Forum Discussion
Device enrolment issue/question
Hi Community, I have walked in a role where Intune/endpoint manager has been set up. This a cloud native environment no on premise nor config manager. I want to know if there is a way to enrol a devi...
Hi AMR_01,
You can take a look at Autopilot self deploying mode.
Windows Autopilot self-deploying mode (Public Preview) | Microsoft Docs
But for a correct answer, what is the goal you want to achieve, what is the reason why you don't want that the user has to log on with their work account on the device?
Kind regards,
Rene
Hi Mr_Helaas - Rene,
Thanks for replying, the real reason or two is i have one user who has a company PC (at home) and has logged in to his work account and the device shows up as Azure AD joined but fails to enrol into Endpoint Manager. The other reason is i have sent a machine direct from the manufacturer to the user and he has managed to login to his work account but the device is only AD registered and also not enrolled in to endpoint. Both are on the Enterprise Mobility + Security E3 license. I'm not sure where it has failed as there's no logs i can investigate so i thought the best way is to take it out of the user's hands to enrol? What do you think are the best options for me?
Thanks,,
Abs- Hi... I didnt read that part about azure ad joined devices that arent enrolled into intune. Thats something to look into...
My first guess would be the MDM scope , I am explaining the whole process and differences between aadj/aadr and mdm/mam scope
https://call4cloud.nl/2021/08/the-battle-between-aadj-and-aadr/
Were those license purchased before the devices were azure ad joined ? if so you will need to enroll them manually into mdm /intune
https://call4cloud.nl/2020/05/intune-auto-mdm-enrollment-for-devices-already-azure-ad-joined/Thanks - informative blogs.
I have a question about Auto Pilot. I managed to get 4k HH from HP and added them to the Auto Pilot devices but when it comes to doing an Auto Pilot reset it is not available:Going back to the device in Auto Pilot it shows it hasn't been enrolled and no MDM:
Any ideas why its not allowing me to perform a reset?
Hi AMR_01,
I think your best option is to fix the enrollment issue. Intune will help you with managing the company devices.
Can you check if your MDM enrollment settings are correct configured within Intune as I can see joining azure AD is not the problem, but only the enrollment in Intune.
Can you check also the enrollment restrictions and Device limit restrictions?
Autopilot will not fix your problem if you are not able to join your Intune environment. Autopilot will fix your AAD registered problem, but the enrollment needs to be fixed first.
You can find some logs in event viewer logged under Applications and Services Logs/Microsoft/Windows/DeviceManagement-Enterprise-Diagnostics-Provider
Did you already check this Microsoft doc page?
Troubleshooting Windows device enrollment problems in Intune - Intune | Microsoft Docs
Can you try to download the company portal app on a device and check if you are able logon and manage the device by your organization? Please upload a print screen or log files if you see any errors.
Kind regards,
Rene
- Thanks for your reply, doing some digging around and found that auto enrolment is confined to a group that only has one member in it to its down to the device owner to enrol. Have understood this correctly that if i set the scope to all every one that signs in the AAD with the correct license get auto enrolled? Or if it still on the device owner to go through the enrolment steps on the device ?
Hi AMR_01,
If the PC is connected to the internet and properly configured in Endpoint Manager to use Auto Pilot, the user shouldn't have problems enrolling the pc and showing in Endpoint Manager.
One thought, you can enroll the pcs with DEM account and then send it to the user. You just have to change the primary user after pc is enrolled and showing Compliant in Endpoint Manager.
Hope this helps!
Moe
Enroll devices using a device enrollment manager account - Microsoft Intune | Microsoft Docs
- Hi Moe, The PCs are not in Endpoint Manager and i dont have Auto Pilot configured. In our setup the PC is AAD joined before it is managed by Endpoint. I think i need to look into Auto Pilot to see if this can help me solve these non enrolment issues.
Thanks,
Abs
