Forum Discussion
Intune Management Extension not installing
Hi Matt,
If you see no EnterpriseDesktopAppManagement then you did not received the MSI install job yet. Did you receive other policies from Intune?
I assume you are not seeing ./device/Vendor/MSFT/EnterpriseDesktopAppManagement/ in the Advanced MDM report?!?
Open Settings > Accounts > Access work or school > Connected to TenantName’s Azure AD > Info > scroll down to the bottom and click “Create report”
So the question here is, does your client receive any policies from Intune?
User assignment is correct!
Oliver
Hi Oliver
You are correct I don't received the policy you mentioned in the report.
I would assume it is working in some capacity, as I set the commercial ID for OMS and some computers are reporting data.
Matt
Hi Matthew,
as time goes by things change :-), support for Hybrid Domain Joined devices is now available.
see here: https://docs.microsoft.com/en-us/intune/intune-management-extension
Prerequisites
The Intune management extension has the following prerequisites:
- Devices must be joined to Azure AD and auto-enrolled. The Intune management extension supports Azure AD joined, hybrid domain joined, and comanaged enrolled Windows devices. GPO-enrolled devices aren't supported.
- Devices must run Windows 10 version 1607 or later.
- The Intune management extension agent is installed when a PowerShell script or a Win32 app is deployed to a user or device security group.
best,
OliverFor further investigations, which type of reset did you choose exactly?
With retaining userdata, Autopilot Reset, Factory Reset, ...
This might have additional impact on the situation.
Thanks for the info.
It would appear the issue has been resolved somehow by Microsoft.
I attempted to replicate the exact problem twice yesterday - In both trials, The intune agent properly deployed itself and ran powershell script after a system was wiped, while retaining AzureAD Enrollment.
I did not require the use of additional work-arounds like force-deploying the intune.msi as a Line-of-Business app
Thanks Oliver,
Yes, the confusion also comes from me thinking that "hybrid Azure AD domain joined" simply means being in a hybrid situation. Since, if you add a local-AD machine to Intune, it's also added to Azure AD and becomes Hybrid. We have AD connect set up (for password sync) and when people login to Outlook, the devices shows in Azure AD devices (even before add school/work account).
The other confusing part is that I would think MAM exists for BYOD scenarios (instead of WPJ), and I can use MDM if I decide to use all intune features on every devices I have (including local AD joined laptops). From my end, the devices don't look WPJ at all. They show as fully managed by intune MDM.I will go over the hybrid AD join methods you linked and see if this can fix our issues.
I still believe it would be beneficial for all if every MDM intune (not MAM) would support the IME.
Thanks for you time.Hi Matt,
can you assign your user a new PowerShell script wait 10 min. and then sync again. After that can you examine the event log if you can find any evidence of a failed EnterpriseDesktopAppManagement CSP?!
Start event viewer > Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin
Maybe you can also try to enable “Show Analytic and Debug Logs" and then examine the Debug event log for errors.
best,
Oliver
Hi Oliver,
I have been in contact with Intune Support who said Intune Powershell isn't avaible on Azure Hybrid Joined PC's with not ETA for that to be available.
Hopefully this helps someone in the future :(
Oh yes that's true I assumed AAD joined machines during discussion here all the time.
That's very good to mention here.
I too am having issues deploying the Intune agent.
Specifically this scenario I have noticed
I can stand up a machine, join to AAD, it will push the intune agent. Powershell scripts work.
IF I RESET the Win 10 machine, it will re-join AAD, but the Intune agent never pushes.
Nothing under win\system32\config\systemprofile\appdata\local\mdm
Only a few error messages in Event viewer, but nothing I recognize as "intune agent failed to install"
The machine does show the MDMDeviceWithAAD property. CompanyPortal is installed via MS Store.
I have replicated this behavior on 4 different machines.
The one instance I did get the agent to repush, I had to REMOVE the AAD account under 'Accounts -> Work & School' - then re-join it to AzureAD. - The Intune agent re-pushed after this process.
Reset with retain user data.
I've selected reset with retain user data from the device locally, and initiated via the Azure portal.
When the device finishes, the user profile is re-created and the device automatically joined to Azure AD. I go to Win Store and download Company Portal --- MSI apps that we set to install automatically like OpenDNS and Trend will download... but we never get the Intune agent after that reset event.
If I remove all AzureAD accounts from the laptop, switch back to local profile... then rejoin to AzureAD, I will get the intune agent again.
Out of curiosity did you try to reset without retaining user data. Maybe due to the retained user data there is some information stored which actually blocks the re-push of the agent.
