was also somewhat puzzling.
Digging further I found that the State was Error and the State details were -2016281112 (Remediation failed) as you can see above.
At the most granular level, I found the Error code was 0x87d1fde8 as shown above.
It turns out that the Intune data collection policy gets created when you use Endpoint Analytics as shown above.
This gives you some really nice reports as shown above on your Windows devices. You can read more about it here:
I had now solved where the mystery Intune data collection policy came from and after much research it turns out that the device errors are because of licensing as you can read here:
which says:
Endpoint analytics is included in the following plans:
- Enterprise Mobility + Security E3 or higher
- Microsoft 365 Enterprise E3 or higher.
Proactive remediations also require one of the following licenses for the managed devices:
- Windows 10 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
- Windows 10 Education A3 or A5 (included in Microsoft 365 A3 or A5)
- Windows Virtual Desktop Access E3 or E5
The error I was seeing was due to those machines only being Windows 10 Pro, NOT Win 10 Enterprise! Endpoint Analytics currently only works with Windows 10 Enterprise licensed devices.
Once I had changed the Intune data collection policy to exclude the Windows 10 Pro machines the errors went away, as did the duplicate System account as well.
Hopefully, Microsoft will consider extending Endpoint Analytics to Windows 10 Pro machines as well, but for now you’ll need to exclude them from any Intune data collection policy if you don’t want errors in Endpoint Manager.