Hi,
I’m still seeing Microsoft Intune error code 65000 when deploying Secure Boot configuration policies to Windows Pro devices, even though Microsoft states this should have been resolved after the licensing update on Jan 27, 2026.
Environment:
- Windows 11 Pro (latest builds, including 25H2 + latest cumulative updates)
- Devices are Azure AD joined and properly enrolled in Intune
- Users have Windows 10/11 Enterprise subscription activation (E3) assigned (edition is upgraded via subscription)
- Licenses should already be renewed (well past Feb 27, 2026)
- Policies deployed via Intune (Settings Catalog / Endpoint Security)
Symptoms:
- Policy fails with error 65000
- Event log shows:
POLICYMANAGER_E_AREAPOLICY_NOTAPPLICABLEINEDITION - Manual license renewal:
ClipDLS.exe removesubscriptionClipRenew.exe→ no change
- Intune sync also doesn’t help
What I’ve already checked:
- Devices are in UEFI mode with Secure Boot enabled
- No obvious policy conflicts
- Latest Windows updates installed
- Devices re-synced /
Notes:
Microsoft mentions this might still affect some Windows 11 23H2 devices, but I’m seeing it on newer builds as well.
Also, despite devices showing as Pro, they should effectively be treated as Enterprise due to subscription activation, which makes this behavior even more confusing.
Question:
Is anyone else still experiencing this on Pro devices with Enterprise subscription activation after the supposed fix?
Any confirmed root cause or workaround (firmware restrictions, CSP issue, policy type differences, etc.)?