Bug ID 2365469: Mdmsyncmgr truncates SAS signature when following Intune redirect to Azure Blob Storage, leading to NonCompliantDevice retrieval failure

Last Modified: Jul 10, 2026

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.1.3, 17.1.3.1, 17.1.3.2, 17.5.0, 17.5.1, 17.5.1.2, 17.5.1.3, 17.5.1.4, 17.5.1.5, 17.5.1.6, 21.0.0, 21.0.0.1

Opened: Jun 30, 2026

Severity: 3-Major

Symptoms

- mdmsyncmgr fails to retrieve NonCompliantDevice details from Intune - APM logs show authentication errors during device detail updates: “Authentication error for get all non-compliant devices request” - Azure Blob Storage responds with HTTP 403 AuthenticationFailed and message: “Signature fields not well formed” - Packet capture shows SAS signature truncated in redirected request - Issue correlates with the presence of two newly added HTTP headers in Intune redirect response

Impact

- NonCompliantDevice retrieval fails completely - Device compliance data cannot be synchronized from Intune - Affects visibility and enforcement of compliance policies

Conditions

- BIG-IP APM configured with mdmsyncmgr and Microsoft Intune integration - Intune returns an HTTP 303 redirect to Azure Blob Storage with an SAS token - Redirect response includes additional HTTP headers (recent change on Intune side) - Resulting HTTP request size exceeds internal handling limit (~1515 bytes observed) - mdmsyncmgr follows the redirect (HTTP scheme) and truncates the request payload (~15 bytes lost).

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips