Intune Management Extension

4 Topics

Intune Management Extension Deployment
Hi Team, we have had previous issues with the IME deployment not passing through our firewall until a select few urls were added to the whitelist. I have been informed that we are now blocking login.live.com for whatever reason but this is now stopping the agent from deploying internally onto newly enrolled devices!! My question is this, if this block remains in place (out with my control) will agents that are installed still be able to update and communicate correctly with the Azure servers? From my understanding and testing it just needs the connection to the login.live.com once for initial deployment and also the Company Portal needs to make an initial contact but then remaining contact is made via manage.microsoft.com url and possibly another one? hopefully looking form some guidance and advice to take forward to my management team
Solved
JamieMcC1590
Jun 15, 2025 Place Microsoft Intune
257Views
0likes
5Comments
Intune Management Extension msi not installing
Hi, We're a newly setup intune hybrid join environment. All our computers are showing in Intune and compliant, however a large chunk are not actually properly setup. They do not roll out apps nor do they run scripts. On a test machine with the problem I've determined that Intune Management Extension isn't actually installed. I've followed various online blogs to track down logs, etc. There appears to be something missing or not running on these computers that means IME can't install. If I manually run the MSI in the "C:\Windows\System32\config\systemprofile\AppData\Local\mdm" directory with no quiet install I can see it eventually fails with the message "There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor". I ran with command line and got a verbose log file generated which states at the end "Installation success or error status: 1603." I can't find any useful help online. Does anyone have suggestions as to what might be blocking the install? Thanks!
sjgibb99
Aug 15, 2024 Place Microsoft Intune
10KViews
0likes
13Comments
InTune management extension SecureChannelFailure (Could not create SSL/TLS secure channel)
I'm experiencing networking problem when Microsoft Endpoint manager is trying to deploy InTune management extension from https://endpoint.microsoft.com/ to a Win10 device within a company network. Extract from C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log: <![LOG[starting impersonation, session id = 2]LOG]!><time="10:12:27.0961922" date="4-16-2022" component="IntuneManagementExtension" context="" type="1" thread="4" file=""> <![LOG[ After impersonation: DESKTOP-SEFFEL8\AdminAccount]LOG]!><time="10:12:27.0961922" date="4-16-2022" component="IntuneManagementExtension" context="" type="1" thread="4" file=""> ... <![LOG[Current proxy is http://company-proxy-url/]LOG]!><time="10:12:27.0961922" date="4-16-2022" component="IntuneManagementExtension" context="" type="1" thread="4" file=""> ... <![LOG[[IsWebExceptionRetryable] web exception status = SecureChannelFailure]LOG]!><time="10:12:27.2368570" date="4-16-2022" component="IntuneManagementExtension" context="" type="1" thread="4" file=""> <![LOG[WebException occurs, and it's not retryable exception, exception is System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel. at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) at System.Net.HttpWebRequest.GetRequestStream() at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.EmsServiceBase.<SendWebRequestWithProxy>d__20.MoveNext()]LOG]!><time="10:12:27.2368570" date="4-16-2022" component="IntuneManagementExtension" context="" type="3" thread="4" file=""> The network in question relies on a "AutoConfigURL" registry setting for proxy auto-configuration script and a custom root certificate added to "Trusted Root Certificate Authorities" in certificate manager. I've already configured these settings for all interactive users and internet connectivity is tested to work from Microsoft Edge and C# code using System.Net.WebRequest and System.Net.HttpClient to access HTTPS content. The Win10 device is listed as connected on https://endpoint.microsoft.com/ , so the connectivity problem seem to be limited to just the InTune management extension. IntuneManagementExtension.log furthermore indicate that the agent is able to impersonate the logged-in admin account and use the correct proxy server, so I'm struggling to understand the reason for the networking problems. Computer details: Windows 10 IoT LTSC 2021 (x64). InTune management extension 1.53.204.0.
forderud_ge
Jun 15, 2022 Place Microsoft Intune
10KViews
0likes
15Comments
Intune Management Extension - Script security advice
I need to deploy a PowerShell script via Intune Management Extension that uploads output to blob storage. Using a storage key is the easiest way to authenticate but the key would be displayed in plain text in the IME log file. What is the best method to secure/obscure the key, or what is a better method to securely authenticate to the storage account to upload the output?
protagonistwk
May 05, 2021 Place Microsoft Intune
2.6KViews
0likes
1Comment