Forum Discussion
Problems enrolling devices into Intune
Hi, We're deploying our machines to Intune, using a GPO. Most of the times everything works fine, but I still have about 300 machines which didn't get into Intune, and now we're analyzing why. A...
- Ensure Modern Auth is enabled in the Org settings under admin.microsoft.com
- Disable sec defaults
- Disable the classic per user MFA and use CA policies to enforce MFA instead
- Target all users all cloud apps all devices all locations with Grant and Require MFA via CA policy
- Exclude Break the Glass accounts (max 2 Break the glass accounts are fine) from the CA policy
- Exclude SMTP accounts from the CA policy or move SMTP traffic to a third party like SMTP2GO and then create a CA policy to block legacy auth all together in the tenant
- Disable all forms of legacy auth/basic auth the Org settings under admin.microsoft.com
- see again if Devices are now auto enrolling into Intune ~300 are quite high number and there has to be a good reason
Hi,
Thanks for the notes and tips. Some of those we are already implementing, but some of those mess with the users, so they need to be done carefully. And some might impact legacy stuff, which needs to be considered carefully.
On the meanwhile of course I would like to debug this cases so I can understand what is going on and try to fix it.
Thanks
Thanks for the notes and tips. Some of those we are already implementing, but some of those mess with the users, so they need to be done carefully. And some might impact legacy stuff, which needs to be considered carefully.
On the meanwhile of course I would like to debug this cases so I can understand what is going on and try to fix it.
Thanks