I have a case opened with Broadcom, but wanted to cover this issue from all possible angles.
SMS Agent host service Disabled after 20H2 upgrade
![](https://techprofile.blob.core.windows.net/images/2ZL2cmQTs0W7kFI7__RU8Q.png?8D8987)
I am noticing that SMS agent host is getting disabled after a successful 20H2 OS upgrade. I am using an IPU with TS variable OSDSetupAdditionalUpgradeOptions to add /reflectdrivers to allow the automatic deployment to work with Symantec Encryption Desktop 10.4.2. MP5.
Also, after the OS upgrade completes, the provision mode is being left as TRUE which is also causing issues. The device doesn't check back in with MP and the TS never completes. This obviously affects are deployment compliance.
So far the workaround has been enabling the SMS agent host service, changing the provision mode to FALSE and doing a remediation of the Configmgr agent. Any idea why is this happening? Details on infrastructure -
CB 2010
Co-Managed with Defender policies applying from Intune.
Join type - Hybrid
One thing I have noticed is that if we decrypt the disks before the OS upgrade, then everything works. PGP team are refusing to support citing reasons that they only support manual installs and not mass scale installs through a 3rd party tool.