Jan 07 2018 12:17 PM
I am testing Intune/EMS on Windows 10 (1709) PCs and trying to get Powershell scripts to run without success. I think the issue is with the Intune Management Extension not installing but cant find much information on how to troubleshoot this particular issue.
Can anyone advise how I get Powershell scripts to run ? TIA
Scott
Feb 07 2018 10:02 AM
I could handle hours, we are talking weeks, and still no Management Extension Service.
Feb 07 2018 10:13 AM
Feb 15 2018 06:52 PM
Hi Oliver,
I have been having similar issues, however I don't see any logs/folder you have in your troubleshooting steps.
I have noticed i have a quite a few entries under configuration source in a provision state and have been for a couple weeks now.
Any ideas for me?
Feb 16 2018 06:22 AM
Hi Matthew,
Can you check the status of the agent deployment via EnterpriseDesktopAppManagment CSP please?
best,
Oliver
Feb 18 2018 01:01 PM
Hi Oliver,
I went to check the registry but there is no folder for enterprisedesktopappmanagement, there is enterpriseappmanagement but the next level is database not and SID.
I have applied the intune script to a group that contains users. Is that a problem.
Matt
Feb 19 2018 02:09 AM
Hi Matt,
If you see no EnterpriseDesktopAppManagement then you did not received the MSI install job yet. Did you receive other policies from Intune?
I assume you are not seeing ./device/Vendor/MSFT/EnterpriseDesktopAppManagement/ in the Advanced MDM report?!?
Open Settings > Accounts > Access work or school > Connected to TenantName’s Azure AD > Info > scroll down to the bottom and click “Create report”
So the question here is, does your client receive any policies from Intune?
User assignment is correct!
Oliver
Feb 19 2018 01:36 PM
Hi Oliver
You are correct I don't received the policy you mentioned in the report.
I would assume it is working in some capacity, as I set the commercial ID for OMS and some computers are reporting data.
Matt
Feb 19 2018 02:46 PM
Hi Matt,
can you assign your user a new PowerShell script wait 10 min. and then sync again. After that can you examine the event log if you can find any evidence of a failed EnterpriseDesktopAppManagement CSP?!
Start event viewer > Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin
Maybe you can also try to enable “Show Analytic and Debug Logs" and then examine the Debug event log for errors.
best,
Oliver
Feb 22 2018 09:43 PM
Hi Oliver,
I have been in contact with Intune Support who said Intune Powershell isn't avaible on Azure Hybrid Joined PC's with not ETA for that to be available.
Hopefully this helps someone in the future 😞
Feb 23 2018 08:49 AM
Oh yes that's true I assumed AAD joined machines during discussion here all the time.
That's very good to mention here.
Jul 19 2018 06:07 AM
The device need to be auto-enrolled in MDM, not manually enrolled. Only with auto-enrollement installation of management extension is triggered.
Dec 28 2018 04:43 PM
Is there any way to trigger this with all of my manually enrolled devices?
Dec 28 2018 04:57 PM
I believe I have found the answer,
If both MAM user scope and automatic MDM enrollment (MDM user scope) are enabled for a group, only MAM is enabled. Only MAM is added for users in that group when they workplace join personal device. Devices are not automatically MDM enrolled.
Jan 14 2019 02:20 AM
Hi Matthew,
as time goes by things change :-), support for Hybrid Domain Joined devices is now available.
see here: https://docs.microsoft.com/en-us/intune/intune-management-extension
The Intune management extension has the following prerequisites:
best,
Oliver
Feb 13 2019 02:32 PM - edited Feb 13 2019 02:33 PM
I too am having issues deploying the Intune agent.
Specifically this scenario I have noticed
I can stand up a machine, join to AAD, it will push the intune agent. Powershell scripts work.
IF I RESET the Win 10 machine, it will re-join AAD, but the Intune agent never pushes.
Nothing under win\system32\config\systemprofile\appdata\local\mdm
Only a few error messages in Event viewer, but nothing I recognize as "intune agent failed to install"
The machine does show the MDMDeviceWithAAD property. CompanyPortal is installed via MS Store.
I have replicated this behavior on 4 different machines.
The one instance I did get the agent to repush, I had to REMOVE the AAD account under 'Accounts -> Work & School' - then re-join it to AzureAD. - The Intune agent re-pushed after this process.
Feb 14 2019 11:45 PM
For further investigations, which type of reset did you choose exactly?
With retaining userdata, Autopilot Reset, Factory Reset, ...
This might have additional impact on the situation.
Thanks for the info.
Feb 14 2019 11:47 PM - edited Feb 14 2019 11:55 PM
Reset with retain user data.
I've selected reset with retain user data from the device locally, and initiated via the Azure portal.
When the device finishes, the user profile is re-created and the device automatically joined to Azure AD. I go to Win Store and download Company Portal --- MSI apps that we set to install automatically like OpenDNS and Trend will download... but we never get the Intune agent after that reset event.
If I remove all AzureAD accounts from the laptop, switch back to local profile... then rejoin to AzureAD, I will get the intune agent again.
Feb 15 2019 12:03 AM
Out of curiosity did you try to reset without retaining user data. Maybe due to the retained user data there is some information stored which actually blocks the re-push of the agent.
Feb 15 2019 12:32 PM
As expected:
I performed a full wipe - the machine was not AAD joined afterward - It had a new identity (PC name) -- After manually rejoining AAD, manually reinstalling Company Portal, signing in as my AAD identity, Intune Agent downloaded. I can see in the DeviceManagment-Enterprise-Diagnostic-Provider a few new codes, 1922, 1920, 1906, 1905 - installing various GUID labeled programs - and now agent is available
I performed a 'Fresh Start' wipe on my other test machine. This retained the AAD association and PC name remained the same - after logging in, I manually reinstalled Company Portal. - after 3 hours, multiple reboots, manually initiating sync, No Intune agent.
I just removed the PC from azureAD, rebooted, rejoined manually, launched company portal, hit sync - Intune agent pushed to the machine.
Feb 20 2019 10:49 PM
I also experienced this today. I have run through a number of resets using "Keep my files" without an issue but today this occured. I am using 1809 Enterprise x64 patched up to 20-Feb on a Hyper-V VM. I will try a few more times and see what results.