Forum Discussion
Intune Management Extension not installing
Okay your issue is that you have technically a WorkPlace Joined (WPJ) device and not hybrid AADJ. Because of the use of manually add work/school acount the device is treated as WPJ. The WPJ scenario is not supported by MS for the Intune Management Extension (IME) and I'm not sure it will in near future. As WPJ is more targeted to BYOD and MS don't want to mess with BYOD devices by installing agents on personal devices.
To make the agent work you would need to WPJ un-enroll them and hybrid AADJ them via:
How To: Plan your hybrid Azure Active Directory join implementation
https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan
I'm sorry if this introduces efforts on your side.
The documentation is telling the fact only implicit by not telling that the IME is supported on WPJ devices:
The Intune management extension supports Azure AD joined, hybrid Azure AD domain joined, and co-managed enrolled Windows devices.
This is a bit confusing.
best,
Oliver
Thanks Oliver,
Yes, the confusion also comes from me thinking that "hybrid Azure AD domain joined" simply means being in a hybrid situation. Since, if you add a local-AD machine to Intune, it's also added to Azure AD and becomes Hybrid. We have AD connect set up (for password sync) and when people login to Outlook, the devices shows in Azure AD devices (even before add school/work account).
The other confusing part is that I would think MAM exists for BYOD scenarios (instead of WPJ), and I can use MDM if I decide to use all intune features on every devices I have (including local AD joined laptops). From my end, the devices don't look WPJ at all. They show as fully managed by intune MDM.
I will go over the hybrid AD join methods you linked and see if this can fix our issues.
I still believe it would be beneficial for all if every MDM intune (not MAM) would support the IME.
Thanks for you time.