Forum Discussion
Company Portal Stuck In Download Pending/Device Syncing Loop
Just tested it with an aadr enrolled device and just installing win32apps from the company portal app works.. So if some is experiencing issues with it, i need to take a look at the ime log
Thanks for taking the time to try to repro. Can you let me know how to get the log? I'd love to be able to look at it, but I have not found any information about where logging goes when the intune management extension is not in use.
Tom
Hi like also described in the blog about aadr vs aadj
Azure Ad joined vs Azure Ad Registered | AADR vs AADJ | PRT (call4cloud.nl)
- The user has Microsoft 365 Business Premium. I will try it, but can you clarify what you mean the "mam scope"? Where would I see that?
Tom What happens when you remove them both (if possible) and make sure the mam scope is notconfigured. and try to add the work/school account. Also just wondering what kinda license does that user has?
(the account and the "connected by" match)
Originally, it had a work account only. To get it into Intune and to get the company portal to work, I removed the account, did an MDM enrollment and then re-added the account.
There is no "Info" option under the work account, only the MDM item. I did the export and do not see that property. Would it be in the top level html file?
Tom
Could you
*check out how the device is marked? personal or corporate , if its marked as personal could you try changing it to corporate
*And how did you enroll the device? by adding a work or school account? Like I did in part 6
Azure Ad joined vs Azure Ad Registered | AADR vs AADJ | PRT (call4cloud.nl)
Of course the mam scope needs to be disabled for that user
*ALso check if the device is auto-enrolled
Go to Settings > Accounts > Access work or school.
Select the joined account > Info.
Under Advanced Diagnostic Report, select Create Report.
Open the MDMDiagReport in a web browser.
Search for the MDMDeviceWithAAD property. If the property exists, the device is auto-enrolled. If this property doesn't exist, then the device isn't auto-enrolled.
Enable Windows 10 automatic enrollment includes the steps to configure automatic enrollment in Intune.*Could you also check out: HKLM\SOFTWARE\Microsoft\EnterpriseDesktopAppManagement\
It's a shame I cant get my hands on that device(s)... 🙂
- Hi Rudy_Ooms_MVP,
I installed it. It starts up and then stops and it uninstalls. I tried it a second time and it reproduces.
Tom - In the blog I mentioned earlier.. I performed a workplace join to get the device aadr and with the mam scope not configured it got intune enrolled also. So the device is only aadr and at that point the intune mgt was installed.
You can download it here if I am not mistaken
I am curious about what happens when you try to install it manually
https://prodamsub0102data.azureedge.net/IntuneWindowsAgent.msi - Rudy_Ooms_MVP
I have not tried that -- where would I get the installer from?
Isn't this expected behavior for non-domain joined machines? The extension is not installed in general BYOD scenarios...?
Thanks,
Tom Mmm.. So it's MDM enrolled but you are missing the Intune MGT extension? that's odd.. what happens when you manually install the intuneagent?
- Rudy_Ooms_MVP,
The devices are Azure AD enrolled and MDM managed. They are set to "Company Owned". They show up in the Endpoint admin console and are marked as "Intune" managed, "Compliant", and "Corporate Owned". The account listed as the primary user in the console is the account I am using in the company portal. If I go into one of the devices to Managed Apps, I can see the apps in question as being "Available For Install". If I drill into the app, it shows a time when it was requested and then a device status date. Nothing shows an attempt to install or a failure.
Here is the output from dsregcmd /status (I redacted a few items)
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : NO
EnterpriseJoined : NO
DomainJoined : NO
Device Name : [xxxx]
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : YES
WorkAccountCount : 1
WamDefaultSet : NO
+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+
AzureAdPrt : NO
AzureAdPrtAuthority : NO
EnterprisePrt : NO
EnterprisePrtAuthority : NO
+----------------------------------------------------------------------+
| Work Account 1 |
+----------------------------------------------------------------------+
WorkplaceDeviceId : [xxxx]
WorkplaceThumbprint : [xxxx]
DeviceCertificateValidity : [ 2021-12-17 14:53:49.000 UTC -- 2031-12-17 15:23:49.000 UTC ]
KeyContainerId : [xxxx]
KeyProvider : Microsoft Platform Crypto Provider
TpmProtected : YES
WorkplaceIdp : login.windows.net
WorkplaceTenantId : [xxxx]
WorkplaceTenantName : [xxxx]
WorkplaceMdmUrl : https://wip.mam.manage.microsoft.com/Enroll
WorkplaceSettingsUrl :
NgcSet : NO
+----------------------------------------------------------------------+
| IE Proxy Config for Current User |
+----------------------------------------------------------------------+
Auto Detect Settings : YES
Auto-Configuration URL :
Proxy Server List :
Proxy Bypass List :
+----------------------------------------------------------------------+
| WinHttp Default Proxy Config |
+----------------------------------------------------------------------+
Access Type : DIRECT
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsDeviceJoined : NO
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : YES
SessionIsNotRemote : YES
CertEnrollment : none
PreReqResult : WillNotProvision Hi,
Could you first explain how these devices were added to Azure Ad/Intune or are they only aadr enrolled and not in intune/mdm? and what does dsregcmd tells you?