Forum Discussion

GoodNightVienna's avatar
GoodNightVienna
Copper Contributor
Mar 18, 2021
Solved

Enroll W10 devices automatically using Group Policy

Hi, I am testing W10 device auto-enrollment using GroupPolicy, following this article https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-gro...
Intune
  • NicklasAhlberg's avatar
    NicklasAhlberg
    Mar 19, 2021

    Hello GoodNightVienna!

     

    I recommend that you use this command to view the policies applied to a device (run from local device):

    1. Start CMD/PowerShell as an admin
    2. Run: RSOP.msc
    3. Navigate to the specific location as per your need

    As you are using Group Policies to enroll your devices I assume that you want your devices to be hybrid Azure AD-joined.

    • Are you using Azure AD Connect to sync your devices to Azure AD?
    • Are you synchronizing correct OU's in AD?
    • Are all the failing devices Windows 10 or do you have any down-level devices (W7, W8, W8.1)?

    I recommend below as part of your troubleshoot:

    1. Find a failing device in Azure AD and have a look at the "Registered" column. If you do not have a timestamp in the column, this would be your main issue which will mess up the MDM-enrollment as well.
    2. Have a look at this article to find more info about how you could troubleshoot the Azure AD Hybrid-Join issue: https://docs.microsoft.com/en-us/azure/active-directory/devices/troubleshoot-hybrid-join-windows-current
    3. Make sure that the MDM automatic enrollment settings are set correctly: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility
    4. Make sure that your end-users has an Intune license assigned

    Have a look at above and let us know if you require further help. I am happy to help.

     

    //Nicklas

     

Moe_Kinani's avatar
Moe_Kinani
Bronze Contributor
Mar 19, 2021
Hi GoodNightVienna,

I would check the perquisites for devices not joined, like Windows version, Intune License, Event Viewer.

Check this guide:

https://allthingscloud.blog/automatically-mdm-enroll-windows-10-device-using-group-policy/

Moe
  • GoodNightVienna's avatar
    GoodNightVienna
    Copper Contributor
    Mar 22, 2021
    Hi Moe_Kinani
    Thank you for your suggestion. Most of the prerequisites are ok but there are a few errors. I put the details in my reply to NicklasAhlberg. Any ideas to fix those would be appreciated. Thank you!

Resources