Skip to main content
This guide covers common issues you may encounter when using Intune Commander and how to resolve them.

Connection Issues

Browser doesn’t open (Interactive auth)

Symptoms: Click Login, status shows “Opening browser…”, but no browser window appears. Causes:
  • Firewall blocking localhost:45132
  • No default browser configured
  • Browser process fails to launch
Solutions:
  1. Check Windows Firewall / antivirus settings for blocking localhost
  2. Try a different authentication method:
    • Use Device Code flow as an alternative
    • Use Client Secret if you have one configured
  3. Verify redirect URI is registered in your app registration:
    • Go to Azure Portal → App Registrations → Your App → Authentication
    • Ensure http://localhost:45132 is listed under “Mobile and desktop applications"

"Insufficient privileges” error

Symptoms: Authentication succeeds, but data loading fails with “Forbidden (403)” or “Insufficient privileges” errors. Causes:
  • Missing Graph API permissions in app registration
  • Admin consent not granted
  • Permissions granted for wrong API (e.g., Azure AD Graph instead of Microsoft Graph)
Solutions:
  1. Verify permissions in Azure Portal:
    • Go to App Registrations → Your App → API Permissions
    • Ensure all required Microsoft Graph delegated permissions are added
    • Required permissions:
      • DeviceManagementConfiguration.ReadWrite.All
      • DeviceManagementApps.ReadWrite.All
      • DeviceManagementServiceConfig.ReadWrite.All
      • DeviceManagementManagedDevices.ReadWrite.All
      • Directory.Read.All
      • Policy.Read.All
      • Policy.ReadWrite.ConditionalAccess
      • Group.Read.All
      • See docs/GRAPH-PERMISSIONS.md for complete list
  2. Click Grant admin consent in the portal
  3. Wait 5-10 minutes for permissions to propagate
  4. Reconnect to the tenant

”Application not found” error

Symptoms: AADSTS700016: Application with identifier 'xxx' was not found in the directory Causes:
  • Client ID is incorrect
  • App registration doesn’t exist in this tenant
  • Using a Commercial app ID in GCC-High/DoD (or vice versa)
Solutions:
  1. Verify Client ID in Azure Portal → App Registrations
  2. Ensure you’re using the correct app registration for this cloud:
    • Commercial/GCC: Register in portal.azure.com
    • GCC-High: Register in portal.azure.us
    • DoD: Register in portal.apps.mil
  3. Update your profile with the correct Client ID

Token cache errors

Symptoms: Failed to acquire token or Token cache corrupted Causes:
  • Azure.Identity token cache corrupted
  • DataProtection keys changed (Windows profile rebuilt)
Solutions:
  1. Delete the token cache folder: 
    %LocalAppData%\.IdentityService
  2. Restart Intune Commander
  3. Re-authenticate when prompted

GCC-High/DoD connection fails

Symptoms: Connection works in Commercial but fails in GCC-High/DoD Causes:
  • Using a Commercial tenant app registration in government cloud
  • Wrong cloud endpoints
  • Missing government cloud app registration
Solutions:
  1. Create a separate app registration in the government cloud portal:
    • GCC-High: https://portal.azure.us
    • DoD: https://portal.apps.mil
  2. Update your profile:
    • Set Cloud to GCCHigh or DoD
    • Use the new government cloud Client ID
  3. Ensure the profile’s Tenant ID is the government tenant GUID, not the Commercial tenant GUID

Data Loading Issues

Data appears stale

Symptoms: Data loaded in the app doesn’t match what you see in the Intune portal Causes:
  • Data loaded from cache (cached up to 24 hours ago)
  • Recent changes in Intune not yet reflected
Solutions:
  1. Click Refresh to bypass cache and fetch fresh data from Graph API
  2. Check the status bar for cache age: “Loaded X items (cached 2 hours ago)”
  3. If Refresh fails, check the Debug Log for Graph API errors

