Forum Discussion
Intune Fresh Start for new user doesn't re-enroll in EntraID or Intune?
I have a Win 11 device that I performed the Fresh Start (without retaining data option checked). It was removed from EntraID Devices and Intune. I gave the laptop to a new user for OOBE setup and assumed it would re-enroll in as an EntraID device with that users as the Primary User and continue with Intune management / configuration. It seems this is not the case, the new users signed in this morning but I don't see the device as an Entra ID device or in Intune. This doesn't make sense that an Entra ID account was used to setup from OOBE but the device isn't enrolled. Obviously, my logic was flawed in thinking this was a clean way to repurpose a laptop, but how do I get this device back into EntraID / Intune?
6 Replies
It sounds like you're dealing with an issue related to re-enrollment after performing a Fresh Start on a Windows 11 device. Here's a step-by-step approach to address this:
1. Verify Azure AD Join Status: First, confirm that the device is Azure AD joined. You can do this by going to Settings > Accounts > Access work or school, and checking if the device is connected to your organization's Azure AD. If it’s not, you'll need to manually join it again.
2. Manual Re-enrollment: Sometimes, after a Fresh Start, devices don't automatically re-enroll in Intune, especially if certain conditions are missed during setup. You can manually re-enroll the device by navigating to Settings > Accounts > Access work or school > Enroll only in device management, and then sign in with the user's Entra ID account to link the device to Intune.3. Check Auto Enrollment Settings: Ensure that auto-enrollment is enabled for your organization in Azure Active Directory and Intune. This is configured under Devices > Enroll devices > Automatic enrollment in Intune. If this setting is not correctly configured, the device won’t automatically enroll.
4. Review Fresh Start Implications: The Fresh Start process can sometimes clear out key provisioning packages or management certificates needed for Intune re-enrollment. In such cases, it's best to either manually enroll the device or perform a full device reset to ensure the OOBE process includes Intune enrollment.
5. Device Reprovisioning: If the manual steps above don't work, you might need to consider resetting the device to factory settings again and going through the Out of Box Experience (OOBE) to ensure proper setup. During OOBE, make sure that the user selects "Set up for work or school" and uses their Entra ID account.
If you’ve found these steps helpful and are looking for more IT management tips or troubleshooting guides, feel free to check out related articles on BOMBitUP, where we cover a wide range of topics on device management and optimization.
I hope this helps get your device back into Entra ID and Intune!
cmiarshvac We always use the Wipe option (without keeping enrollment) from Intune when redeploying a laptop to another employee. It works most of the time from Intune, but occasionally we have to run Reset this PC on the device. The laptop then gets re-enrolled in Intune when the employee goes through the Autopilot setup. Someone recently shared this graphic with me, and it is the best I've seen to help understand the various options and when to use them.
- I love this graphic. Thank you for sharing your process. I appreciate it.
- If you are curious about what reset option fits you best (and those graphics are based on this blog below)
https://call4cloud.nl/2021/04/retire-wipe-reset-fresh-start/#7_Summary
- We have not had much success with wiping devices through Intune and have been reloading Windows using a boot drive.
Try reloading Windows manually and not through Intune, after deleting the device within Intune. Then sign the new user in with the work account and the device should re-enroll. Seems when wiping through Intune that there are orphaned artifacts from the prior enrollment preventing full re-enrollment on the next user. We have had 100% success with manually reloading Windows.- I'll try that. I have faith that someday I'll be able to wipe and redeploy using Intune, I just don't know the correct incantation yet. Thanks for the response.
