Forum Discussion
PPKG didn't join device in Intune, although it should
AzureAD joined device via PPKG didn't enroll in Intune | Microsoft Community Hub → an old reference I seem to have the same problem. So before the tipp comes up. Yes I configured the MDM scope. ...
Let's troubleshoot this Intune device enrollment issue systematically:
- Preliminary Checks:
- Confirm MDM scope is set to "All"
- Verify the user creating the token has:
- Proper Intune licenses
- Azure AD joining permissions
- Enrollment rights
- Diagnostic Steps:
# Check current MDM information
Get-MsolCompanyInformation | Select-Object *mdm*
# Verify Intune enrollment status
Get-MsolDevice -All | Where-Object {$_.DeviceTrustType -eq "Azure AD Joined"}
- otential Troubleshooting Areas:
- Recent Microsoft Updates: Check if there were any Intune or Azure AD Connect updates in late November/early December
- Verify Conditional Access policies
- Check Azure AD join and Intune enrollment logs:
- Windows Event Viewer → Applications and Services Logs → Microsoft → Windows → DeviceManagement-Enterprise-Diagnostics-Provider
- Microsoft Intune management extension logs
- Azure AD Connect sync logs
- Additional Verification:
# Check device registration status
dsregcmd /status
# Verify Intune enrollment
Start-Process "ms-device-enrollment:?mode=mdm"
- Common Causes to Investigate:
- Token validity
- Licensing changes
- Conditional Access policy modifications
- Network/proxy configuration alterations
- Unexpected Windows updates