Forum Discussion
Created Autopilot Deployment Profile, MSP having issues enrolling devices into Entra
At my new job an MSP handles all of the device setup and it’s all done manually. I was tasked with setting up Autopilot and created a policy that is applied to a dynamic security group (autopilot devices) that adds devices with a specific group tag that is manually applied after enrollment. Part of the profile renames the device to “ABC-%serial%” which may or may not be important later.
I created a few configuration policies that are also only applied the “autopilot devices” group, a few scripts and deployed some apps that are set to required for the “autopilot devices” group. 2 of them are available for everyone in the Company Portal.
I imported the hardware hash of my test device and applied the group tag. Device pulled down the settings and apps and everything worked as expected. Apps installed, bitlocker enabled, timezone changed, etc.
Today the MSP emailed saying they’re unable to enroll a device into Entra (Add work or school account > join this device to Microsoft Entra ID). It would get stuck at Account Setup and he would have to restart the enrollment. He said he was able to get it to work after renaming the device from ABC123 to DEF123.. He did say that while the enrollment didn’t work for this device it did work for another one. I was able to enroll a device as well following the steps he followed with my device named ABC789 before enrollment.
Is there any way my autopilot testing would have caused an issue? I was pretty careful to only apply the profile to a specific security group. My test device was the only device enrolled with a hardware hash and a group tag. It was the only device listed under Enrollment. It’s interesting that he was able to enroll after renaming the device. I searched Entra and Intune and didn’t see any devices named ABC123 that could have prevented the enrollment.
I would appreciate any insight if my autopilot testing could have affected the MSP enrolling devices based off of what I described.
Thank you.
2 Replies
Hi, im new here, but i'll try and help if i can.
Are you saying that the device your MSP was trying to enroll was NOT in the autopilot group? Or that they were simply enrolling a user in to intune on an already configured windows device (not domain-joined at all)? Last time i looked MS only supported the 'wipe & load' method of device enrollment (ie autopilot).The device was not in autopilot. It was a brand new device. Vendor did not enroll it into our Intune. The MSP wasn't even aware I was doing autopilot testing. From how I understand it if a device is not listed on the enrollment page it doesn't exist as far as autopilot is concerned. I'm pretty sure autopilot didn't have anything to do with the issue he was having but I certainly could be wrong.
I've seen issues where apps fail to install when a device is domain joined but none of the I created are REQUIRED for any devices outside of my "Autopilot Devices" group. They're only made available in the Company Portal.
