Forum Discussion

drivesafely's avatar
drivesafely
Brass Contributor
Jan 20, 2025

Intune bulk enrollment issue with package

Hello,   We are encountering an issue while trying to enroll a device in Microsoft Intune within a Windows 10/11 workgroup environment.   Using Windows Configuration Designer, we created a provisio...
Bulk enrollment
Entra
Intune
Ankido's avatar
Ankido
Iron Contributor
Jan 21, 2025

Hi drivesafely,

 

 

Possible Solution
The error 0xCAA2000C (interaction_required) clearly indicates that Multi-Factor Authentication (MFA) is required, which is preventing the enrollment process.

Resolution Methods:
Change MFA Setting to Enabled (not Enforced):

1- If MFA is set to "Enforced," it will always be required, which blocks the device from enrolling without user interaction.
By changing the MFA setting to "Enabled" but not "Enforced," the device can enroll without immediately requiring MFA.
Follow the documentation for configuration: Microsoft Entra Multi-Factor Authentication.

 


2- Temporarily Disable MFA During Enrollment:

You can temporarily exclude MFA during enrollment by configuring Trusted IPs:
Add your network location (e.g., your organization's IP addresses) to the Trusted IPs list in Microsoft Entra.
Steps:
Go to Azure AD > Security > Conditional Access > Named Locations and add the trusted IP addresses.

Please feel free to reach out if this doesn’t work.

  • drivesafely's avatar
    drivesafely
    Brass Contributor
    Jan 26, 2025

    Hello Ankido,

    Thanks for your response.

    I was able to resolve by modifying the CA policy for MFA which was applied to all users. i added a dynamic group to its exclusions, containing a query that matches user account that starts with 'package_'.

Resources