Forum Discussion

Iron Contributor

Apr 13, 2022

Problems enrolling devices into Intune

Hi, We're deploying our machines to Intune, using a GPO. Most of the times everything works fine, but I still have about 300 machines which didn't get into Intune, and now we're analyzing why. A...

Intune

aollivierre305

Copper Contributor

Apr 16, 2022

dmarquesgn

- Ensure Modern Auth is enabled in the Org settings under admin.microsoft.com

- Disable sec defaults

- Disable the classic per user MFA and use CA policies to enforce MFA instead

- Target all users all cloud apps all devices all locations with Grant and Require MFA via CA policy

- Exclude Break the Glass accounts (max 2 Break the glass accounts are fine) from the CA policy

- Exclude SMTP accounts from the CA policy or move SMTP traffic to a third party like SMTP2GO and then create a CA policy to block legacy auth all together in the tenant

- Disable all forms of legacy auth/basic auth the Org settings under admin.microsoft.com

- see again if Devices are now auto enrolling into Intune ~300 are quite high number and there has to be a good reason

dmarquesgn
Iron Contributor
Apr 18, 2022
Hi,

Thanks for the notes and tips. Some of those we are already implementing, but some of those mess with the users, so they need to be done carefully. And some might impact legacy stuff, which needs to be considered carefully.
On the meanwhile of course I would like to debug this cases so I can understand what is going on and try to fix it.

Thanks
- blaubach
  Copper Contributor
  Jul 28, 2022
  dmarquesgn Any update on this, I am having exactly the same issue you are. Thanks in advance!
  - Rudy_Ooms_MVP
    MVP
    Jul 29, 2022
    What error do you get? as that would be useful to begin with 🙂
    
    https://call4cloud.nl/2022/06/how-to-get-the-intune-enrollment-errors-outta-your-**bleep**/#part4