Forum Discussion
Intune Management Extension not installing
Okay your issue is that you have technically a WorkPlace Joined (WPJ) device and not hybrid AADJ. Because of the use of manually add work/school acount the device is treated as WPJ. The WPJ scenario is not supported by MS for the Intune Management Extension (IME) and I'm not sure it will in near future. As WPJ is more targeted to BYOD and MS don't want to mess with BYOD devices by installing agents on personal devices.
To make the agent work you would need to WPJ un-enroll them and hybrid AADJ them via:
How To: Plan your hybrid Azure Active Directory join implementation
https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan
I'm sorry if this introduces efforts on your side.
The documentation is telling the fact only implicit by not telling that the IME is supported on WPJ devices:
The Intune management extension supports Azure AD joined, hybrid Azure AD domain joined, and co-managed enrolled Windows devices.
This is a bit confusing.
best,
Oliver
So today, surprisingly, I got the Intune Management Extension working on a WorkplaceJoined PC by removing the work account, and then choosing Enroll only in device management instead (almost hidden on the right...).
For some reason, MDMdiag XML now reports MDMFull instead of MDMFullWithAAD, and to my surprise, after installing the IME, I'm receiving powershell scripts.
Again I have a lot of trouble finding documentation on the difference between the above, and why it's working if I use the Enroll only button rather than the CONNECT button.
The problem is still that, all our devices are joined to Intune with the CONNECT button either via the add school/work account menu or via the company portal.
This means I would still need to un-enroll and re-enroll all our "WorkplaceJoined" devices.
Maybe you know of a way to get "MDMFullWithAAD" devices to be "MDMFull"?