I am testing Intune/EMS on Windows 10 (1709) PCs and trying to get Powershell scripts to run without success. I think the issue is with the Intune Management Extension not installing but cant find much information on how to troubleshoot this particular issue. Can anyone advise how I get Powershell scripts to run ? TIA Scott

The device need to be auto-enrolled in MDM, not manually enrolled. Only with auto-enrollement installation of management extension is triggered.

Hi Scott, maybe have a look at my blog post here: Deep dive Microsoft Intune Management Extension – PowerShell Scripts https://oliverkieselbach.com/2017/11/29/deep-dive-microsoft-intune-management-extension-powershell-scripts/ I cover inner workings and troubleshooting of the agent to find such particular issues with installing Intune Management Extension. Two things to check for agent install issues are event viewer and the Agent MSI install log: Start event viewer > Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin (event id 1924 and others) MSI install log: C:\Windows\system32\config\systemprofile\AppData\Local\mdm\ {25212568-E605-43D5-9AA2-7AE8DB2C3D09}.log best, Oliver

Hi Matthew, as time goes by things change :-), support for Hybrid Domain Joined devices is now available. see here: https://docs.microsoft.com/en-us/intune/intune-management-extension Prerequisites The Intune management extension has the following prerequisites: Devices must be joined to Azure AD and auto-enrolled. The Intune management extension supports Azure AD joined, hybrid domain joined, and comanaged enrolled Windows devices. GPO-enrolled devices aren't supported. Devices must run Windows 10 version 1607 or later. The Intune management extension agent is installed when a PowerShell script or a Win32 app is deployed to a user or device security group. best,Oliver

For further investigations, which type of reset did you choose exactly? With retaining userdata, Autopilot Reset, Factory Reset, ... This might have additional impact on the situation. Thanks for the info.

It would appear the issue has been resolved somehow by Microsoft. I attempted to replicate the exact problem twice yesterday - In both trials, The intune agent properly deployed itself and ran powershell script after a system was wiped, while retaining AzureAD Enrollment. I did not require the use of additional work-arounds like force-deploying the intune.msi as a Line-of-Business app

Intune Management Extension not installing

alkochetkov
Copper Contributor
Aug 24, 2021
Hello everyone, I have the same problem that is discussed below! After joining Azure Ad Intune, the Microsoft Intune Managenent extension service is not installed. I will tell you about this problem in more detail. I am using an enterprise Windows image 21H1 19043.1052 for installation. The image was created using sysprep /audit, and then sealed using sysprep /generalize. The task is to deploy this image on 200 machines and connect them to Azure AD, take control of Intune.There is no connection of machines to the local AD controller. When I deployed this image on the first machine and connected it to Azure AD, the machine connected correctly, the Microsoft Intune Management Extension service was installed and started correctly, all Win32 applications and policies come from Intune.Later, I deployed this image on five more test machines and connected them to Azure AD, they all have the same image: 1. The Microsoft Intune Management Extension Service is not installed. 2. In Intune, the machines are displayed strangely IRegistration_Windows_8/24/2021_9:55 am 3. In C:\ProgramData\Microsoft the IntuneManagementExtension 4 folder is missing. In the event viewer, Device Management-Enterprise Diagnostics 0 - Or errors 844, 76. This situation is observed on all other machines except the first one. There is a suspicion that Intune believes that this is a single machine, and does not install the Microsoft Intune Managenent extension service. It is not very clear which SID Intune binds to, and sysprep should have solved this problem. Please help me!!!
ProdigyHOU
Copper Contributor
Oct 16, 2020
Scott PatersonNeed to be on Windows 10 1803 or higher.
- rlabrecque_fsg
  Copper Contributor
  Jan 15, 2021
  I was running into this on one of my test PC's. We have Azure AD Free + Microsoft Intune Trial + Onsite/Inhouse AD Syncing with Azure AD.
  
  The setup in order was:
  
  1. Previously joined to Local Inhouse AD.
  2. Enroll in MDM only.
  3. Connected with Work or school account.
  
  In Intune's "endpoint" dashboard I see the device correctly:
  
  Name: RLABRECQUE-DT
  Management name: rlabrecque_Windows_1/15/2021_7:30 AM
  Intune Device ID: REDACTED-****-****-****-***************
  Azure AD Device ID: REDACTED-****-****-****-***************
  
  In Azure AD I see the Device as:
  
  Name: RLABRECQUE-DT
  Join Type: Azure AD registered
  MDM: Microsoft Intune
  
  I would receive business applications, but would not get the Intune Management Extension and Powershell scripts would not run as a result.
  
  The missing piece for me was in Intune on the Devices tab of the Intune "endpoint" dashboard the machine was Personal. As soon as I changed it to a Corporate Device, synced in Intune "endpoint" dashboard, synced in the "Managed by <Corp>" settings dialog on the device, and restarted the device, Intune Management Extension installed and the Powershell script ran!
  
  https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesWindowsMenu/windowsDevices
  - rlabrecque_fsg
    Copper Contributor
    Jan 15, 2021
    I should note that my other test PC which was setup like so:
    
    1. Connected with Work or school account
    2. Joined to Azure AD.
    3. Manually enrolled in MDM only.
    
    It also did say Personal device, but did not suffer from this issue.
BiljanaJaneva
Copper Contributor
Jul 19, 2018
The device need to be auto-enrolled in MDM, not manually enrolled. Only with auto-enrollement installation of management extension is triggered.
- Dylan Townsend
  Copper Contributor
  Dec 29, 2018
  Is there any way to trigger this with all of my manually enrolled devices?
  - Dylan Townsend
    Copper Contributor
    Dec 29, 2018
    I believe I have found the answer,
    
    If both MAM user scope and automatic MDM enrollment (MDM user scope) are enabled for a group, only MAM is enabled. Only MAM is added for users in that group when they workplace join personal device. Devices are not automatically MDM enrolled.
Nick Hogarth
MVP
Jan 08, 2018
Has the machine synced? Can you see any log files in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs ?
- Scott Paterson
  Copper Contributor
  Jan 08, 2018
  No this directory ( IntuneManagementExtension ) does not exist....
  - Oliver Kieselbach
    MVP
    Jan 15, 2018
    Hi Scott,
    
    maybe have a look at my blog post here:
    
    Deep dive Microsoft Intune Management Extension – PowerShell Scripts
    
    https://oliverkieselbach.com/2017/11/29/deep-dive-microsoft-intune-management-extension-powershell-scripts/
    
    I cover inner workings and troubleshooting of the agent to find such particular issues with installing Intune Management Extension.
    
    Two things to check for agent install issues are event viewer and the Agent MSI install log:
    
    Start event viewer > Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin (event id 1924 and others)
    
    MSI install log:
    
    C:\Windows\system32\config\systemprofile\AppData\Local\mdm\ {25212568-E605-43D5-9AA2-7AE8DB2C3D09}.log
    
    best,
    
    Oliver

Forum Discussion

Intune Management Extension not installing

Resources