I have my device auto-enrolled to Intune through SCCM configuration policy. The purpose of the enrollment is to manage devices for bitlocker through intune. the policies are getting applied. My requirement is to first decrypt the devices as we are opting to get devices encrypted with algorithm "XTS AES 256" so we have to first decrypt all devices with algorithm other than XTS AES 256. I have created a Powershell script to decrypt the drive. But the script is not getting executed and I find out that IME (Intune management extension" service is not installed on the devices. In the event logs (Admin) for "DeviceManagement-Enterprise-Diagnosti-Provider", i found the below error:-
MDM ConfigurationManager: Command failure status. Configuration Source ID: (4AC86151-9C54-4A78-8F4C-C831B7CC051F), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified.).
In the intune extension manager log, i found the below error:-
Failed to open registry key 'Software\Microsoft\IntuneManagementExtension\Policies\00000000-0000-0000-0000-000000000000'. Value 'ResultLastFullSyncTimeUtc', not set to '07/23/2021 14:35:04'
LogonUser failed with error code : 1008
AAD User check is failed, exception is System.ComponentModel.Win32Exception (0x80004005): An attempt was made to reference a token that does not exist
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.ImpersonateHelper.<DoActionWithImpersonation>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.DiscoveryService.<IsAADUserInternal>d
there is no registry entry for IntuneExtensionManager at location "HKLM\Software\Microsoft".
I need urgent help as we are not progressing on the UAT.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 5%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGR%3C/text%3E%3C/svg%3E)
