Copilot for Microsoft 365 Tech Accelerator
Feb 28 2024 07:00 AM - Feb 29 2024 10:30 AM (PST)
Microsoft Tech Community

Servicing Profiles not picking up new devices

Brass Contributor

Hi,
We are currently testing the Servicing Profile feature (for M365 Apps) in our tenant. Results so far are not ideal.
All our devices are built via Autopilot and enrolled into Intune and AADJ. They are added to a servicing profile via a dynamic AAD Group membership. However, some devices show up and others do not, even after multiple days. They are all online and successfully communicating with Intune. The Servicing Profile config reports the correct number of devices in the AAD Group. Yet several devices just do not show up.
All the devices that are part of this test are connected directly to the internet (no proxy involved). The next phase of testing is to try testing with the Zscaler client active on the device (this is where we expect to see issues).
I've checked the registry keys mentioned in the docs and the videos on the Office Deployment insiders YouTube channel. Even the 'working' PCs don't seem to have the stated configuration.
Currently, we are at a loss to explain why some devices show up, but others don't.
Any assistance will be gratefully appreciated.

11 Replies
Hi Ivan, a few things to check:
1. Has the user launched the Microsoft 365 Apps at least once and signed into them with an AAD account from your tenant? If not, try this.
2. Does the following registry key exist: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\cloud\office\16.0\Common\officesvcmanager > TenantAssociationKey. The key should get created after the user has signed in and launched the M365Apps once. It is the token used to connect to the Apps admin center.
3. Is the device listed in the Apps admin center's inventory?

Please check above on an affected device and report back.

We also have a dedicated thread on troubleshooting inventory: https://techcommunity.microsoft.com/t5/microsoft-365-blog/onboarding-devices-in-the-microsoft-365-ap...
Hi Martin,
Many thanks for the reply. Answers to your questions are:
1) Yes, the end-user of the device has logged into either Outlook, Word or Teams on the device
2) Yes, that registry key exists
3) Yes I can filter to find the devices in the Inventory report

@Ivan Webb Thanks for checking. Given that the devices are in inventory (so communicate with the AAC backend), are in the AAD groups (so in-scope for Servicing Profiles), are AAD-J (we don't support AAD-R), there seems to be something off with how the group members are resolved and matched to the inventory.

 

Please go to the apps admin center, onto the servicing profile page and hit the feedback button on the top right corner. Include your original post, the things you already checked, mentioned "Rangers on TechCommunity" and leave your email. I will ping the team in the background, so we can start investigating your case.

Hi Martin,
I've done as you requested. I have also logged a 'premier' support ticket with MS, however, once they found this forum post they just directed me to follow your suggestions including the latest one.
If you want me to send you the support ticket number I'm happy to do so.
I'm in contact with the Support Engineer, we will work through the case and the Support Engineer is your PoC. I will try to help behind the scenes ;D

@Martin Nothnagel I am having the same issue.

 

Some devices are popping up but its also VERY slow. Let me know what you find out.

@HRobertsz We have identified and are working on fixing some delays in the system which slowed down initial onboarding and displaying the correct status in the admin UI. Things should have improved in the last few days. Let us know if you still see major delays.
Hi Martin,
Things have improved a bit with devices being detected and showing up. Reporting on their status is still an issue though. Many successfully updated devices still show as "In progress" or "Not started".
We are watching with interest how it handles the deployment of the latest office update.
Hi, we can repro the "status" flipping in our tenants, we are investigating the issue.
Hi Martin,
Thanks for the update. My customer has allowed us to start using Servicing profiles in production now. Numbers have improved dramatically in terms of device reporting in with the latest version of the Monthly Enterprise channel. However, we see the "Failed" numbers going up and down, disappearing, and coming back. At one point it got to 80+, and now it is 1.
Devices all show the "Internal Click-to-run issue 35" message at various stages (Discover, In-progress, Completed etc). I've passed this to the team who have the support ticket asking what it means. Currently waiting on a reply.

@Ivan Webb Error 35 is a transient issue which is caused by the agent not being able to fetch the current status from the C2R API, e.g. caused by system reboots (as the C2R service gets reset as well). It automatically retries to fetch the status, that's why you see the number of issues fluctuating.