Forum Discussion

deep_gagan's avatar
deep_gagan
Copper Contributor
Apr 04, 2022

enroll azure ad joined devices into intune without user intervention and manual settings

Hi, is there any possibility to enroll azure ad joined devices into Intune without any user intervention and manually setting. Suppose there are 1000 azure ad joined devices on remote location, how c...
Intune
  • deep_gagan's avatar
    deep_gagan
    Copper Contributor
    Apr 06, 2022

    Hi Rudy_Ooms_MVP 

     

    I tried the third method from your suggesting link by manually executing PowerShell script, Its creating the registry at "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM" but my laptop is not getting enroll in Intune and neither its creating a schedule task.

    • Rudy_Ooms_MVP's avatar
      Rudy_Ooms_MVP
      MVP
      Apr 06, 2022
      Anything in the device management logs?
      What happens when running C:\Windows\system32\deviceenroller.exe /c /AutoEnrollMDM as system?
      • deep_gagan's avatar
        deep_gagan
        Copper Contributor
        Apr 06, 2022
        last log is giving this message "Should show EnrollmentStatusPage result. Device: (0x0) Result (0x0)." with event id 85.
        and till now I didn't run this ( C:\Windows\system32\deviceenroller.exe /c /AutoEnrollMDM ) command because I wanted to test that PowerShell script so that I can execute that remotely.

        And I also wanted to know about this content. Is it also the content of PowerShell script ? then I would try this script .
        $EnrollmentsPath = "HKLM:\SOFTWARE\Microsoft\Enrollments\"

        $Enrollments = Get-ChildItem -Path $EnrollmentsPath

        $DiscoveryServerFullUrls = @("https://wip.mam.manage.microsoft.com/Enroll")

        Foreach ($Enrollment in $Enrollments) {
        $EnrollmentObject = Get-ItemProperty Registry::$Enrollment
        if ($EnrollmentObject."DiscoveryServiceFullURL" -in $DiscoveryServerFullUrls ) {
        $EnrollmentPath = $EnrollmentsPath + $EnrollmentObject."PSChildName"
        Remove-Item -Path $EnrollmentPath -Recurse
        & "C:\Windows\System32\deviceenroller.exe /c /AutoEnrollMDM"
        }
        }

        Thanks,
        Gagandeep Singh
  • deep_gagan's avatar
    deep_gagan
    Copper Contributor
    Apr 04, 2022

    Hi Rudy_Ooms_MVP thanks for reply 

     

    Yes, those users are local admin and all the prerequisite are completed for enrollment.

    From your suggested methods I think the third method will be suitable for bulk enrollment but how can I execute that PowerShell script on multiple devices at one time because it will be very time consuming and frustrating to execute this script on 1000 or more devices.

    • Rudy_Ooms_MVP's avatar
      Rudy_Ooms_MVP
      MVP
      Apr 04, 2022

      Hi

      Assuming you don't have an additional RMM tool? You could convert this powershell script to a nice executable... zip it and email it to your end users?
      Tell them to unzip it and double click on it

      • deep_gagan's avatar
        deep_gagan
        Copper Contributor
        Apr 04, 2022
        Okay, I will try this tool. But, I am thinking to deploy this PowerShell script through cloud shell (from azure portal). I don't know it is possible or not and will be successful but if it works, there will be zero interference of users.

Resources