Forum Discussion
Intune Enrollment with Autopilot
I need some help please. I'm trying to get Autopilot and Intune working in our environment. We have a goal of all new corporate devices to be Azure AD joined only and to be managed by Intune.
Ive got Autopilot test device working of sorts so it eliminates pretty much most of the OOBE, apart from the user having to select their locale and keyboard settings. The issue I have is that the device isn't being enrolled into Intune and therefore not receiving apps, configuration etc. I started off by importing the deviceID into Autopilot Devices without assigning it to a user account. I thought this would be OK as when the device is delivered to thge user you will need to make sure the user received their assigned device which may be a issue. When the device went through OOBE it got to the desktop but no apps or configuration was being applied. I checked the device and it wasn't enrolled into Intune either.
I tried the same process again, but this time assigning the device to my user account. Again all went OK with the OOBE but again no apps, config and again not enrolled into Intune.
I've checked the Intune enrollment setting and for MDM I have the MDM user scope set to "Some" and a group has been assigned. In both tests the device is a member of the group. In fact all my apps, profiles, enrollment pages etc. are all assigned the the one group that the device is a member of.
I'm basically stuck and not sure what I have missed. I don't want to switch the MDM user scope to "All" yet as I think that will then allow all my corporate devices to enroll.
Has anyone got any advice as to what could be wrong? One thing I havent completed yet is the MDM CNAME setup in my tenant and in public DNS, could this be the issue?
Thanks in advance.
2 Replies
One thing I havent completed yet is the MDM CNAME setup " 🙂 My advice configure the mdm cname and try again
I am also missing the enrollment status page in your question... (OOBE it got to the desktop) it should show you the enrollment status page 🙂 so if you have configured that one, please do- Apologies for the late response, Ive been on holiday.
So I got the CNAME records for MDM setup yesterday and it still doesn't seem to work. I imported my device into the Autopilot devices list and assigned it to my user account. The device and my user account are a member of a Autopilot test group, AZ-SG-AutoPilot-Test, that has been assigned to the following:
Enrollment Status Page, using the default one but with some changes:
Show app and profile configuration progress: Yes
Show an error when installation takes longer than specified number of minutes@ 60
Show custom message when time limit or error occurs: Yes
Error message: "Setup could not be completed. Please try again or contact your support person for help."
Turn on log collection and diagnostics page for end users: Yes
Only show page to devices provisioned by out-of-box experience (OOBE): No
Block device use until all apps and profiles are installed: Yes
Allow users to reset device if installation error occurs: Yes
Allow users to use device if installation error occurs: No
Only fail selected blocking apps in technician phase: No
Block device use until required apps are installed if they are assigned to the user/device:
*** Cisco Secure Endpoint ***
*** Manage Engine Endpoint Central Agent ***
I've setup a Autopilot Deployment Profile:
Deployment mode: User-Driven
Join to Azure AD as: Azure AD joined
Language (Region): User select
Microsoft Software License Terms: Hide
Privacy settings: Hide
Hide change account options: Hide
User account type: Standard
Allow pre-provisioned deployment: No
Apply device name template: Yes
Enter a name: MA%SERIAL%
Assignments:
Included groups: AZ-SG-AutoPilot-Test
Excluded groups:
Scope tags:
All my apps have been assigned to the same group "AZ-SG-AutoPilot-Test". So I reset my test device, and it started the OOBE, The deployment profile seems to have run as it only asked me to set my keyboard / language settings. and it changed my computer name to MA%SERIAL%. After a couple of reboots I got my desktop. I didnt see an Enrollment Status Page not did it block my access while the two apps specified were installed. I checked the Intune console and I couldn't see my device as being enrolled. It did appear in Azure AD as a Autopilot device.
I just cant seem to get Autopilot to enroll my device in Intune. I've tried to simplify everything by only using one group to which my user account and my device are assigned to. Any ideas?
