But, it appears from looking at the logs in the intune blade that, upon a 2nd (or 3rd or 4th ++) that intune tries to reinstall the apps? The device preparation phase contains the following steps. The name of the subkey is the date and time when the status of the app is logged. Value: True, Name: Disable Device ESP (choose any name that you want) I assume user targeted, did you also have apps that were done during the device setup part? Will check all points in the morning! If no MSI app is targeted, the subkey contains only the state of the Intune Management Extension application package. I've had a few apps that still install to user's appdata profiles even though it's marked as Device install. In the following example, the registry value is 1. In this situation, ESP fails. Works like a charm! In the following example, the registry value is 0. We roll-out computers using intune, we added them to intune using a DEM account, from settings --> accounts --> work & School, added to Azure Active Directory. EnrollmentStatusTracking CSP: ./Vendor/MSFT/EnrollmentStatusTracking.

Only SCEP certificate profiles deployed in device context are installed. I have 4 or 5 apps, all assigned to the machine, and not user. Also leave the USB drive IN till you logged the first user in! Also disable ESP and your problems are solved. Save my name, email, and website in this browser for the next time I comment. The EnrollmentStatusTracking registry subkey contains the following subkeys: This subkey contains information about the last step in the device preparation phase and the Win32 apps deployment information in the device setup phase.

The administrator simply chooses which apps are tracked on the ESP and until those ap… Data type: Boolean In this situation, Win32 app installation fails and returns an Another installation is in progress, please try again later error message. In this situation, ESP fails. So of course we removed the application 'block', and even disabled ESP entirely. The name of the subkey is the date and time when the status of the app is logged. Configuring Microsoft Defender Application Control causes a prompt to reboot during Autopilot. All LOB, Microsoft Store for Business and Win32 apps that are deployed in user context are installed. Already tried to assign that Galaxy Store app as Assignment type Uninstall? General Question. There are some known issues related to the ESP. The ESP shows up, Device preparation finishes in a second, Device setup finishes in a second, but it gets stuck at 'apps (identifying)! The FirstSyncStatus CSP is supported in Windows 10, versions 1709 and later versions. Also check the MDM diagnostic log file for any TPM-related error in CertReq_Enrollaik.txt and TpmHliInfo.txt. The InstallationState value under each Apps\Tracking\Sidecar\Win32App_{AppID} subkey shows the installation status of the Win32 app that's deployed in device context.

At this step, the device completes the Trusted Platform Module (TPM) attestation process and sends its hardware hash to Azure AD to prove its identity. When the hardware hash is imported, the Device Directory Service (DDS) creates the computer object. When the device setup phase starts, this subkey contains the creation status of the tracking policy and the Win32 apps being tracked by the SideCar provider. Therefore, the account setup is stuck on Identifying until the ESP times out and fails. That enables the user to be earlier productive. A device may never complete computing ESP policies if the current user doesn't have an Intune licensed assigned. Press question mark to learn the rest of the keyboard shortcuts.

As a result to that, a fully managed device looks by default similar to the one below. Still we get stuck at the 'apps (indentifying)' part.