Forum Discussion
August Patch is breaking Intune Enrollment
We have received multiple Incidents where users reported that after the patch was installed they rebooted their Windows 11 Enterprise devices and presented with just LocalAdmin account. There was no ...
Hi... 🙂 .. always nice to hear such things.... but care to explain yourself a little bit more... as Intune Enrollment... aka autopilot or aka autopilot pre provisioning or just having a aadj device and enrolling it into intune 🙂
I am interested... that's for sure.. feel free to reach out on my twitter... (as being logged in on al these forums 😛 )
I am interested... that's for sure.. feel free to reach out on my twitter... (as being logged in on al these forums 😛 )
- As of a deployment of 5 surface pro 8s on Tuesday 8/16/2022 I am also having issues with Intune/autopilot enrollment. I keep looking at health to see if there is a known issue. New machines with Windows 11. Hashes were all uploaded and tags with profiles were assigned. 2 of 5 even got as far as renaming the device. NONE enrolled in intune but all are in AzureAD. I have been highly successful in the past with lots of deployments during covid where I never saw or touched the machine. I am not sure if Windows 11 or Surface Pro 8s are the issue or something else. The machines are in use but not being managed. I was able to ask one user to try enrolling using the company portal and he said no device was listed but when he tried to enroll it said his device was already enrolled. I have no screen shots...just an email from the user. Hopefully I can learn more next week. Are others having issues?
- The end users who are using those devices are they admin or standard users?
if they lock the laptop, are they getting Other user option on the lock screen?
If they navigate to HKLM-> Software-> Microsoft-> Enrollments. Are there Hexadecimal GUIDs available?
At last go to Settings->Accounts-> Access work or school-> Export your management logs file. In that log file check the Device management logs. if you find any thing there?Yes they are admins of their machines. Unfortunately I have no access to these devices. I do see them in active directory but they are grad students and in another state. I am not sure I will be able to get any of them to let me remote in. I will see if I can get a device log. All 5 grad students are unable to enroll via the Company Portal. The message they get is that they are already enrolled yet no device is listed.
- Yes, they are Autopilot devices but AADJ only
- Okay so no autopilot pre provisioninng (windows key 5 times etc etc) ... happen to know to which part it succeeds?
If you could run the wpr -start which I am explaining here
https://call4cloud.nl/2021/11/theres-someone-inside-your-etl/
You could determine where it breaks.. or send it to me (email address removed for privacy reasons) but if you send it to me .. also attach this zip
wget https://aka.ms/intuneps1 -outfile IntuneODCStandAlone.ps1
powerShell -ExecutionPolicy Bypass -File .\IntuneODCStandAlone.ps1- Sure, if we receive any other user's issue will share the details.
I would like to explain it a bit more, Those devices were in fine condition until yesterday before the patch was installed.
To get these logs, we need to log in to the laptop but so far it's 50% success for login. We tried pressing the SHift key + reboot, landed on the Advanced recovery options page, opened cmd tried running the command from there but it is not recognizing the LocalAdmin account.
We tried doing the system restore and uninstalling the update, but nothing is working on the Advanced recovery options page.
