When configuring Intune MDM for your Microsoft 365 Business Premium tenant, you may want to have a Hybrid Azure AD Join setup in order to manage domain-connected devices.
The guiding article you’ll probably start off with to accomplish this is Enable domain-joined Windows 10 devices to be managed by Microsoft 365 Business Premium.
The steps are good, but there are a couple challenges you could encounter:
- In Step 4 when you run the PowerShell command “Install-Module SecMgmt” you get an error: the term install-module is not recognized.
To resolve this for Server 2012r2 you install the Windows Management Framework 5.1 and you can use this TechNet article as a guide: PowerShell Install-Module: The term ‘Install-Module’ is not recognized.
- After the update to 5.1, you may re-run the command Install-Module SecMgmt and you get a little further: “NuGet provider is required to continue PowerShellGet requires NuGet provider version ‘220.127.116.11’ or newer to interact with NuGet-based repositories. The NuGet provider must be available in ‘C:\Program Files\PackageManagement\ProviderAssemblies’ or ‘C:\Users\<username>\AppData\Local\Packagemanagement\ProviderAssemblies’. You can also install the NuGet provider by running ‘Install-PackageProvider -Name NuGet -MinimumVersion 18.104.22.168 -Force’. Do you want PowerShellGet to install and import the NuGet provider now?
When you answer YES you might get a warning “WARNING: Unable to download from URI ‘https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409’ to ”. WARNING: Unable to download the list of available providers. Check your internet connection.” and then a bunch of red error text for the failed install.
These warnings are triggered by MS recent change to TLS 1.2 (and blocking of 1.0 and 1.1 connections altogether) for the PowerShell Gallery. Research shows there may be a way to set the PS instance to use 1.2 (see note below) but I was able to get the provider file needed by simply following the blocked link using a web browser:
– Open a Browser window and input the URI https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409 which then redirects to https://onegetcdn.azureedge.net/providers/providers.masterList.feed.swidtag
– You’ll see XML there with the link for the latest (as of this writing) version of NuGet at https://onegetcdn.azureedge.net/providers/nuget-22.214.171.124.package.swidtag
– That link allows you to download the NuGet dll, which you will place in either ‘C:\Program Files\PackageManagement\ProviderAssemblies‘ or ‘C:\Users\<username>\AppData\Local\Packagemanagement\ProviderAssemblies‘. I placed it in both locations for good measure.
– Once the file is in place, go back to PowerShell and run: ‘Install-PackageProvider -Name NuGet -MinimumVersion 126.96.36.199 -Force‘
- With NuGet installed, you’d think you could now re-run Install-Module SecMgmt, but you’d be wrong. You probably will get the error: Packagemanagement\Install Package : No match was found for the specified search criteria and module name ‘SecMgmt’. Try Get-PSRepository to see all available registered module repositories. then a bunch of red error text for the failed install.
– Try this: Run PowerShell command “Register-PSRepository -Default”
– Then Run command “Install-Module SecMgmt” again. You should get a message about this being an untrusted repository, and saying YES to this will bring you back to where you were in the MS instructions for enabling domain-joined MDM on business premium.
NOTE: Not sure if you’ll need to use this or not, but in the course of troubleshooting I saw and used this command in PowerShell which is supposed to set the PS instance to use TLS 1.2:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
You can use it just before you run any of the install commands. Works on 2012r2.
On Windows 10, this series of commands worked for getting modules installed:
::SecurityProtocol [ ]::SecurityProtocol [ ]::Tls12
Here are useful sites whose writers helped me in the course of troubleshooting that aren’t linked above: