Forum Discussion

Jason378's avatar
Jason378
Copper Contributor
Jul 27, 2023

Microsoft EPM Agent will not install.

I have configured my elevation settings and created an elevation rule:

They are assigned to a group with my test user as a member. EPM License has been assigned to the test user.

 

The endpoint targeted is running Windows 11 22H2 with June 5th updates:

My  elevation settings policy has been successfully applied to the endpoint.

However I am still not showing my Elevation Rules being applied:

Also inside File Explorer at c:\program files\ I am not seeing the "Microsoft EPM Agent" directory:

The endpoint is checked in and I can run other Intune related services against it successfully:

 

This has been days now since I began this supposed simple task of elevating an app. I have read Microsoft's Documentation along with many other's "User Experience" articles and blogs.

 

My app still does not have the right click menu option "Run with Elevation". I must assume this will not happen until the Microsoft EPM Agent is installed on the endpoint and the rule is successfully applied.

 

Any help would be appreciated.


Jason

 

 

 

  • Did you by any chance read my blogs about MMP-C and what happens when the device is enrolled with EPM? As manually installing the epm agent wont do anything without the device being enrolled into the microsoft managed platform - cloud

    This blog explains the first few steps in detail
    https://call4cloud.nl/2023/06/the-infernal-mmp-c-discovery/

    Of course you could also kick of the mmpc linked enrollment on your own with the use of the linked csp (do not use it in production)

    https://call4cloud.nl/2023/04/i-killed-my-epmagent-enrollment-hung-her-on-a-meathook-and-now-i-have-a-three-picture-deal-at-mmpc/#part12

    What domain are you using? as I know (and mentioned in the first blog I pointed out) that there was a small issue some time ago with k12 domains (which got resolved quickly..)

    Besides that... what is the dsregcmd /status output giving you ? I assume the device is adjoined succesfully and has a PRT?

    • Jason378's avatar
      Jason378
      Copper Contributor

      Rudy, thank you for your reply.

       

      I have read your blog, thank you for your work there.

       

      Our domain is a .org

       

      Here are some snippets of the dsregcmd output:


      I have not forced the MMP-C enrollment. Perhaps I will attempt that next. The test device is in production but I am confident it has the required patches.

       

      Thank you again!
      Jason

       

      • I would start by checking out the devicemanagement event logs, just like I showed in one of the blogs I mentioned. As those would certainly tell you or show you an error... If i have that error code/message we can probably solve (yeah we can 🙂 )
  • Jason378's avatar
    Jason378
    Copper Contributor

    Attempting to run the task in task scheduler, "Schedule created by dm client for dual enrollment to Mmpc" shows result 0x8018000B (Device not enrolled). 

     

     

  • Jason378's avatar
    Jason378
    Copper Contributor

    After attempting to install the EPM Agent manually the logs show the follow:

     

     

Resources