Enroll W10 devices automatically using Group Policy

Hello GoodNightVienna!

I recommend that you use this command to view the policies applied to a device (run from local device):

1. Start CMD/PowerShell as an admin
2. Run: RSOP.msc
3. Navigate to the specific location as per your need

As you are using Group Policies to enroll your devices I assume that you want your devices to be hybrid Azure AD-joined.

• Are you using Azure AD Connect to sync your devices to Azure AD?
• Are you synchronizing correct OU's in AD?
• Are all the failing devices Windows 10 or do you have any down-level devices (W7, W8, W8.1)?

I recommend below as part of your troubleshoot:

1. Find a failing device in Azure AD and have a look at the "Registered" column. If you do not have a timestamp in the column, this would be your main issue which will mess up the MDM-enrollment as well.
2. Have a look at this article to find more info about how you could troubleshoot the Azure AD Hybrid-Join issue: https://docs.microsoft.com/en-us/azure/active-directory/devices/troubleshoot-hybrid-join-windows-current
3. Make sure that the MDM automatic enrollment settings are set correctly: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility
4. Make sure that your end-users has an Intune license assigned

Have a look at above and let us know if you require further help. I am happy to help.

//Nicklas