”Failed to load” errors

Symptoms: Status bar shows “Error loading Causes:
  • Missing Graph API permissions for that object type
  • Temporary Graph API outage
  • Network connectivity issue
Solutions:
  1. Open the Debug Log window to see the full error message
  2. Check for Graph API error codes:
    • 403 Forbidden: Missing permission
    • 404 Not Found: Endpoint doesn’t exist (rare)
    • 429 Too Many Requests: API throttling (wait and retry)
    • 503 Service Unavailable: Microsoft Graph outage (check status.microsoft.com)
  3. For 403 errors, review the Permissions log entry to see which permission is missing
  4. Wait 30 seconds and click Refresh to retry

Lazy-loaded categories empty

Symptoms: Navigate to a category (e.g., Conditional Access), but grid remains empty Causes:
  • No objects of that type exist in the tenant
  • Graph API error during lazy-load
  • Cache entry expired and refresh failed
Solutions:
  1. Check the Debug Log for error messages
  2. Verify objects exist in the Intune portal
  3. Click Refresh to retry loading
  4. If error persists, check Graph API permissions for that object type

Settings Catalog policies missing settings

Symptoms: Settings Catalog policy loads, but settings list is empty in detail panel Causes:
  • Settings require a separate Graph API call that failed
  • Missing DeviceManagementConfiguration.Read.All permission
Solutions:
  1. Check the Debug Log for “Failed to load settings” messages
  2. Verify DeviceManagementConfiguration.Read.All permission is granted
  3. Select the policy again to retry loading settings

Export/Import Issues

Export fails with “Access Denied”

Symptoms: Export starts but fails with file system access error Causes:
  • No write permission to %UserProfile%\Desktop\IntuneExport
  • Folder locked by another process
  • Disk full
Solutions:
  1. Check disk space on C: drive
  2. Close any file explorers or apps accessing the IntuneExport folder
  3. Manually create the folder if it doesn’t exist
  4. If using a redirected Desktop (e.g., OneDrive), ensure it’s synced and accessible

Import creates duplicates

Symptoms: Running import twice creates duplicate policies Causes:
  • Import creates new objects; it does not update existing objects
  • This is by design
Solutions:
  1. Delete duplicate policies manually in the Intune portal
  2. Before re-importing, check if objects already exist in the destination tenant
  3. Use the migration table to track what was already imported

Import fails with “Object already exists”

Symptoms: Import fails with “A with the name '' already exists” Causes:
  • Graph API enforces unique names for some object types
  • You previously imported this object
Solutions:
  1. Rename the object in the source JSON file before importing
  2. Delete the conflicting object in the destination tenant
  3. Skip this object and import the rest

Migration table not working

Symptoms: Imported objects have broken references (e.g., app config references wrong app ID) Causes:
  • Migration table is missing or corrupted
  • Objects imported in wrong order
Solutions:
  1. Ensure migration-table.json exists in the import folder root
  2. Import dependencies first (e.g., import Apps before App Protection Policies)
  3. If migration table is lost, manually re-map IDs in the JSON files

PowerPoint Export Issues

Export button is disabled

Symptoms: ”📊 Export PowerPoint” button is grayed out Causes:
  • Not connected to a tenant
  • No Conditional Access policies loaded
  • Tenant is non-Commercial cloud (GCC/GCC-High/DoD)
Solutions:
  1. Ensure you’re connected to a tenant
  2. Navigate to Conditional Access and wait for policies to load
  3. Check your profile’s Cloud setting—PowerPoint export is currently Commercial-only

Watermarks on slides

Symptoms: Exported PowerPoint has “Evaluation Copy” watermarks Causes:
  • Missing or invalid Syncfusion license key (developers/self-builders only)
Solutions:
  1. If using the official release: This should not happen—report a bug
  2. If building from source:
    • Register for a Syncfusion Community License (free for < $1M revenue)
    • Set environment variable: SYNCFUSION_LICENSE_KEY=your-key
    • Restart IDE and rebuild

