Forum Discussion

Scott Paterson's avatar
Scott Paterson
Copper Contributor
Jan 07, 2018

Intune Management Extension not installing

I am testing Intune/EMS on Windows 10 (1709) PCs and trying to get Powershell scripts to run without success. I think the issue is with the Intune Management Extension not installing but cant find mu...
Intune
WalterPrem's avatar
WalterPrem
Brass Contributor
Jun 12, 2019

Oliver Kieselbach 


So today, surprisingly, I got the Intune Management Extension working on a WorkplaceJoined PC by removing the work account, and then choosing Enroll only in device management instead (almost hidden on the right...).

For some reason, MDMdiag XML now reports MDMFull instead of MDMFullWithAAD, and to my surprise, after installing the IME, I'm receiving powershell scripts.

 

Again I have a lot of trouble finding documentation on the difference between the above, and why it's working if I use the Enroll only button rather than the CONNECT button.

 

The problem is still that, all our devices are joined to Intune with the CONNECT button either via the add school/work account menu or via the company portal.

This means I would still need to un-enroll and re-enroll all our "WorkplaceJoined" devices.

 

Maybe you know of a way to get "MDMFullWithAAD" devices to be "MDMFull"?

AlexanderKarls's avatar
AlexanderKarls
Copper Contributor
Jan 21, 2020

WalterPrem: Did you ever solved this? I got exactly the same problem 😞 

  • Ryan_Frazier's avatar
    Ryan_Frazier
    Copper Contributor
    Jun 12, 2020

    Just stumbling across this issue now after manually enrolling 50 or so devices and not realizing that PowerShell will not work on these devices.  Will using the local security policy editor "gpedit.msc" to set this attribute work for 100% remote devices?  I'll be trying this on a few but for the sake of time per device, it'd be nice to be able to disjoin from Work or School and then just set this bit and leave.

     

    Computer Configuration > Administrative Templates > Windows Components > MDM

     

    Microsoft also has provisions in the portal to change a device from "Personal" to "Corporate" owned... why would they not flip that device to Hybrid Joined then instead of making admins jump on all these machines physically... makes no sense.

  • WalterPrem's avatar
    WalterPrem
    Brass Contributor
    Jan 22, 2020

    AlexanderKarls 

    Well, the conclusion is that it's simply not supported for devices that are "manually" joined to Intune, e.g. when using add/remove account or the company portal.

    You need to use Windows Autopilot or Azure AD join during setup, or setup Hybrid environment (syncing computers) and rolling out Intune using GPO.

Resources