Forum Discussion
Some devices not registering with Intune
We recently completed a migration Microsoft 365 Exchange, all users now have either E5 or E3 licenses. Now that employees have licenses,
I was expecting machines to be added to Intune. The GPO was created months ago and worked in testing, and all of the items under Windows | Enrollment in Intune were validated.
About 40% of devices have been Intune registered, and this is far lower that I would expect by now. Any suggestions for troubleshooting?
Hy,
i suppose your Intune Tenant is already configured at this point, but check this to be sure:
https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/mdm-authority-set
Check for enrollment restrictions under Intune | Devices | Enrollment
Check also if you have a Conditional Access Policy that could block this, restrictions like device platform, OS version, or group membership.
Check also GPO inheritance is blocked, or devices aren’t in the correct OU.
Good luck!
3 Replies
Hi TomCSB,
A few things to double-check:
- Make sure the devices are syncing to Azure AD through AD Connect - if they’re not visible there, Intune enrollment won’t start.
- Confirm the MDM GPO is actually applied to all target machines (gpresult /r helps).
On one of the affected devices, check the registry:
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM
AutoEnrollMDM = 1
UseAADCredentialType = 1
- Ensure users sign in with their UPN and have a connection to Azure when logging in - dsregcmd /status will show if the device is joined and enrolled.
- Also, do you have SCCM or another management tool in place? Co-management settings can block auto-enrollment.
Let me know if this helps. Thanks.
Hy,
i suppose your Intune Tenant is already configured at this point, but check this to be sure:
https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/mdm-authority-set
Check for enrollment restrictions under Intune | Devices | Enrollment
Check also if you have a Conditional Access Policy that could block this, restrictions like device platform, OS version, or group membership.
Check also GPO inheritance is blocked, or devices aren’t in the correct OU.
Good luck!
Thank you Bogdan_Guinea . I checked those they are seem to be fine. The GPO applies to all user-machines and seems to be fine and the machines recognize the GPO. I don't very few enrollment failures under Devices | Enrollment > Enrollment failures. What I did notice though is that when I forced manual Windows updates on machines, that seems to have forced machines to enroll. Some needed a feature pack, others did not. It seems once feature pack 23H2 was installed, that did something so that the GPO was recognized and a reboot and some patience took care of it. Our patching system is supposed to push feature packs, but it does not always work due to size of them and machines being off. Hopefully it will work better with Intune. Thanks for the suggestions.
