Forum Discussion

MaxMorsia's avatar
MaxMorsia
Brass Contributor
Mar 30, 2023

Endpoint privilege management, deployment unsuccessful with "device health monitoring" error

Hello all, I'm testing Endpoint privilege management on a few machines in a test environment. The elevation settings policy isn't deploying when "send data to microsoft" is selected, the error receiv...
Intune
Edgar_Izaguirre's avatar
Edgar_Izaguirre
Brass Contributor
Jun 07, 2023
Hey Rudy. Spending some time this morning working with fiddler. I'll reach out to you shortly if you are available. We're using the default domain that gets created company.onmicrosoft.com
Rudy_Ooms_MVP's avatar
Rudy_Ooms_MVP
MVP
Jun 07, 2023

Edgar_Izaguirre 

 

Yep… teams :)…   Wondering how your fiddler trace looks like (already got 1)

 

using education licences ? 🙂

  • Rudy_Ooms_MVP's avatar
    Rudy_Ooms_MVP
    MVP
    Jun 08, 2023
    Yep plus 1… as the mmpc enrollment is different then the elevation policies :)… and the device didnt even got mmpc enrolled… so i still stick to the invalid endpoint error that got fixed yesterday… i whish i could explain the error and the fix but nda all the way 🙂
  • Mehboob Ahmad's avatar
    Mehboob Ahmad
    Copper Contributor
    Jun 08, 2023
    @Rudy Ooms - It *may* be a coincidence, but I have tried this in two different tenants now and nothing got installed until I updated the rules. I am using commercial tenants FYI. In any case I learnt a lot about OMA DM and Intune policy troubleshooting etc., so thanks for all the tips
  • FishingNotPhishing's avatar
    FishingNotPhishing
    Icon for Microsoft rankMicrosoft
    Jun 08, 2023
    I am skeptical that the actual rule contents had any effect on getting the agent installed. The contents are not inspected in this way. It's more likely that updating the rules (any update at all) triggered something that was stuck, which caused the new policy to get sent to the device. Having policy targeted to the device is what triggers the agent to be installed for the first time.
  • Rudy_Ooms_MVP's avatar
    Rudy_Ooms_MVP
    MVP
    Jun 08, 2023
    :)… that invalid endpoint wasnt bogus… believe me… k12 us school? Of course there could be also additional issues why epm wasnt deployed but that endpoint was 1 off them… which was resolved yesterday
  • Mehboob Ahmad's avatar
    Mehboob Ahmad
    Copper Contributor
    Jun 08, 2023
    So folks, I think I have cracked this! My mistake was that I had created elevation rules based off Windows 10 file (regedit and PowerShell in my case), while I was targeting to Windows 11 endpoints 😞 . ONce I updated the rules with Windows 11 version of files- it took a few policy refreshes for the elevation policy as well as rules to kick in, and magically the EPM components got installed 🙂 One would think that the elevation policy would still apply even with an invalid elevation rule, but not the case until I fixed the elevation rules. All that stuff about 'invalid endpoint URL' was bogus it seems like. Other notes: I enabled diagnostics and reporting after I verified everything was working, and that too is functional now (at least no errors) although still awaiting reports since apparently there is a 24 hour delay 'by design'. Also make sure to assign the 'Intune Suite license' to the targeted users (not sure if that is impactful but logically it would make sense to do so). Good luck.
  • Rudy_Ooms_MVP's avatar
    Rudy_Ooms_MVP
    MVP
    Jun 08, 2023

    JohnBWright 

     

    the same error : invalid endpoint?

    if so whats the domain you are using? 

  • JohnBWright's avatar
    JohnBWright
    Copper Contributor
    Jun 08, 2023
    I still have the error on all of my devices. Is there something we have to make the magic fix applicable to our domain/tenant?
  • Rudy_Ooms_MVP's avatar
    Rudy_Ooms_MVP
    MVP
    Jun 08, 2023
    For everyone following this thread... it got fixed!! (maybe not with magic... but not allowed to tell :P)

Resources