Forum Discussion

WilliamBonomo's avatar
WilliamBonomo
Brass Contributor
Aug 07, 2023
Solved

Endpoint Privilege Management not deploying

Hi Everyone,   A while ago when EPM was on preview I have set up a rule and a group with 5 users for a quick test. It took ages to deploy to that test group but eventually, it deployed. Can't be pr...
Endpoint Privilege Management (EPM)
Intune
mobile device management (mdm)
  • WilliamBonomo's avatar
    WilliamBonomo
    Mar 05, 2024

    Just to finally close this one.

    After quite a lot of back-and-forth emails and remote sessions with Microsoft support, they weren't able to solve the issue. Even after requesting a few times for escalation the same badly trained support operator was kept in place.

    The funny part is that the solution came after our trial license expired, they asked us to purchase the EPM license to carry on with the troubleshooting and so we did. After assigning the licenses, EPM started to work and enroll the devices used by the users of our test group. Apparently, the trial licenses that we were using didn't work properly.

Rudy_Ooms_MVP's avatar
Rudy_Ooms_MVP
MVP
Aug 08, 2023

WilliamBonomo 

To know what is happening on the device, we need to begin at the start.

When the device is being targetted by epm rules/policies a seperate policy will be deployed to those devices to enable the linkedin enrollment (an additional aka dual enrollment will be created on the device)

 

MMP-C Discovery failed | No valid Endpoint | EPM (call4cloud.nl)

 

So my first guess would be to start there to check out if the scheduled task to enable the dual enrollment get created and what kind of errors you get in the devicemanagement event log ( this event will will tell you step by step of whats happening)

 

Inside this blog I also show the bigger pitcture of whats happening after the discovetry

MMP-C | Microsoft Management Platform Cloud (call4cloud.nl)

If you have some screenshotst from the event log in chronicle order... we can find out whats happening

WilliamBonomo's avatar
WilliamBonomo
Brass Contributor
Aug 09, 2023

Rudy_Ooms_MVPThank you very much for getting back to me.

Thank you for the great articles as well, they are quite educative.


I didn't find any related error on the event viewer under DeviceManagement-Enterprise-Diagnostics-Provider.

I couldn't find the registry related to EPM under ...\EnterpriseDesktopAppManagement\...

 

When Fiddler is opened I can't force the synchronization, it errors and Fiddler shows and error. When I close Fiddler I can force the sync again but don't see any error on Event Viewer.

 

 

  • Rudy_Ooms_MVP's avatar
    Rudy_Ooms_MVP
    MVP
    Aug 09, 2023

    WilliamBonomo 

     

    mmm thats really odd… as there must be something being logged in those evnt logs (just like i showed in the blogs)

     

    as we need to know to which point the device could get. Is the schedule for dual enrollment even created on the device in the enterprisemgt task scheduler?

    • WilliamBonomo's avatar
      WilliamBonomo
      Brass Contributor
      Aug 09, 2023
      Hey. No, I don't see such a schedule, unfortunately.
      • Rudy_Ooms_MVP's avatar
        Rudy_Ooms_MVP
        MVP
        Aug 09, 2023
        Mmm can you be 100% those users are targetted by the epm policies? What does the status report tells you? What happens when trying to push the linkedenrollment csp yourself (have a blog about how to)

Resources