Share via

SCCM and co-management issue

Ruben Faustinita 80 Reputation points
2025-02-10T16:12:06.33+00:00

Good afternoon,

I'm opening this forum to try to understand a problem that's affecting a client of ours and that we can't figure out why.

The company has some internal applications with SSO in Entra and some internal network shares.

Everything worked perfectly with machines managed by SCCM and in the case of laptops. Managed in SCCM and Intune with co-management in pilot mode that had only a few machines in a collection to move up to intune.

Some policies were also created in Intune for these machines and these co-managed laptops were receiving them.

The applications worked fine and the network shares too.

In December of this year, when we added a new collection to the co-management including all the workstations, all the desktops stopped working.

The network shares can be accessed but they don't open the files and the applications crash all the time.

{3A10708A-79BB-4E2E-96C4-E8835FF630D0}

This process only happens for desktops. Laptops that receive exactly the same policies from intune continue to work perfectly, which is very strange.

We've done some tests and realised that it's when the machines start being managed by Intune that this problem happens immediately.

When we go to the control panel and remove the intune extension everything goes back to normal but as soon as SCCM pulls the machine into intune again the machine starts having problems.

Any idea what might be going on?

Has anyone experienced anything similar?

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,569 questions
Microsoft Configuration Manager

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Simon Ren-MSFT 38,901 Reputation points Microsoft Vendor
    2025-02-11T02:57:15.9566667+00:00

    Hi,

    Hope everything is going well.

    1,I suspect this is due to some Intune policy that gets applied ONLY for desktops and blocks this. We can compare applied Intune policies for desktops and laptops in Intune portal\Devices\Device configurations and find the difference. As shown below:

    Intune device poliy

    2,If the applied Intune device policies are the same for desktops and laptops, please also check the Security baselines and see if there is any special configuration for desktops.

    Intune security baseline

    Feel free to contact me if you have any concerns/queries.

    Best regards,

    Simon

    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Simon Ren-MSFT 38,901 Reputation points Microsoft Vendor
    2025-02-13T08:27:12.9233333+00:00

    Hi Ruben Faustinita,

    Thanks for your reply.

    1,Please check the Intunemanagementextension.log on the client machine to see if there is any useful information. Typically, the log is in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs.

    2,You can use the log file AppWorkload.log to help troubleshoot and analyze Win32 app management events on the client.

    3,Could this issue be related to your PowerShell script? Because PowerShell scripts will be run even if the Apps workload is set to Configuration Manager. The Intune management extension will be deployed to a device when you target a PowerShell script to the device.

    Thanks for your time. Have a nice day!

    Best regards,

    Simon

    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.