Forum Discussion

WilliamBonomo's avatar
WilliamBonomo
Brass Contributor
Aug 07, 2023
Solved

Endpoint Privilege Management not deploying

Hi Everyone,   A while ago when EPM was on preview I have set up a rule and a group with 5 users for a quick test. It took ages to deploy to that test group but eventually, it deployed. Can't be pr...
Endpoint Privilege Management (EPM)
Intune
mobile device management (mdm)
  • WilliamBonomo's avatar
    WilliamBonomo
    Mar 05, 2024

    Just to finally close this one.

    After quite a lot of back-and-forth emails and remote sessions with Microsoft support, they weren't able to solve the issue. Even after requesting a few times for escalation the same badly trained support operator was kept in place.

    The funny part is that the solution came after our trial license expired, they asked us to purchase the EPM license to carry on with the troubleshooting and so we did. After assigning the licenses, EPM started to work and enroll the devices used by the users of our test group. Apparently, the trial licenses that we were using didn't work properly.

WilliamBonomo's avatar
WilliamBonomo
Brass Contributor
Aug 09, 2023
Hey. No, I don't see such a schedule, unfortunately.
Rudy_Ooms_MVP's avatar
Rudy_Ooms_MVP
MVP
Aug 09, 2023
Mmm can you be 100% those users are targetted by the epm policies? What does the status report tells you? What happens when trying to push the linkedenrollment csp yourself (have a blog about how to)
  • WilliamBonomo's avatar
    WilliamBonomo
    Brass Contributor
    Aug 09, 2023
    Yes, 100%.

    Triggering it manually has worked. My test PC is now on EPM.
    • Rudy_Ooms_MVP's avatar
      Rudy_Ooms_MVP
      MVP
      Aug 09, 2023

      Mmm... as if those devices are in some filter or blocked... Not sure... but some additional questions

       

      1. Can you share a screenshot for the assignment of the epm policy and if the user is in the status report(health policy etc)

      2. I assume (i know they arent otherwise the linkedenrollment csp would worked) those devices arent avd/cloud pc.

      3. I assume (i know because the linkedenrollmet csp worked)  there isnt ssl filtering.

      4. Can you post the output of winver? 

      Learn about using Endpoint Privilege Management with Microsoft Intune | Microsoft Learn

      5. I assume the devices are able to sync successfully with Intune (company portal/work school acount) 

      6. Those EPM policies, are those assigned to devices or users (i assume users when reading your question) if so... could you check if the users even have valid prt? dsregcmd /status in the user session

      7.  Please create a support ticket ... and if so could you share it (pm or something) ...

       

      • WilliamBonomo's avatar
        WilliamBonomo
        Brass Contributor
        Sep 06, 2023

        Rudy_Ooms_MVPHey. Sorry for the late reply. Been on holiday and also covering colleagues on holiday.

         

        1. It doesn't show the users on the Endpoin check-in status. Only those first ones I tested in the beggning and now the one we've enrolled manually.

        2. Negative

        3. There is but we've whitelisted the URLs as per Microsoft instructions.

        4. Version 22H2 (OS Build 19045.3208)

        5. Yes.

        6. Tried both but will be using users. Will attach the dsregcmd result.

        7. Will do.

         

         

Resources