Forum Discussion

sidhinsasi's avatar
sidhinsasi
Copper Contributor
Mar 21, 2023
Solved

Best way to join AzureAD devices to Intune

Any suggestions on best way to join AzureAD devices to Intune.   Users do not have admin access and are synced from Onpremises to AAD. I need to have zero user interaction as I am using RMM tool t...
Intune
mobile device management (mdm)
  • Rudy_Ooms_MVP's avatar
    Rudy_Ooms_MVP
    Mar 21, 2023

    almost as if it is looking for the proper version ..32/64 .... that's odd.. changing the path to sysnative instead isnt working also???? also  .... tanium 🙂 we can always blame mister niehaus... right 😉

sidhinsasi's avatar
sidhinsasi
Copper Contributor
Mar 21, 2023
unfortunately getting same error here also with deviceenroller.exe

2023-03-21T17:40:50Z|CommandLine: cmd.exe /d /c powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NonInteractive -NoProfile -File "USA-deviceenroller.ps1"
Start-Process : This command cannot be run due to the error: The system cannot find the file specified.
At C:\Program Files (x86)\Tanium\Tanium Client\Downloads\Action_641716\USA-deviceenroller.ps1:1 char:22
+ ... ntProcess = Start-Process -FilePath "C:\Windows\System32\DeviceEnroll ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
Rudy_Ooms_MVP's avatar
Rudy_Ooms_MVP
MVP
Mar 21, 2023

almost as if it is looking for the proper version ..32/64 .... that's odd.. changing the path to sysnative instead isnt working also???? also  .... tanium 🙂 we can always blame mister niehaus... right 😉

  • sidhinsasi's avatar
    sidhinsasi
    Copper Contributor
    Mar 23, 2023

    Rudy_Ooms_MVP 

     

    thanks Rudy. i was able to get it working after tweaking the deploy method in Tanium 🙂 

    • Rudy_Ooms_MVP's avatar
      Rudy_Ooms_MVP
      MVP
      Mar 23, 2023

      sidhinsasi 

       

      nice to hear ! Could you explain what you die change? For people experiencing the same issue

      • sidhinsasi's avatar
        sidhinsasi
        Copper Contributor
        Mar 23, 2023

        Rudy_Ooms_MVP 

        First ran the Option 3 (Powershell) in your solution

        $registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM"
        New-Item -Path $registryPath
        $Name = "AutoEnrollMDM"
        $Name2 = "UseAADCredentialType"
        $value = "1"
        new-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
        new-ItemProperty -Path $registryPath -Name $name2 -Value $value -PropertyType DWORD -Force | Out-Null

         

        Then ran the earlier script

         

        $key = 'SYSTEM\CurrentControlSet\Control\CloudDomainJoin\TenantInfo\*'
        $keyinfo = Get-Item "HKLM:\$key"
        $url = $keyinfo.name
        $url = $url.Split("\")[-1]
        $path = "HKLM:\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\TenantInfo\$url"
        New-ItemProperty -LiteralPath $path -Name 'MdmEnrollmentUrl' -Value 'https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc' -PropertyType String -Force -ea SilentlyContinue;
        New-ItemProperty -LiteralPath $path -Name 'MdmTermsOfUseUrl' -Value 'https://portal.manage.microsoft.com/TermsofUse.aspx' -PropertyType String -Force -ea SilentlyContinue;
        New-ItemProperty -LiteralPath $path -Name 'MdmComplianceUrl' -Value 'https://portal.manage.microsoft.com/?portalAction=Compliance' -PropertyType String -Force -ea SilentlyContinue;

        Finally

        C:\Windows\system32\deviceenroller.exe /c /AutoEnrollMDM

        And it was very quick I should say