Forum Discussion
Endpoint Privilege Management not deploying
Hi Everyone,
A while ago when EPM was on preview I have set up a rule and a group with 5 users for a quick test. It took ages to deploy to that test group but eventually, it deployed. Can't be precise how long it took because I had to work on other tasks but it was for sure more than a week.
I currently have a trial activated for EPM and I have about 15 users for the test however it only deploys for the 5 people from my first test when it was under preview. The rest of them doesn't get the EPM rules, they are on Windows 11 latest version AAD joined.
Does anyone have any idea why it doesn't deploy to the others?
I've tested on a Win 10 hybrid joined with all updates installed, no joy. On this machine I also tried to install KB5023773 but it says "The update is not applicable to your computer".
Thanks, Will.
Just to finally close this one.
After quite a lot of back-and-forth emails and remote sessions with Microsoft support, they weren't able to solve the issue. Even after requesting a few times for escalation the same badly trained support operator was kept in place.
The funny part is that the solution came after our trial license expired, they asked us to purchase the EPM license to carry on with the troubleshooting and so we did. After assigning the licenses, EPM started to work and enroll the devices used by the users of our test group. Apparently, the trial licenses that we were using didn't work properly.
9 Replies
Just to finally close this one.
After quite a lot of back-and-forth emails and remote sessions with Microsoft support, they weren't able to solve the issue. Even after requesting a few times for escalation the same badly trained support operator was kept in place.
The funny part is that the solution came after our trial license expired, they asked us to purchase the EPM license to carry on with the troubleshooting and so we did. After assigning the licenses, EPM started to work and enroll the devices used by the users of our test group. Apparently, the trial licenses that we were using didn't work properly.To know what is happening on the device, we need to begin at the start.
When the device is being targetted by epm rules/policies a seperate policy will be deployed to those devices to enable the linkedin enrollment (an additional aka dual enrollment will be created on the device)
MMP-C Discovery failed | No valid Endpoint | EPM (call4cloud.nl)
So my first guess would be to start there to check out if the scheduled task to enable the dual enrollment get created and what kind of errors you get in the devicemanagement event log ( this event will will tell you step by step of whats happening)
Inside this blog I also show the bigger pitcture of whats happening after the discovetry
MMP-C | Microsoft Management Platform Cloud (call4cloud.nl)
If you have some screenshotst from the event log in chronicle order... we can find out whats happening
Rudy_Ooms_MVPThank you very much for getting back to me.
Thank you for the great articles as well, they are quite educative.
I didn't find any related error on the event viewer under DeviceManagement-Enterprise-Diagnostics-Provider.I couldn't find the registry related to EPM under ...\EnterpriseDesktopAppManagement\...
When Fiddler is opened I can't force the synchronization, it errors and Fiddler shows and error. When I close Fiddler I can force the sync again but don't see any error on Event Viewer.
mmm thats really odd… as there must be something being logged in those evnt logs (just like i showed in the blogs)
as we need to know to which point the device could get. Is the schedule for dual enrollment even created on the device in the enterprisemgt task scheduler?
