Forum Discussion
Intune management extension disappears from devices
Hey,
I encountered a very strange issue with the Intune management extension on my custoemrs hybrid joined devies.
Devices are hybrid joined successfully, synced to Azure AD, visible and compliant in Intune, software is installed from Intune and on-premise via gpo, policies are applied and then after some short time the Intune management extension is uninstalled automatically and no Azure AD joined status visible in settings. Via dsregcmd I can see that the device is still joined to both but even after manually isntalling the extension, it is uninstalled again and again.
Do you have any ideas regarding this issue?
Thanks and regards
- Hi,
I guess you move the workloads to Intune right? Did you also removed the sccm client before enrolling the device in to Intune
https://www.cloud-boy.be/portfolio/silently-remove-sccm-client-and-enroll-device-in-intune/
Anything useful in the DeviceManagement-Enterprise-Diagnostic-Provider log?- Julian12Brass ContributorHi Rudy,
currently the customer has no sccm sp there is no client to remove.
I will have a look at the event log tomorrow, will report back then.- Julian12Brass ContributorThe problem still persists, the devices are getting Intune joined and domain joined and after short time the Intune Management Extension disappears and only the Domain join is visible under the Accounts menu.
Eventlogs also not helpfull so far^^
Anyone an idea the resolve this?
- se8791Brass Contributor
@Julian12
Same here
I see it installing the IME agent (when task gets kicked off to enroll device), then uninstalling 5 mins later - never shows in Intune as managed
How are you enrolling that device into intune it i may ask :)… wondering what happens when you use my intunesyncdebugtool on that device (powershellgallery)
- rant2dtCopper ContributorI have a similar issue. I'm using an intune configuration profile to apply edge extensions and they won't stay. Has anyone had any issues like this one?
- DarthVadorCopper ContributorHi,
Do we have a resolution for that? I'm experiencing the same issue.
I did installed the agent manually, the service appears for 5 minutes and then got removed.
I have several devices like that, but the strange things is that they appears in Intune and get receive configuration profiles, however the script to retrieve the Bitlocker recovery key are not running because of that.
We don't have SCCM either here.
Thank you.- Julian12Brass ContributorHi, yes, the problem on our side was that we configured the false gpos for fresh devices.
When you hybrid join new devices via the Autopilot process you mustn't configure a gpo for intune enrollment, otherwise this gpo removes the Intune service.
For devices which are already running and which should be hybrid joined without a new installation you need to configure the gpo with the User credential option.
Hope this helps.- DarthVadorCopper ContributorThanks Julian.
That's very odd, because this is exactly how it's configured on our end, using user's credential option and the few machines that have this problem haven't been enrolled during the Autopilot process.
I'm going to dive deeper in the logs as so far, nothing was really helpful but I will share my findings on that post.
- TonsilTimCopper ContributorIm am still facing an Issue here. In my situation the workstation is not hybrid joined. We have simply enrolled a workstation into Intune, We can see the contents of the C:\Program Files (x86)\Microsoft Intune Management Extension is fully populated with files and then 5 min later its empty again. Anti-virus has been completely removed.
I have tried disconnecting from MDM enrolment and re-adding it. After re-adding the device the contents of C:\Program Files (x86)\Microsoft Intune Management Extension are populated again with files and then 5 min later they are all gone. This is driving me nuts. I dont want to just format and re-load. I want to get to the root of this issue.- DarthVadorCopper ContributorYou can try this PS module, it saved me several time https://www.powershellgallery.com/packages/intunesyncdebugtool/1.0.0.19.
If you are on the same network and enabled PS remoting on the targeted device, you can install that module and run it remotely using Enter-PSsession command.
Install command : Install-Module -Name intunesyncdebugtool
Once installed run : test-intunesyncerrors
This should tell you where the problem is but will also try to re-enroll the device properly.
Hope that helps.- replierCopper Contributor
Weird, I tested it with my autopilot device and it said it's not enrolled.
The intune management is installed.
I'll try it with the bad actors tomorrow.