Forum Discussion

fbatuns's avatar
fbatuns
Copper Contributor
Jun 12, 2025
Solved

Intune Re-Enrollment Registry Key "MmpcEnrollmentFlag"

Hey there,

In the last few weeks, we encountered issues with clients (Entra Hybrid Joined) losing their Intune connection after setting an incorrect group policy. Although the group policy change was quickly reverted, about 10 clients were removed from Intune. I attempted to re-enroll these clients using various methods (MEMC Co-management, GPO, Scheduled Task, and even using psexec to directly start auto-enrollment), but the enrollment process consistently failed with the following error under Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider\Enrollment:

Auto MDM Enroll: Device Credential (0x1), Failed (Bad request (400).)

and/or following in CoManagementHandler.log

Failed to get management URL with error 0x80070002

Eventually, I discovered a registry key that was not present on the working clients:

Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments

Value: MmpcEnrollmentFlag

Data: 0x00000002

After deleting this key and restarting the enrollment, everything worked immediately.

I am curious about how and why this registry key is created and what its function is.

Looking forward to your input.

autoenroll
comanagement
Entra
HybridJoin
Intune
MEMCM
mobile device management (mdm)
  • Bogdan_Guinea's avatar
    Bogdan_Guinea
    Jun 15, 2025

    Hy,

    this is provided due to the Intune enrollment or a multiple Key via a CSP Policy deployment (MMP-C AKA Declared Configuration Enrollment ) which i suppose is not your case due to hybrid.

    The "Value: MmpcEnrollmentFlag with Data: 0x00000002"  indicates that the device is successfully enrolled in MDM/Intune.

    You can basically have multiple Keys and Entry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments.

    Good luck!

2 Replies

Sort By
  • Bogdan_Guinea's avatar
    Bogdan_Guinea
    Iron Contributor
    Jun 17, 2025

    fbatuns​ 

    Hy,

    Please remember to close or solve this case so that we can understand if the answer was clear and helped you to understand/solve this case/problem. Thx 😜

    Good luck!

  • Bogdan_Guinea's avatar
    Bogdan_Guinea
    Iron Contributor
    Jun 15, 2025

    Hy,

    this is provided due to the Intune enrollment or a multiple Key via a CSP Policy deployment (MMP-C AKA Declared Configuration Enrollment ) which i suppose is not your case due to hybrid.

    The "Value: MmpcEnrollmentFlag with Data: 0x00000002"  indicates that the device is successfully enrolled in MDM/Intune.

    You can basically have multiple Keys and Entry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments.

    Good luck!

Resources