Forum Discussion
Conditional Access and -Online Device registration error
So there was an Issue creating new discussions yesterday and I ended up with a discussion with Heading only. :)
We're using the Get-WindowsAutopilotInfo.ps1 script with the -Online switch to register our Entra Joined Devices, and the process is being blocked by Conditional Access.
The sign-in logs point to Microsoft Graph Command Line Tools (App ID: 14d82eec-204b-4c2f-b7e8-296a70dab67e) as the blocker. Microsoft Support suggested whitelisting several apps, but unfortunately, that hasn’t resolved the issue—likely because the device doesn’t have the compliant state during online registration.
We’re currently evaluating whether a dedicated service account with scoped permissions for Autopilot enrollment might be a workaround.
Would be great to hear if anyone else has found a reliable solution.
1 Reply
Hy,
I didn't have this issue, I must admit, but normally the Microsoft Intune Enrollment app is excluded by default. Just check your Conditional Access policy one more time based on this.
https://learn.microsoft.com/en-us/autopilot/known-issues
Maybe as workaround try to enroll your devices from another network and apply this in your CA under Conditions | Locations | Exclude
Good luck!