PowerPoint export fails

Symptoms: Export starts but fails with error Causes:
  • Missing dependency (Named Location, Auth Strength, etc.)
  • Graph API error fetching policy details
  • File system permission issue
Solutions:
  1. Check the Debug Log for detailed error message
  2. Ensure all dependencies are loaded (Named Locations, Auth Strengths, Auth Contexts)
  3. Try exporting to a different location (e.g., C:\Temp instead of Desktop)
  4. Verify you have write permission to the output folder

Performance Issues

App freezes during export

Symptoms: UI becomes unresponsive during large export Causes:
  • Large tenant with hundreds/thousands of objects
  • Settings Catalog export fetching settings for each policy
Solutions:
  1. Wait for export to complete—UI will become responsive again
  2. Close the Debug Log window during export (reduces UI overhead)
  3. Export smaller batches instead of “Export All”

Slow connection time

Symptoms: Initial connection takes 30+ seconds Causes:
  • Large tenant with thousands of objects
  • No cached data
  • Slow network connection
Solutions:
  1. Wait for first connection to complete—cache will make subsequent connections faster
  2. Close other apps consuming network bandwidth
  3. Check the Debug Log for which object types are taking the longest to load

High memory usage

Symptoms: Intune Commander uses 500+ MB RAM Causes:
  • Large tenant with thousands of objects loaded in memory
  • Debug Log has 2000 entries
Solutions:
  1. This is normal for large tenants
  2. Clear the Debug Log to free some memory
  3. Disconnect and reconnect to clear in-memory data
  4. Close the app and restart if memory usage continues to grow

Cache Issues

”Failed to load from cache” error

Symptoms: Error message when connecting to tenant Causes:
  • Cache database corrupted
  • DataProtection key changed (Windows profile rebuilt)
  • Schema mismatch after app update
Solutions:
  1. Delete the cache database: 
    %LocalAppData%\Intune.Commander\cache.db
%LocalAppData%\Intune.Commander\cache-key.bin
  2. Restart Intune Commander
  3. Reconnect—cache will be rebuilt from Graph API

Cache not updating

Symptoms: Click Refresh, but data doesn’t change Causes:
  • Refresh may only update currently-selected category
  • Graph API is returning same data (no changes in tenant)
Solutions:
  1. Verify data actually changed in the Intune portal
  2. Check the Debug Log to confirm Refresh triggered Graph API calls
  3. Delete cache database and reconnect to force full refresh

Profile Issues

Profiles not loading

Symptoms: Saved Profiles dropdown is empty after restart Causes:
  • Profiles file corrupted
  • DataProtection decryption failed (Windows profile rebuilt)
Solutions:
  1. Check if file exists: 
    %LocalAppData%\Intune.Commander\profiles.json
  2. If corrupted, delete it and re-create profiles
  3. If you have a backup, restore from backup

Cannot delete profile

Symptoms: Delete Profile button doesn’t work Causes:
  • No profile selected
  • Profile is the active/connected profile
Solutions:
  1. Disconnect from the tenant first
  2. Select the profile in the Saved Profiles dropdown
  3. Click Delete Profile

Reporting Issues

If you encounter an issue not covered here:
1

Open Debug Log

Capture the debug log before/during the issue.
2

Copy log entries

Copy relevant log entries (last 50-100 lines).
3

File an issue

Report at the GitHub repository with:
  • Description of the issue
  • Steps to reproduce
  • Debug log excerpts (sanitize any sensitive data)
  • Your environment:
    • Windows version
    • Cloud environment (Commercial/GCC/GCC-High/DoD)
    • Tenant size (approximate object counts)
Sanitize sensitive data before sharing logs:
  • Tenant IDs
  • Client IDs
  • User names
  • Group names
  • Policy names (if sensitive)

Build docs developers (and LLMs) love

Get started for freeTalk to us