Forum Discussion
Issues registering devices for certain users in Entra ID
Recently I've come across a very weird issue within Intune and Entra ID. We use Enterprise Mobility + Security E3 for all users that will be enrolling devices to Intune. Our organizations devices setting within Entra is set to Allow all users to register devices, and have up to 50 devices per user.
During initial setup for their IOS profiles, I used a test account with Microsoft Business standard license and Enterprise Mobility + Security E3. I was able to enroll the iPhone to Intune, and register the device by logging into the company portal app with no issues.
However, now that testing is complete, I started working with some of the management team to get their devices setup. Our first test user has enrolled the phone successfully to Intune, but when they login to company portal, the device does not register to their Entra account. I have verified they have the Microsoft Business standard license and Enterprise Mobility + Security E3. I even had them test using a personal device, and this is not registering to their profile either.
I am at a complete loss. It is important we get device registration working as we are wishing to use Conditional access to restrict non-registered devices from accessing O365 applications. Any help or guidance is greatly appreciated.
2 Replies
- Are you encountering any errors during the enrollment process? Please verify the Intune Device Platform restrictions and Device Limit restrictions on the Intune portal. Additionally, ensure that the Intune enrollment application is excluded from the Conditional Access policy that requires MFA or requires the device to be marked as compliant
Hello,
I will ask you to check the checklist below. I hope it will be useful.
Device Registration Limit:
You've mentioned that the device limit in Entra ID is set to 50 devices per user. Confirm that the affected users haven't reached this limit.
Sometimes a user may have old or unused devices still registered. You can check the user's registered devices in Azure AD and remove any old entries that might be preventing new registrations.
Conditional Access Policies:
Since you plan to use Conditional Access to restrict access for non-registered devices, ensure that there isn't an existing Conditional Access policy that might be blocking registration.
Review the Sign-in Logs in Azure AD to see if the registration attempts are being denied or interrupted by a policy, especially for specific users or device types.
Licensing Verification:
While you've confirmed that the user has Microsoft Business Standard and EMS E3, it’s important to double-check the Azure AD licensing section to ensure that the Intune license is assigned correctly.
Verify that both licenses are active and applied without any issues.
iOS Device-Specific Configuration:
Since you successfully registered the initial test iPhone device, but later iOS devices are having issues, it might be worth checking if there’s a difference in the iOS version or company portal app version between the devices.
Ensure that the latest Company Portal app is installed on all devices and that they meet Intune compliance policies.
Device Sync and MDM Enrollment:
Verify that the device is MDM-enrolled properly after registering in Intune. Sometimes, even though the device is enrolled, there can be a delay or issue syncing back to Azure AD.
You can manually trigger a sync from the Company Portal app and check for any error messages during enrollment.
Diagnostic Logs:
Use the Company Portal diagnostic logs on the affected devices to investigate further. These logs can sometimes reveal issues with communication between the device and Intune/Entra.
Have you tried using Azure AD Device Registration Troubleshooting Tool? It helps identify device registration and enrollment issues.
Remove and Retry: Try removing the device from Intune and re-enrolling it. Sometimes a fresh enrollment can resolve sync or registration issues.
Check Sign-In Logs: Use Azure AD sign-in logs to identify if there’s a Conditional Access policy blocking registration or if there are any failed attempts for the affected users.
Compliance Settings: Verify that the compliance settings for Intune are aligned with the user and device type. A non-compliant device might fail to show up in the user’s profile.
Best Regards,Ali Koc
