Company Portal Stuck In Download Pending/Device Syncing Loop

Brass Contributor

Hi all,


We published our first internal app and are attempting to distribute it with the Company Portal.  I have it set to be available to all users.  When I try to install it, it says "Download pending...  Your Device Is Syncing and will begin downloading your app shortly".  After a few seconds, it just says "Download pending..." for a few seconds and then goes back to "Download pending...  Your Device Is Syncing and will begin downloading your app shortly".  It repeats in this loop forever.  If I go to settings in the app, will appear to be syncing, then it will appear to complete (with success).  I can manually sync with no errors.





20 Replies
Hi, Is this experience with only one app or multiple apps? Could you tell more about the app itself
Maybe starting with looking at the IME flow and how the app is installed, maybe you will find the answer to your problem.
I would start by downloading cmtrace and opening the intune management log



Thanks for the reply.  I have made two apps and both exhibit the same behavior.  Both apps are .NET Core WPF apps.  If I look in the Intune admin console, it shows that the apps are requested, but does not show any install or failure.  


I went to check the logs, but I do not have a folder called "intunemanagementextension" under c:\programdata\microsoft...    I am running Win10Pro 21H2 build 19044.1415 on the client.  There is also not an intune extension folder under Program Files x86...


Thanks for assisting, we would really like to use the Company Portal as a solution for our company.





Ehhhh ... are those devices enrolled into Intune or?
@Rudy_Ooms_MVP Yes, the devices are enrolled in MDM and show up in the endpoint admin panel as being Intune managed,

@Rudy_Ooms_MVP I provisioned another device as Azure AD joined with another user as the primary user. They were were able to download the application without issue. Are msix line of business apps known to work in a BYOD scenario? I would assume if this was not supported, it do something more than just go into a download loop...

Your assistance is appreciated...

I did some test from what is working and whats not working with byod devices
But lob apps ... I am not sure If I did test them.. win32app are working.. so I would assume as the intune mgt extension is also installed as an msi... this should also work but again not tested it :)
Hi @Rudy_Ooms_MVP,

So any idea on what is going on? Is this bug impacting all devices in this scenario?





Just tested it with an aadr enrolled device and just installing win32apps from the company portal app works.. So if some is experiencing issues with it, i need to take a look at the ime log 




Hi @Rudy_Ooms_MVP,

Thanks for taking the time to try to repro. Can you let me know how to get the log? I'd love to be able to look at it, but I have not found any information about where logging goes when the intune management extension is not in use.






Could you first explain how these devices were added to Azure Ad/Intune or are they only aadr enrolled and not in intune/mdm? and what does dsregcmd tells you? 


The devices are Azure AD enrolled and MDM managed. They are set to "Company Owned". They show up in the Endpoint admin console and are marked as "Intune" managed, "Compliant", and "Corporate Owned". The account listed as the primary user in the console is the account I am using in the company portal. If I go into one of the devices to Managed Apps, I can see the apps in question as being "Available For Install". If I drill into the app, it shows a time when it was requested and then a device status date. Nothing shows an attempt to install or a failure.

Here is the output from dsregcmd /status (I redacted a few items)

| Device State |

AzureAdJoined : NO
EnterpriseJoined : NO
DomainJoined : NO
Device Name : [xxxx]

| User State |

NgcSet : NO
WorkplaceJoined : YES
WorkAccountCount : 1
WamDefaultSet : NO

| SSO State |

AzureAdPrt : NO
AzureAdPrtAuthority : NO
EnterprisePrt : NO
EnterprisePrtAuthority : NO

| Work Account 1 |

WorkplaceDeviceId : [xxxx]
WorkplaceThumbprint : [xxxx]
DeviceCertificateValidity : [ 2021-12-17 14:53:49.000 UTC -- 2031-12-17 15:23:49.000 UTC ]
KeyContainerId : [xxxx]
KeyProvider : Microsoft Platform Crypto Provider
TpmProtected : YES
WorkplaceIdp :
WorkplaceTenantId : [xxxx]
WorkplaceTenantName : [xxxx]
WorkplaceMdmUrl :
WorkplaceSettingsUrl :
NgcSet : NO

| IE Proxy Config for Current User |

Auto Detect Settings : YES
Auto-Configuration URL :
Proxy Server List :
Proxy Bypass List :

| WinHttp Default Proxy Config |

Access Type : DIRECT

| Ngc Prerequisite Check |

IsDeviceJoined : NO
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : YES
SessionIsNotRemote : YES
CertEnrollment : none
PreReqResult : WillNotProvision

Mmm.. So it's MDM enrolled but you are missing the Intune MGT extension? that's odd..  what happens when you manually install the intuneagent?


I have not tried that -- where would I get the installer from?

Isn't this expected behavior for non-domain joined machines? The extension is not installed in general BYOD scenarios...?


In the blog I mentioned earlier.. I performed a workplace join to get the device aadr and with the mam scope not configured it got intune enrolled also. So the device is only aadr and at that point the intune mgt was installed.

You can download it here if I am not mistaken
I am curious about what happens when you try to install it manually
Hi @Rudy_Ooms_MVP,

I installed it. It starts up and then stops and it uninstalls. I tried it a second time and it reproduces.


Could you


*check out how the device is marked? personal or corporate , if its marked as personal could you try changing it to corporate


*And how did you enroll the device? by adding a work or school account? Like I did in part 6

Azure Ad joined vs Azure Ad Registered | AADR vs AADJ | PRT (

Of course the mam scope needs to be disabled for that user


*ALso check if the device is auto-enrolled


Go to Settings > Accounts > Access work or school.
Select the joined account > Info.
Under Advanced Diagnostic Report, select Create Report.
Open the MDMDiagReport in a web browser.
Search for the MDMDeviceWithAAD property. If the property exists, the device is auto-enrolled. If this property doesn't exist, then the device isn't auto-enrolled.
Enable Windows 10 automatic enrollment includes the steps to configure automatic enrollment in Intune.


*Could you also check out: HKLM\SOFTWARE\Microsoft\EnterpriseDesktopAppManagement\


It's a shame I cant get my hands on that device(s)...  :)




(the account and the "connected by" match)


Originally, it had a work account only.  To get it into Intune and to get the company portal to work, I removed the account, did an MDM enrollment and then re-added the account.


There is no "Info" option under the work account, only the MDM item.  I did the export and do not see that property.  Would it be in the top level html file?




What happens when you remove them both (if possible) and make sure the mam scope is notconfigured. and try to add the work/school account. Also just wondering what kinda license does that user has?

The user has Microsoft 365 Business Premium. I will try it, but can you clarify what you mean the "mam scope"? Where would I see that?