Intune MDM Authority - NO SCCM present


  • Google has started blocking me for too many search query's and the Technet servers are overloaded.

    Clients are:

    • W10 v1709
    • Auto MDM Enrolled with AAD Token
    • Hybrid Azure AD Joined
    • Intune Device Configuration policy's apply nicely

    All is good, except software deployment. Company portal reports:

    "Your apps are located in Software Center"

    So, how do you move clients / force clients to use Intune for software installation?

    No SCCM present, never have been present.

    /Frederik Leed

    Thursday, November 02, 2017 11:13 PM

All replies

  • In your Azure Portal, if you go to Intune -> Device Enrollment -> Overview; what is your MDM Authority set to?

    Friday, November 03, 2017 12:49 AM
  • MDM Authority : intune

    /Frederik Leed

    Friday, November 03, 2017 8:34 AM
  • Define "move clients / force clients to use Intune for software installation"?

    Do you mean prevent all other application installation methods except Intune? Are you referring to Win32 apps, store apps, or both?

    Jason | | @jasonsandys

    Friday, November 03, 2017 1:14 PM
  • No, i just mean enable clients to get software installed by Intune. At the moment the message in Company Portal, where apps are located for non hybrid computers, the message is: "Your apps are located in Software Center"

    /Frederik Leed

    Friday, November 03, 2017 4:05 PM
  • @Jason i don't know if it still unclear what i'm trying to solve here?

    Intune normally works and still does for non-domain-joined computers. But domain-joined computers, are unable to get software deployed from Intune, they are only able to get Policy's.

    /Frederik Leed

    Friday, November 03, 2017 5:59 PM
  • Hello Frederik,

    It looks like that you are using SCCM Company Portal, NOT Intune Company Portal.

    Could you please open the Store from the Windows 10, and search for Company Portal?

    Please make sure the Company Portal in the store has been installed correctly.

    Best regards,

    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Monday, November 06, 2017 6:58 AM
  • Not using SCCM Company portal, how would that ever get on the device?

    Company Portal is installed from the "Store" app. (but normally for non-domain-joined computers, installed as a required app through Intune)

    /Frederik Leed

    Tuesday, November 07, 2017 7:02 PM
  • Frederik Leed - you're not going to believe this...I'm getting this EXACT same problem now too for a customer of mine.

    I'm using MDT to build Win 10 1709 machines and joining them to a domain.  The domain has been configured for hybrid Azure-AD join.  So when a machine joins the domain, Azure AD knows about it - and Intune does automatic enrolment.

    Now - in my _DOMAIN_, SCCM has NEVER been installed (and I know this because I'm an SCCM guy 

    I noticed in the Intune portal -> Devices -> All Devices and when I look at the Compliance column it says "See ConfigMgr".  Does your say that? 

    Wednesday, November 08, 2017 8:25 AM
  • Just for everyone else's reference this is a screen shot of the message...

    Wednesday, November 08, 2017 8:37 AM
  • Interesting, i have this problem too. My clients also registers as "See ConfigMgr" in Azure Intunes. If i register them manually they do not do this.
    I am also deploying my computers with MDT/WDS and have never had SCCM installed.

    Also on top of this some of my clients refuses to auto enroll with the error message in task scheduler:
    "The system tried to delete the JOIN of a drive that is not joined".

    Weird stuff. :)

    Wednesday, November 08, 2017 3:11 PM
  • Ok guys - I've discovered some more information about my customers environment which may assist you in solving this issue.

    I know everyone here has said SCCM has never existed - but has SCCM ever existed in another domain that's part of the same forest?  

    For my customer, we've found in another domain they used to have SCCM a few years ago.  SCCM has long since been decommissioned (this happened when my customer split from another department), but there are still management point objects in the Systems Management container.  This would also lead me to assume that at some point in time the SCCM Schema Extensions have been applied.  The schema extensions are FOREST wide.

    So even though I'm standing up Win10 1709 machines in a new DOMAIN, these schema extensions are still part of the larger forest.   I'm waiting for my customer to process a change control request to delete the stale MP objects from the other domain in the forest, and then to back-out the schema extensions that have been applied by SCCM to see if this clears the issue.

    If you're not an SCCM person and need to find the schema extensions - get hold of an SCCM iso and locate the "configmgr_ad_schema.ldf" file on it - open this in notepad and these are all the schema extensions that are applied (that you may need to reverse).

    I'll post back whether this was successful or not, but it may be a week or so for this change control to get processed.

    Wednesday, November 08, 2017 11:45 PM
  • > "This would also lead me to assume that at some point in time the SCCM Schema Extensions have been applied."

    It's not possible to have the MP objects without the schema extension.

    > "back-out the schema extensions"

    This is impossible and completely unnecessary. The most that can be done is to disable the additional classes and their/or their attributes but this is truly not necessary and has nothing to do with your issue.

    Jason | | @jasonsandys

    Thursday, November 09, 2017 2:29 AM
  • Cleaning up the management point objects and removing the Systems Management container didn't work.  I've recommended to the customer they raise a PSS ticket.  I'll update again with more information if this gets resolved or the issue identified.

    Monday, November 13, 2017 11:53 PM
  • The issue has been identified as a bug.

    From Microsoft Support:

    After a code review and a debugging session with our MS development team, we can now confirm it is a known issue which is affecting multiple customers. The fix is in progress and we are planning to deliver it in the next Intune monthly releases. I will let you know once the fix is available.

    If you need to reference our support ticket it's REG:117111317148943

    Tuesday, November 21, 2017 5:28 AM