In the era of cloud-based device management, the Intune Management Extension (IME) stands as a cornerstone of Microsoft Intune's capabilities. This lightweight agent seamlessly integrates with Windows operating systems, empowering IT administrators to extend their management reach and enhance device compliance.

Table of Contents

What is the Intune Management Extension?

The Intune Management Extension is a crucial component of Microsoft Intune, an enterprise mobility management platform. It serves as a bridge between Intune and managed Windows devices, enabling seamless communication and data exchange. By installing the IME on Windows 10 and Windows 11 devices, IT administrators unlock a wide range of management capabilities, including:

  • Application deployment: Install, update, and uninstall applications directly from Intune, such as the win32 applications.
  • Remote PowerShell execution: Run PowerShell scripts remotely on managed devices to automate tasks and troubleshoot issues. This includes the script and remediation feature of Intune.
  • Compliance: Periodic compliance check. The compliance policy is configured in Intune and can include various predefined settings as well as custom compliance scripts, which are written in PowerShell.
  • Telemetry / Log collection: Collect device health and usage data to gain insights into device performance and user behavior.

Implementing Intune Management Extension

The implementation process for the Intune Management Extension is straightforward:
--> The IME will be automatically deployed to Intune managed devices during their provisioning process.

Most Asked Questions about the Intune Management Extension (IME)

There are numerous questions around the IME I've gotten asked a lot. Here's a brief summary of those.

How often does the IME sync?

By default, the IME syncs with Intune every 60 minutes.

However, you can configure the sync interval to be as frequent as every 15 minutes or as infrequent as every 6 hours. To change the sync interval, you can create a registry value named Interval under the HKLM\SOFTWARE\Microsoft\IntuneManagementExtension\Settings key. The value type is REG_DWORD, and the value data is the sync interval in seconds. For example, to set the sync interval to 15 minutes, you would create a value of 900 seconds (15 minutes * 60 seconds/minute).

Can I trigger a manual synchronization?

Yes, you can trigger a manual synchronization of the IME in different ways.

IME sync via Task Manager

The most convenient (if you're an admin) is via the Task Manager:

  1. Open the Task Manager.
  2. Find the Service "IntuneManagementExtension".
  3. Right click it...
  4. ... and hit Restart
Restart Intune Management Extension via Taskmanager

IME sync via the Company Portal

For standard users it can be hard / impossible to restart the service, but they can trigger a synchronization via the Company Portal.

  1. Open the Company Portal.
  2. (wait until the sing in process is completed)
  3. Hit Settings at the bottom of the sidebar.
  4. Click on the Sync button.
Intune Management Extension sync via the Company Portal

IME sync via the PowerShell

If you like to implement a synchronization in one of your scripts you can either restart the IME Service or use the following two commands:

# Sync Applications
$IME_sync = New-Object -ComObject Shell.Application

# Sync Compliance
$IME_sync = New-Object -ComObject Shell.Application
$"intunemanagementextension://synccompliance")Code language: PowerShell (powershell)

Where can I find logs from Intune and the IME?

The Intune Management Extension (IME) logs are located in the following folder:


Here's what you can expect from the main logfiles:

AgentExecutor.logLog that records the activities and execution details of PowerShell scripts, including Proactive Remediation packages.
AppActionProcessor.logLog containing information related to the processing of application actions, such as installations and uninstallations.
ClientHealth.logLog file tracking the health status and condition of the Intune client on the device.
DeviceHealthMonitoring.logLog that provides insights into the monitoring activities related to the overall health and status of the device.
HealthScripts.logLog specifically dedicated to logging events and outcomes related to health scripts executed by the Intune Management Extension.
IntuneManagementExtension.logMain log file for the Intune Management Extension, capturing general activities, errors, and information about the extension's operation.
Sensor.logLog file containing details about the various sensors and their activities within the Intune Management Extension.
Win32AppInventory.logLog file that maintains a record of the Win32 apps inventory process, providing information on the discovery and inventory of Win32 applications on the device.

What happens if a Win32 App installation fails?

If a Win32 app installation fails, the IME will retry the installation up to three times. If the installation still fails after three attempts, the IME will put the app in a queue and wait 24 hours before trying to install it again. This is called the Global Reevaluation Scheme (GRS) and is designed to prevent the IME from repeatedly trying to install apps that are known to fail.

How can I manually trigger a new Installation of a Win32 App?

To initiate a fresh installation of an application, you can remove the corresponding key from the application in the specified registry paths:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps\SID\AppGuid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps\SID\GRS\AppId

After deleting the app's key, restart the Intune Management Extension (IME) process. This will trigger a new installation attempt.

The easiest way to find the AppID of your win32 application is via the Intune Portal. Simply open your win32 app in Intune and locate the ID in the URL:

Intune win32 AppID


The Intune Management Extension plays a pivotal role in enhancing device management capabilities within Microsoft Intune. Its lightweight and powerful nature empowers IT administrators to centralize control, streamline tasks, and strengthen device security, all while improving the overall user experience. As organizations continue to embrace cloud-based EMM solutions, the IME's importance will only grow, enabling IT teams to manage and secure their device fleet with greater efficiency and effectiveness.