Microsoft_Intune_DeviceSettings extension failed to load.

New Contributor

When I am trying to access endpoint.microsoft.com, I get the below message about intune device settings extension, then the screen continues to show the 3 dots and nothing happens. This only happens on our corporate network. It loads fine when on home internet. 

 

Things I have tried: 

 

- confirmed third party cookies enabled for this site

- no pop-ups being blocked. 

- cannot see any traffic being blocked on the firewall. As per closest article i've found: https://techcommunity.microsoft.com/t5/microsoft-intune/error-while-loading-extension-microsoft-intu... I whitelisted graph.windows.net on the FW with no success. 

- I have tried Chrome, Edge, both normal and in incognito mode. 

 

I have also included a screenshot from fiddler to show the process the browser goes through. I tried adding those URL's to permitted sites on the FW with no luck. Any advice would be appreciated. 

lalan8499_0-1652815572363.png

lalan8499_1-1652815583796.png

lalan8499_2-1652815830567.png

 

 

 

5 Replies

Hi.. seen it happening with ssl inspection software/firewalls or something like Pihole. if it works at your home internet... there must be some blocker at the corporate network.

Hi Rudy,

Thank you for the response. I thought I had replied earlier. That is my thought as well, but i've tried suggestions to unblock graph.windows.net I saw in another post, as well as making sure to add all related URL's to the whitelist on the FW with no luck. I even went as far as excluding from SSL with the same behavior.

@lalan8499 What happens when you access https://afd.hosting.portal.azure.net directly? It should return a 404 but it'll let you test if the SSL/TLS-handshake is successful.

 

Like @Rudy_Ooms_MVP, I would expect there's some kind of inspection going on somewhere along the route. Is there a proxy in play?

What happens when totally removing/bypassing the proxy/ssl inspection that is configured.I am assuming that works as expected? because that sandbox-60 mentioned is your proxy or?

@Rudy_Ooms_MVP  We confirmed that it works as expected, as we have done it successfully for other websites. After some more investigation, we found out that the microsoft-intune application category on the palo alto fw was being blocked. we didn't see it in the original traffic as we had to investigate a bit in url logs to determine which IP it was re-directing to.