Spike in Intune IME Agent (Microsoft.Management.Services.IntuneWindowsAgent.exe) Crashes Linked to Versions 1.93 / 1.94

ControlUp’s anomaly-detection pipeline surfaced a dramatic increase in crashes originating from the Intune Management Extension (IME) process, Microsoft.Management.Services.IntuneWindowsAgent.exe. The spike aligned with the rollout of newer IME agent versions, initially observed with versions 1.93 and 1.94.

Subsequent analysis indicates that the crash trend has continued in later releases, including version 1.97, suggesting the issue was not isolated to a single build.

Crash telemetry shows that, in most affected environments, the faulting module is windowspackagemanager.dll, with the following versions most frequently implicated:

• 1.26.430.0
• 1.26.530.0
• 1.26.550.0

Beginning around August 1, daily crash volume increased sharply:

• Baseline: 1,500–2,000 crashes per day
• Current: 15,000+ crashes per day

IME is responsible for application deployments, PowerShell scripts, and proactive remediations. Instability in this component can therefore disrupt task execution and management reliability across managed endpoints, even if end users do not immediately notice visible failures.

Based on observed behavior and Microsoft’s servicing model, organizations should:

• Ensure the Intune Windows agent is allowed to auto-update across all managed endpoints
• Verify that devices are running IME versions newer than 1.94, as older builds show the highest initial spike
• Monitor crash trends after each IME update to validate stability improvements
• Review correlations involving windowspackagemanager.dll, including version distribution across affected devices

Because the IME agent is continuously updated by Microsoft, manual rollback is typically not sustainable. Ongoing monitoring is recommended to ensure newer agent versions reduce crash frequency as fixes are rolled out incrementally.

This finding highlights the operational risk of failures in foundational management agents that update silently and operate continuously in the background. Even when auto-updated, regressions can propagate quickly across large device populations.

ControlUp will continue tracking this crash pattern globally and share updates as new insights emerge. If you are observing IME instability tied to specific agent or module versions, sharing that data helps refine impact assessment and accelerate resolution.