App Deployment Tech Blog (mostly): 2025

Thursday, August 28, 2025

Intune Management Extension Log Files

AI / Human generated

Here’s a breakdown of what each of the log files you listed typically records, especially in the context of Microsoft Intune and Windows device management:

1. `agentexecutor.log`

Logs activity related to the execution of agents within the Intune Management Extension (IME). This includes running PowerShell scripts, Win32 apps, and other tasks assigned to the device.

2. `appactionprocessor.log`

Tracks actions taken on applications, such as installation, uninstallation, and detection logic. It helps diagnose issues with app deployment and processing.

3. `appworkload.log`

Monitors workload-related operations for applications, including how apps are handled during provisioning or policy enforcement. It may log transitions between workloads or app states.

This log reveals

Intune App GUIDs and associated App Names
Detection methods and status
App Installation command lines
Installation Exit Codes
AutoPilot ESP application queuing and execution progress

Useful search strings

In EspPhase
which need to be installed for current phase of ESP
<installation command line of apps>
Launch Win32Appinstaller

4. `devicehealthmonitoring.log`

Captures device health data, including performance metrics, error states, and compliance status. Useful for identifying devices that may be failing or out of compliance.

5. `healthscripts.log`

Logs execution of health check scripts deployed via Intune. These scripts are used to assess and report on device health, and the log includes output and any errors encountered.

6. `intunemanagementextension.log`

Primary log for the Intune Management Extension (IME). It records all activities related to the extension, including script execution, app deployment, and communication with Intune services.

7. `sensor.log`

Logs data from sensors used for endpoint analytics or monitoring. This can include performance data, boot times, and other telemetry collected for analysis.

8. `win32appinventory.log`

Tracks inventory of Win32 applications on the device. It logs detection, installation status, and reporting back to Intune about the presence and state of Win32 apps.

Tuesday, August 19, 2025

Locating the Intune Win32app install time in the registry

The following allows you to know when an Intune App installed if there are no log files generated by the install.

Intune apps have an associated GUID which is displayed at the end of the URL when viewing the app in Intune.

This corresponds to the GUIDs written in various places below here

HKLM\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps

e.g.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps\OperationalState\00000000-0000-0000-0000-000000000000\c1872573-4036-4eef-9228-d6e932b2d9f9

"ExecutionStatus"="Completed"

"ExecutionTime"="05/01/2025 09:51:19"

"ExecutionType"="Install"

"ExecutionReason"="Default"

"ExecutionReboot"="Clean"

In the above example the app with GUID c1872573-4036-4eef-9228-d6e932b2d9f9 executed its installation at "05/01/2025 09:51:19"

Checking the Endpoint Intune Configuration Profile status - has the policy arrived?

We'll I've set it and I've synced it but is it there?

Even if your configuration profile (CP) has arrived and doing it's thing, you probably still want to see how that happened. If your CP is not doing it's thing, then you'll want to check it has arrived and what it actually looks like.

Everything here assumes a Windows devices that is correctly enrolled and managed by Intune.

First locate the GUID of the management provider GUID. A folder in the following location will carry this GUID

C:\ProgramData\Microsoft\DMClient\<Provider GUID>
also
HKLM\SOFTWARE\Microsoft\EnterpriseResourceManager\Tracked\<Provider GUID>

Now you can go into the registry and see the evidence of the CPs arriving here and what their settings are:

HKLM\SOFTWARE\Microsoft\PolicyManager\Providers\<Provider GUID>\default\device

HKLM\SOFTWARE\Microsoft\PolicyManager\Providers\<Provider GUID>\default\<User SIDs>

Successful CP implementations are then reflected here often with accompanying keys confirming the GUID of the Provider which is responsible for applying the setting. This is not that helpful though. Typically you already know the GUID of the provider.

HKLM\SOFTWARE\Microsoft\PolicyManager\current\device

HKLM\SOFTWARE\Microsoft\PolicyManager\current\<User SIDs>

HKLM\SOFTWARE\Microsoft\PolicyManager\Providers\<Provider GUID>\default\device\ADMX_

The above type of policies maybe migrated from GPOs and the active settings still applied and operating under

HKLM\SOFTWARE\Policies

Unlike GPOs, at the time of writing there is no known way to locate a policy on the client and reverse lookup which configuration profile is applying the setting. But you love hunting through hundreds of configuration profiles for settings right?

Tuesday, July 8, 2025

Prevent "Pick an Account" prompt in Edge

There are one are more several accounts on different tenants and edge annoying repeatedly asks you which one to use when you are using your normal Edge profile signed into the correct tenant account.

Typically you'll probably have one main account which you use all the time and others which you use less often.

To prevent this prompting go to Settings_Accounts_Access work or school and remove the other accounts which are not used that often.

Wednesday, July 2, 2025

Autopilot AAD Registers device instead of AAD Join

Certain devices would consistently fail to AAD/Entra Join during Autopilot. The devices would show as AAD/Entra Registered instead of AAD/Entra Joined in the Intune device list. Autopilot would complete and the build would appear to be normal but the failure to AAD/Entra Join resulted in unexpected states. For example Windows 11 would update itself to a release level 24H2 which was not sanctioned by the Intune MDM for the current platform.

The solution was to delete the Autopilot device from the Enrolled devices list and then upload a fresh hardware hash.