Forum Discussion

ColtinZ's avatar
ColtinZ
Copper Contributor
Oct 25, 2024

Issues registering devices for certain users in Entra ID

Recently I've come across a very weird issue within Intune and Entra ID. We use Enterprise Mobility + Security E3 for all users that will be enrolling devices to Intune. Our organizations devices set...
azure
configuration
microsoft intune
Alikoc's avatar
Alikoc
MCT
Oct 25, 2024

Hello,
I will ask you to check the checklist below. I hope it will be useful.
Device Registration Limit:
You've mentioned that the device limit in Entra ID is set to 50 devices per user. Confirm that the affected users haven't reached this limit.
Sometimes a user may have old or unused devices still registered. You can check the user's registered devices in Azure AD and remove any old entries that might be preventing new registrations.
Conditional Access Policies:
Since you plan to use Conditional Access to restrict access for non-registered devices, ensure that there isn't an existing Conditional Access policy that might be blocking registration.
Review the Sign-in Logs in Azure AD to see if the registration attempts are being denied or interrupted by a policy, especially for specific users or device types.
Licensing Verification:

While you've confirmed that the user has Microsoft Business Standard and EMS E3, it’s important to double-check the Azure AD licensing section to ensure that the Intune license is assigned correctly.
Verify that both licenses are active and applied without any issues.
iOS Device-Specific Configuration:

Since you successfully registered the initial test iPhone device, but later iOS devices are having issues, it might be worth checking if there’s a difference in the iOS version or company portal app version between the devices.
Ensure that the latest Company Portal app is installed on all devices and that they meet Intune compliance policies.
Device Sync and MDM Enrollment:

Verify that the device is MDM-enrolled properly after registering in Intune. Sometimes, even though the device is enrolled, there can be a delay or issue syncing back to Azure AD.
You can manually trigger a sync from the Company Portal app and check for any error messages during enrollment.
Diagnostic Logs:

Use the Company Portal diagnostic logs on the affected devices to investigate further. These logs can sometimes reveal issues with communication between the device and Intune/Entra.
Have you tried using Azure AD Device Registration Troubleshooting Tool? It helps identify device registration and enrollment issues.
Remove and Retry: Try removing the device from Intune and re-enrolling it. Sometimes a fresh enrollment can resolve sync or registration issues.
Check Sign-In Logs: Use Azure AD sign-in logs to identify if there’s a Conditional Access policy blocking registration or if there are any failed attempts for the affected users.
Compliance Settings: Verify that the compliance settings for Intune are aligned with the user and device type. A non-compliant device might fail to show up in the user’s profile.
Best Regards,

Ali Koc

Resources