Hybrid Azure AD joined device not enrolling into Intune

Hi,

Thanks for the detailed explanation. I’ve already gone through all the points you mentioned:

•MDM User Scope is correctly configured and includes the user.

•The Automatic MDM enrollment GPO (Enable automatic MDM enrollment using default Azure AD credentials) is applied to the correct OU.

•Licensing is verified – the user has a valid Intune license.

•Conditional Access:

 •I’ve excluded both the user and Microsoft Intune Enrollment from the CA policy that blocks device registration outside the network.

 •Even with these exclusions, the device still fails to enroll into Intune.

•Hybrid Azure AD Join status from dsregcmd /status looks correct.

In addition to the above, I’ve noticed:

•The Intune Management Extension (IME) service cannot be found on the device — there is no trace of the service at all.

•The GPO folders under C:\ProgramData\Microsoft\Windows\GroupPolicy\User appear completely empty, even though relevant GPOs should be applied.

Despite all this, the device becomes Hybrid Azure AD Joined but never proceeds with the Intune enrollment, and the logs still show EnrollmentUrl = (null).

Do you have any additional suggestions on what else I should check?